Skip Headers
Oracle® Application Server Release Notes
10g ( for Linux on POWER

Part Number B32083-06
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

8 Oracle Security Developer Tools

This chapter describes issues associated with Oracle Security Developer Tools. It includes the following topics:

8.1 General Issues and Workarounds

This section describes general issue and workaround. It includes the following topic:

8.1.1 Oracle XML Security Does Not Handle the InclusiveNamespaces Tag

This bug relates to a parameter used to create a signature with Oracle Security Developer Tools.

An XML Signature can use either Inclusive or Exclusive Canonicalization to canonicalize the Reference or the SignedInfo:

  • In Inclusive Canonicalization, all the specified and inherited namespaces are written out.

  • In Exclusive Canonicalization, only namespaces that are actually used are written out.

The behavior of Exclusive Canonicalization can be modified by specifying the InclusiveNamespaces parameter, which is a list of namespaces that are exceptions, that is, namespaces which should be written out even if they are not used.

Because of this bug, the InclusiveNamespaces parameter is ignored when used for canonicalizing the SignedInfo (but considered when canonicalizing a reference). As a result, when you use the Oracle XML Security API of Oracle Security Developer Tools to create a signature that uses the InclusiveNamespaces parameter, the signature value will be computed incorrectly. Similarly, when you verify a signature that uses the InclusiveNamespace parameter, the verification will incorrectly return a false.