|Oracle® Application Server Release Notes
10g (10.1.4.0.1) for IBM zSeries Based Linux
Part Number B32086-06
This chapter describes issues associated with Oracle Security Developer Tools. It includes the following topics:
This section describes general issue and workaround. It includes the following topic:
This bug relates to a parameter used to create a signature with Oracle Security Developer Tools.
An XML Signature can use either Inclusive or Exclusive Canonicalization to canonicalize the Reference or the SignedInfo:
In Inclusive Canonicalization, all the specified and inherited namespaces are written out.
In Exclusive Canonicalization, only namespaces that are actually used are written out.
The behavior of Exclusive Canonicalization can be modified by specifying the
InclusiveNamespaces parameter, which is a list of namespaces that are exceptions, that is, namespaces which should be written out even if they are not used.
Because of this bug, the
InclusiveNamespaces parameter is ignored when used for canonicalizing the SignedInfo (but considered when canonicalizing a reference). As a result, when you use the Oracle XML Security API of Oracle Security Developer Tools to create a signature that uses the
InclusiveNamespaces parameter, the signature value will be computed incorrectly. Similarly, when you verify a signature that uses the
InclusiveNamespace parameter, the verification will incorrectly return a false.