问题
I have a piece of XML that I am attempting to sign then verify which uses relative namespaces:
<Organization>
<OrganizationName xmlns:_xml="xml" _xml:lang="en">name</OrganizationName>
<OrganizationDisplayName xmlns:_xml="xml" _xml:lang="en">name</OrganizationDisplayName>
<OrganizationURL xmlns:_xml="xml" _xml:lang="en">http://www.example.com/</OrganizationURL>
</Organization>
OpenSAML throws the following exception:
org.apache.xml.security.c14n.CanonicalizationException: Element OrganizationName has a relative namespace: _xml="xml"
Why are relative namespaces considered bad? Surely the parser could just resolve the namespace when parsing the true value?
EDIT: found some more information
The Namespaces in XML 1.1 document states under section 2.2:
This deprecation of relative URI references was decided on by a W3C XML Plenary Ballot [Relative URI deprecation]. It also declares that "later specifications such as DOM, XPath, etc. will define no interpretation for them".
This was voted for on the Ballot on relative URI References.
回答1:
When the namespaces spec was being hammered out, there were two schools of thought: one group thought that a namespace name should just be a name (a string of characters chosen simply for uniqueness), the other group thought that it should identify some resource on the web providing a description of the contents of the namespace: perhaps a schema, perhaps something else. Now, if it's just a string of characters, then any string will do. But if it's the location of a resource, then you would expect a relative reference to be resolved against the base URI of the element where it appears. At this point there was no room for compromise between the two schools of thought, and rather than deciding in favour of one group or the other, W3C decided that relative URIs as namespace names should not be allowed - except it was too late to disallow them, so they were deprecated instead.
来源:https://stackoverflow.com/questions/45769529/xml-why-are-relative-namespaces-considered-to-be-invalid