doubt on XWS signature syntax

From: Alessio Cervellin <>
Date: Tue, 5 Apr 2005 10:51:52 +0200 (CEST)

My endpoint, which has signature requirement, is receiving a signed soap message (probably from a .NET platform) which can't be validated.
By analizing it, I discovered this is due to the syntax of some security tags which are not being accepted from XWS.

First issue:
incoming message's BinarySecurityToken block looks like this:

<wsse:BinarySecurityToken xmlns:wsu="" EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" ...

XWS doesn't accept it, but if I change the wsu namespace declaration and the EncodingType/ValueType attributes to the following format it works fine:

<wsse:BinarySecurityToken xmlns:wsu="" EncodingType="" ValueType="" ...

- which wsu namespace declaration is valid according to the OASIS WSS specification? (I'd say the second one, so 1 point to XWS)
- Which EncodingType/ValueType declaration is valid? I've some doubt... shouldn't "wsse:X509v3" be equivalent to "" ? (since the wsse namespace is correctlty declared befoire in the wsse:Security tag)

Second issue:
incoming message's Signature block looks like this:
      <Signature xmlns="">
          <CanonicalizationMethod Algorithm=""></CanonicalizationMethod>
          <SignatureMethod Algorithm=""></SignatureMethod>

And XWS doesn't find it... if I change it to the following, it works fine:
      <ds:Signature xmlns:ds="">
          <ds:CanonicalizationMethod Algorithm=""></ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm=""></ds:SignatureMethod>

I just added the "ds" prefix...
- which of the above syntax is correct? Shouldn't XWS accept both?

Thanks for you help.