cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Hartle <>
Subject Re: xml-signature
Date Sun, 17 Feb 2002 15:10:55 GMT
Jason Foster wrote:

>> What about a SigningTransformer and a VerifyingTransformer ? The 
>> SigningTransformer would then sign the referenced portions as the 
>> last transformer in a pipeline; the VerifyingTransformer would check 
>> the signatures as the first transformer, either passing the correct 
>> content through or somehow marking the content or signature as 
>> invalid. I hope I understood the spec correctly so far; I guess that 
>> the specification does not apply to other content than serialized XML.
> My take on the specification, but I can't claim perfect understanding, 
> is that it covers signing any kind of content.  Quoting from the 
> Introduction:
>> XML Signatures can be applied to any digital content (data object), 
>> including XML. An XML Signature may be applied to the content of one 
>> or more resources. Enveloped or enveloping signatures are over data 
>> within the same XML document as the signature; detached signatures 
>> are over data 
>> external to the signature element. 
You are right, you can sign any digital content, but the signature 
itself is detached, not contained in these non-xml binary formats; 
understood - the example at shows 
a signature for

> For enveloped signatures, your suggestion should work fine.  The trick 
> seems to be how to handle detached signatures.

We could handle it like X/CIncludeTransformers work, letting the 
SignatureTransformer fire up on something like

<sig:sign src="http://some.external.doc/to/be/sig.ned">
    <sig:DigestMethod Algorithm=""/>

That way it would be possible to both sign an arbitrary resource and 
portions of the already generated content, via an XPath expression for 

Best regards,

Michael Hartle,
Hartle & Klug GbR

To unsubscribe, e-mail:
For additional commands, email:

View raw message