cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Foster <>
Subject Re: xml-signature
Date Sun, 17 Feb 2002 14:34:39 GMT
> What about a SigningTransformer and a VerifyingTransformer ? The 
> SigningTransformer would then sign the referenced portions as the last 
> transformer in a pipeline; the VerifyingTransformer would check the 
> signatures as the first transformer, either passing the correct content 
> through or somehow marking the content or signature as invalid. I hope I 
> understood the spec correctly so far; I guess that the specification does 
> not apply to other content than serialized XML.

My take on the specification, but I can't claim perfect understanding, is 
that it covers signing any kind of content.  Quoting from the Introduction:

> XML Signatures can be applied to any digital content (data object), 
> including XML. An XML Signature may be applied to the content of one or 
> more resources. Enveloped or enveloping signatures are over data within 
> the same XML document as the signature; detached signatures are over data 
> external to the signature element.

For enveloped signatures, your suggestion should work fine.  The trick 
seems to be how to handle detached signatures.

I think the only solution is to develop a generator that:

   1) requests an arbitrary resource from somewhere (within the sitemap; 
outside world; etc.)
   2) generates the xml-signature document
   3) sends this new document down the pipeline

This shouldn't (hopefully) be too hard as we already (I think) have the 
ability to request information from the outside world (the aggregation 


Jason Foster

To unsubscribe, e-mail:
For additional commands, email:

View raw message