santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <>
Subject RE: Can I set the BaseURI to empty?
Date Tue, 14 Aug 2007 15:25:38 GMT
> I'll rephrase my question: How do I sign and verify Documents that I only
> have as Java objects, because they are retrieved via Java deserialisation? In
> particular, what is the BaseURI expected to be in such cases?

That depends on how the Signature relates to the content. Is it enveloped, enveloping, or

The BaseURI doesn't matter in enveloped or enveloping cases, only the URI in the Reference
element matters. The signature constructor takes a base URI, for which I use an empty string
to prevent anything inadvertent from happening. The addDocument method creates References,
and I use a fragment identifier there ("#foo"). If you don't use IDs, you'd use an empty string
and then add XPath other transforms.

> Sorry for all these questions and demand on your time, but XML Security
> needs more documentation, quite badly, I think.
These libraries just aren't set up for novices. Mine aren't either. Documentation takes a
lot of effort and not one person who has ever complained about it ever donates any back, so
that kind of says it all. At least there are some samples here. That's more than I bother
to do.

-- Scott

View raw message