santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <canto...@osu.edu>
Subject RE: How to sign a sub-tree
Date Wed, 08 Aug 2007 15:21:36 GMT
 
> And I reference it by:
> 
> sig.addDocument(BaseURI+"#pdpaId", transforms,
> Constants.ALGO_ID_DIGEST_SHA1);

Yes, if the signature is detached. If it's in the same document, the reference is just a bare
fragment.

> Do you mean that - would that select the subtree if both the attribute
> name and attribute value "pdpaId" occur only once in the document?

An XML ID has to be unique in a document, by definition. The parser has to expose it as an
ID attribute, and the only way to do that is with a schema on hand or using DOM3 calls manually.

The signature code just calls getElementByID, so that has to return the proper node.

It is much harder for the underlying XML code to manage IDs, but it is much easier for the
relying party to understand the result. That's the trade off. You do the work in the foundation
or in the application.

> I said "Schema-aware" above but actually I meant my parsers know the XML
> they work on, not that I have an XSD defined - would the XSD be needed or is
> it enough that the attribute is unique?

Uniqueness is beside the point, IDness is what matters.

-- Scott



Mime
View raw message