Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 5692 invoked from network); 14 Aug 2007 15:26:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Aug 2007 15:26:07 -0000 Received: (qmail 79138 invoked by uid 500); 14 Aug 2007 15:26:04 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 79122 invoked by uid 500); 14 Aug 2007 15:26:04 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 79111 invoked by uid 99); 14 Aug 2007 15:26:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Aug 2007 08:26:04 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=MSGID_MULTIPLE_AT,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [128.146.216.81] (HELO defang1.it.ohio-state.edu) (128.146.216.81) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Aug 2007 15:25:58 +0000 Received: from defang10.it.ohio-state.edu (defang10.it.ohio-state.edu [128.146.216.79]) by defang1.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id l7EFPadZ029336 for ; Tue, 14 Aug 2007 11:25:36 -0400 Received: from bytor ([128.146.243.100]) by defang10.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id l7EFPadU026701 for ; Tue, 14 Aug 2007 11:25:36 -0400 From: "Scott Cantor" To: References: <200708131646.07770.ralph-xmlsecurity@ralphholz.de> <00a401c7ddcb$b26101f0$172305d0$%2@osu.edu> <200708141121.24753.ralph-xmlsecurity@ralphholz.de> In-Reply-To: <200708141121.24753.ralph-xmlsecurity@ralphholz.de> Subject: RE: Can I set the BaseURI to empty? Date: Tue, 14 Aug 2007 11:25:38 -0400 Organization: The Ohio State University Message-ID: <005101c7de87$5e12cc70$1a386550$@2@osu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-index: AcfeVPRDDw926n5/Qu+aMLwSCQExfQAMPzCQ Content-language: en-us X-Spam-Score: 1.40 (*) [Tag at 4.50] MSGID_MULTIPLE_AT X-CanItPRO-Stream: outbound X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.81 X-Virus-Checked: Checked by ClamAV on apache.org > I'll rephrase my question: How do I sign and verify Documents that I = only > have as Java objects, because they are retrieved via Java = deserialisation? In > particular, what is the BaseURI expected to be in such cases? That depends on how the Signature relates to the content. Is it = enveloped, enveloping, or detached? The BaseURI doesn't matter in enveloped or enveloping cases, only the = URI in the Reference element matters. The signature constructor takes a = base URI, for which I use an empty string to prevent anything = inadvertent from happening. The addDocument method creates References, = and I use a fragment identifier there ("#foo"). If you don't use IDs, = you'd use an empty string and then add XPath other transforms. > Sorry for all these questions and demand on your time, but XML = Security > needs more documentation, quite badly, I think. =09 These libraries just aren't set up for novices. Mine aren't either. = Documentation takes a lot of effort and not one person who has ever = complained about it ever donates any back, so that kind of says it all. = At least there are some samples here. That's more than I bother to do. -- Scott