santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: doubt with enveloped signature concept
Date Tue, 08 Jan 2008 22:43:29 GMT
Michael McIntosh wrote:
> Francisco Sepulveda <shepu_2002@hotmail.com> wrote on 01/08/2008 02:55:46
> PM:
> 
>> Michael, if i understand right the http://www.remote-server.com/file.doc
>> by definition (w3c) is a detached signature because it point to a
>> "thing" located external to the signature itself
> 
> "Enveloped or enveloping signatures are over data within the same XML
> document as the signature; detached: signatures are over data external to
> the signature element."
> 
> The problem is that you do not know whether file.doc is the XML document
> containing the Signature. Essentially:
> <Reference URI="http://www.remote-server.com/file.doc">
> might be equivalent to:
> <Reference URI="">

In that case, there should also be an explicit XPath Transform that 
removes the Signature element from the document before it is 
canonicalized and digested. I don't think you can use the Enveloped 
Transform because (I think) it requires the input to be a node-set of 
the Signature's document.

--Sean

Mime
View raw message