santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Bishop <bisho...@gmail.com>
Subject Re: Resolver Issues with Enveloped Signature?
Date Wed, 16 Mar 2011 17:06:31 GMT
The specification doesn't say anything about using the ID attribute as a URI
reference point.  Maybe this is covered in a more generic XML document?  The
XPath usage is somewhat explained, although there's no example.

http://www.w3.org/TR/xmldsig-core/#sec-URI

On Wed, Mar 16, 2011 at 12:53 PM, Cantor, Scott E. <cantor.2@osu.edu> wrote:

> > OK, I've dug through each and every bit of sample code and unit tests
> > supplied with Santuario.  I'm still not finding what I need.  The samples
> sign
> > an entire document as enveloped, not a subsection of a document.
>
> I'm not sure why reading the specification isn't sufficient, but the answer
> is, you either sign via ID attribute references (which has issues with
> wrapping attacks and ID recognition, but may be fine) or you sign something
> else and then apply an XPath transform to the result to subset the actual
> node set to sign. That's safer but more complex and requires XPath support
> (not a problem in Java, big problem in C++).
>
> -- Scott
>
>
>

Mime
View raw message