2nd (merged) Proposal for restructured basic processing.

[Stefan Drees <stefan@drees.name>]

Nick, Konrad and all,

what about this merged version:

"""
3.3 Basic Processing for XML Signatures
A DSS server that produces XML signatures SHOULD perform the following 
steps, upon receiving a <SignRequest>.
These steps may be changed or overridden by procedures defined for the 
optional inputs (for example, see section 3.5.5), or by the profile or 
policy the server is operating under.
The ordering of the <Document> elements inside the <InputDocuments> MAY 
be ignored by the server.
1.	For each <Document> in <InputDocuments> not referenced by optional 
inputs the server MUST perform the following steps:
a.	In the case of <Base64XML>, the server base64-decodes the data 
contained within <Document> into an octet string. This data MUST be a 
well formed XML Document as defined in clause 2.1 of [Schema1].
i.	Processing continues with step b for an external RefURI.
ii.	For a same-document ReferenceURI the server parses the octet stream 
to NodeSetData (see clause 4.3.3.3 of [XMLSig]).
b.	The data is processed and tranforms applied by the server to produced 
a canonicalized octet string as required in clause 4.3.3.2 of [XMLSig].
Note: As required in [XMLSig] if the end result is an XML node set, the 
server MUST attempt to convert the node set back into an octet stream 
using Canonical XML [XML-C14N].
c.	The server forms a <ds:Reference> with the elements and attributes 
set as follows:
i.	If the <Document> has a RefURI attribute, the <ds:Reference> 
element’s URI attribute is set to the value of the RefURI attribute, 
else this attribute is omitted.
A signature MUST NOT be created if more than one RefURI is omitted in 
the set of input documents.
ii.	If the <Document> has a RefType attribute, the <ds:Reference> 
element’s Type attribute is set to the value of the RefType attribute, 
else this attribute is omitted.
iii.	The <ds:DigestMethod> element is set to the hash method used.
iv.	The <ds:DigestValue> element is set to the hash value that is to be 
calculated as per [XMLSig].
v.	The <ds:Transforms> element is set to the sequence of transforms 
applied by the server in steps a and b. This sequence MUST describe the 
effective transform as a unique procedure from parsing until hash.
2.	References resulting from processing of optional inputs MUST be 
included. In doing so, the server MAY reflect the ordering of the 
<Document> elements.
3.	The server creates an XML signature using the <ds:Reference> elements 
created in Step 1.c, according to the processing rules in [XMLSig].
"""

All the best,
Stefan.