OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Signature Transforms

The example is incorrect. The ds:Transforms element should include two (2) ds:Transform
elements. The first must have an algorithm of http://www.w3.org/2000/09/xmldsig#enveloped-signature:

	<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
	  <Transform 
             Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
	  <Transform
		Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
                  <XPath>
                      not(ancestor-or-self::eb:TraceHeaderList or
                      ancestor-or-self::eb:Via)
                 </XPath>
          </Transform>
	</Transforms>

as per the spec language at line 2027-2030 of the v1.0 spec.

Cheers,

Chris

David Fischer wrote:
> 
> Hi Ralph,
> 
> Remember in Vienna when we went back and forth on whether it is necessary to
> create a transform to exclude the Signature element?  I'm still not sure. . .
> 
> http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/
> 
>        <Reference URI="">
>          <Transforms>
>            <Transform
>              Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
>              <XPath xmlns:dsig="&dsig;">
> 
> not(ancestor-or-self::dsig:Signature)
>              </XPath>
>            </Transform>
>          </Transforms>
>          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>          <DigestValue>. . .</DigestValue>
>        </Reference>
> 
> This seems to have a Transform excluding the Signature element.  However, in our
> example on page 54 we have:
> 
>        <ds:Reference URI="">
>             <Transforms>
>                 <Transform
> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
>                   <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
>                               not(ancestor-or-self::eb:TraceHeaderList or
>                       ancestor-or-self::eb:Via)
>                  </XPath>
>                  </Transform>
>              </Transforms>
>          <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
>          <ds:DigestValue>...</ds:DigestValue>
>        </ds:Reference>
> 
> We don't exclude the Signature in the Transform.  In Vienna, we decided that
> this happened automatically, can you confirm?
> 
> Regards,
> 
> David Fischer
> Drummond Group.
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC