[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Signature Transforms
David: The example starting on line 2045 is not consistent with the description on lines 2027 - 2036. I think there should be an enveloped-signature transform in the example to exclude the ds:Signature element. The enveloped signature transform is defined as follows in http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/: 6.6.4 Enveloped Signature Transform Identifier: http://www.w3.org/2000/09/xmldsig#enveloped-signature An enveloped signature transform T removes the whole Signature element containing T from the digest calculation of the Reference element containing T. The entire string of characters used by an XML processor to match the Signature with the XML production element is removed. The output of the transform is equivalent to the output that would result from replacing T with an XPath transform containing the following XPath parameter element: <XPath xmlns:dsig="&dsig;"> count(ancestor-or-self::dsig:Signature | here()/ancestor::dsig:Signature[1]) > count(ancestor-or-self::dsig:Signature)</XPath> -Arvola -----Original Message----- From: David Fischer <david@drummondgroup.com> To: Ralph Berwanger <rberwanger@bTrade.com> Cc: ebXML Msg <ebxml-msg@lists.oasis-open.org> Date: Friday, August 24, 2001 8:27 AM Subject: Signature Transforms Hi Ralph, Remember in Vienna when we went back and forth on whether it is necessary to create a transform to exclude the Signature element? I'm still not sure. . . http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/ <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <XPath xmlns:dsig="&dsig;"> not(ancestor-or-self::dsig:Signature) </XPath> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>. . .</DigestValue> </Reference> This seems to have a Transform excluding the Signature element. However, in our example on page 54 we have: <ds:Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> not(ancestor-or-self::eb:TraceHeaderList or ancestor-or-self::eb:Via) </XPath> </Transform> </Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <ds:DigestValue>...</ds:DigestValue> </ds:Reference> We don't exclude the Signature in the Transform. In Vienna, we decided that this happened automatically, can you confirm? Regards, David Fischer Drummond Group. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC