W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2010

EnvelopedSignature in Dsig2.0

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sat, 16 Oct 2010 17:29:46 -0700 (PDT)
Message-ID: <919e8abc-a188-43e7-a106-f19494dcd949@default>
To: public-xmlsec@w3.org
Meiko had said that it is not very clear how to do Enveloped Signatures in Dsig 2.0.

 

 

We already had this

6.7.1 Selection Type="http://www.w3.org/2010/xmldsig2#xml"

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-Type-xml

 

"EnvelopedSignature: "true" or "false". Whether the current signature should be excluded from the selection. 

Note: The parameter EnvelopedSignature may be removed, because in an enveloped signature, sign an EnvelopedSignature without excluding the signature itself."

 

We need to decide if we are going to remove it.

 

 

I also added this line in section "6.8 "2.0 Mode" Canonicalization Algorithms" in the Oct 16th draft.

"Note: The input passed to Canonicalization must always exclude the current <Signature> node. I.e. the <Signature> must be passed as one of the exclusion elements. This is equivalent to always having an implicit Enveloped Signature Transform. "

 

And this one too  in section "4.4.3.8 The dsig2:Selection Element"

"In the first case, the current Signature node must be added as an exclusion, even if it is not explicitly excluded by the Selection"

 

 

Pratik

 

 

 

 
Received on Sunday, 17 October 2010 00:31:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 17 October 2010 00:31:35 GMT