- From: Scott Cantor <cantor.2@osu.edu>
- Date: Mon, 6 Sep 2010 13:08:04 -0400
- To: "'Meiko Jensen'" <Meiko.Jensen@ruhr-uni-bochum.de>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>
> Since the 2.0 mode disallows all kinds of transforms besides the new > selection-c14n-v10n transform, how do we cope with enveloped signatures > (and the enveloped-signature-transfom) in that case? Does a developer > have to explicitly add an appropriate XPath expression in ExcludedXPath > for the ds:Signature element? how does that one look like? > "<ExcludedXPath> //ds:Signature </ExcludedXPath>" ? Is this streamable? > Is this discussed somewhere in the spec / the best practices? I didn't > find anything on a quick review.... I think what I was assuming would happen was that the c14n interface would include an option to specify a signature node that would be excluded, as an allowance for the fact that the main use case for c14n was signing. I don't think that was done though, and I imagine that's DOM specific. If the only SAX friendly way to do it is with an XPath anyway, it's probably pretty immaterial whether it's an exclusion like any other, or a special one. I would not want to see XPath made a requirement to handle enveloped signatures, as my use cases are enveloped signatures using ID references with DOM, and don't require an XPath processor at all. (I know you weren't necessarily saying we had to, just wanted to be clear about my requirements.) We should probably create an issue for this. -- Scott
Received on Monday, 6 September 2010 17:08:39 UTC