At 16:45 2000-07-07 -0700, Kevin Regan wrote: > >Is it necessary to have the: > >http://www.w3.org/2000/02/xmldsig#enveloping-signature > >algorithm? Can't this simply be implied? When would you >not want to exclude the enveloped Signature element from >the canonicalization step? It seems like additional >complexity that is not really needed. It isn't necessary for external or enveloped Signatures. Having it implied buys little but potential ambiguity. Consider the behavior of a canonicalization algorithm where this is implied and one is dealing with nested enveloped/enveloping Signatures. John's approach of distinguishing between evaluating-expressions-as-transforms, such as Signature's enveloping signature: <XPath xmlns:dsig="&dsig;"> (//. | //@* | //namespace::*) [ count(ancestor-or-self::dsig:Signature | here()/ancestor::dsig:Signature[1]) > count(ancestor-or-self::dsig:Signature) ] </XPath> or canonicalization's internal/default: (//. | //@* | //namespace::*)[not(self::comment())] ) and actual node-set ordering to UTF-8 conversion is quite slick IMHO. _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/Received on Friday, 7 July 2000 21:47:11 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT