- From: Kevin Regan <kevinr@valicert.com>
- Date: Wed, 12 Jul 2000 12:07:21 -0700 (PDT)
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: w3c-ietf-xmldsig@w3.org
When signing a portion of an XML document (and Element and its children), it is necessary to have the entire document in order to determine the namespace declarations of the parents of the Element. An XML Signature represents only a portion of a document. Once the Signature element and its children are created, it will be inserted somewhere in an XML document. Therefore, it may not be known in advance what the parent Element of the Signature element will be. My question is, when canonicalizing the Signature element to compute the SignatureValue, is it necessary to include the namespace declarations of the parents of the Signature element. If so, it is necessary to know where in the enclosing XML document that the newly generated signature will be inserted. --Kevin > This is done such that you can move a signature and ensure its namespace > context is taken with it. > > > What I'm not exactly clear on > >is if this applies to the actual Signature element for the signature > being > >created. > > I don't quite follow... > > >I don't think that it does (I don't believe that you need to > >look at the parent elements of the Signature element to determine > their > >namespace declarations)? Is this correct? If not, wouldn't it mean > that > >the insertion point for the Signature element must be known in advance > so > >that these declarations can be obtained? Are there any differences > for > >detached, enveloped, or enveloping signatures? > > What do you mean known in advance? > > > _________________________________________________________ > Joseph Reagle Jr. > W3C Policy Analyst mailto:reagle@w3.org > IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/ >
Received on Wednesday, 12 July 2000 15:07:24 UTC