W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: XMLDSIG proposal: enveloped signatures, xpath and here()

From: TAMURA Kent <kent@trl.ibm.co.jp>
Date: Mon, 24 Jul 2000 15:54:56 +0900
Message-Id: <200007240654.PAA19490@ns.trl.ibm.com>
To: w3c-ietf-xmldsig@w3.org
Cc: Merlin Hughes <merlin@baltimore.ie>

In message "XMLDSIG proposal: enveloped signatures, xpath and here()"
    on 00/07/17, Merlin Hughes <merlin@baltimore.ie> writes:
> After implementing the transforms from WD-xmldsig-core-20000711
> I have been left with some conceptual troubles over the
> specification of the enveloped signature and XPath transforms;
> and, in particular, here().

These troubles are the same as I wrote in the following mail:
	> Date: Mon, 3 Jul 2000 14:16:06 +0900
	> From: TAMURA Kent <kent@trl.ibm.co.jp>
	> To: w3c-ietf-xmldsig@w3.org
	> Subject: Transform I/O is a sequence of octets


In message "XMLDSIG proposal: enveloped signatures, xpath and here()"
    on 00/07/17, Merlin Hughes <merlin@baltimore.ie> writes:
> If the latter, then why not eliminate the here()
> function and replace it with an XPath variable that
> corresponds to the Id of the Signature.
> 
> The resulting XPath definition of the enveloped signature 
> transform would be:
> 
> <XPath xmlns:dsig="&dsig;">
>   (//. | //@* | //namespace::*)
>     [not(ancestor-or-self::dsig:Signature[attribute::Id=$signature-id])]
> </XPath>

I prefer this proposal.  This is simpler and easier to implement
than here().

-- 
TAMURA Kent @ Tokyo Research Laboratory, IBM
Received on Monday, 24 July 2000 02:55:42 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT