- From: <edsimon@xmlsec.com>
- Date: Thu, 2 Aug 2001 12:43:25 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: reagle@w3.org, bdournaee@rsasecurity.com, w3c-ietf-xmldsig@w3.org
I think if XPath could be used to return a nodeset that excludes certain attribute nodes, then what you have suggested would fit in. I remain curious, as an academic exercise, as to whether there exists such a single XPath expression. Perhaps something like "node()[not (NodeType(attribute) and (name()="URI") and parent::dsig:Reference)]" is getting closer. Ed -- Original Message -- > >Hi Ed, > >r/edsimon@xmlsec.com/2001.08.02/10:57:14 >>I'd certainly be keen to see the full working XPath expression if someone >>wants to take up the challenge. Merlin's suggestion, by itself, is not >>the whole solution but only part as it returns a boolean, not nodes. > >Blake asked for something to put in an XPath transform; >our XPath transform does a boolean test of each node in >the node set against its expression. > >So, you are right; what I suggested is not a general >XPath expression for selecting all of a document but >its URI attributes; XSLT is the tool for that job. >But, it is a suitable test expression for our XPath >transform to perform this task. > >I think. (sometimes) > >Merlin > >>In general, XPath is good at selecting nodes but was not really intended >>for removing subnodes. With current tools, I'd say removing subnodes is >>best done with XSLT. >> >>BTW, the XSLT I've presented below does actually do the trick. >> >>Ed >>-- Original Message -- >> >>> >>>I'd guess that something like not ((name() =3D "URI") and parent::dsig:R= >>eference) >>>might work. >>> >>>merlin >>> >>>r/edsimon@xmlsec.com/2001.08.02/09:37:38 >>>>>>This would allow me to change the URI without altering the validity >>of >>>>the >>>>>>signature. >>>>> >>>>>If it's being used in the Canonical XML context, remove the '//@*' fro= >>m: >>>>> (//. | //@* | //namespace::*) >>>> >>>> >>>>Correct me if I'm wrong but wouldn't the above remove ALL attributes, >>not >>>>just the one Blake wants removed. >>>> >>>>I'm not sure that there is an XPath solution but the solution in XSLT >>would >>>>look like this: >>>> >>>> >>>><?xml version=3D"1.0" encoding=3D"UTF-8"?> >>>><xsl:stylesheet version=3D"1.0" >>>> xmlns:xsl =3D"http://www.w3.org/1999/XSL/Transform" >>>> xmlns:xmlsig=3D"http://www.w3.org/2000/09/xmldsig#"> >>>> >>>><!-- Identity transform --> >>>><xsl:template match=3D"@*|node()"> >>>> <xsl:copy> >>>> <xsl:apply-templates select=3D"@*|node()"/> >>>> </xsl:copy> >>>></xsl:template> >>>> >>>> >>>><!-- Skip the Reference/@URI attribute --> >>>><xsl:template match=3D"xmlsig:Reference/@URI" priority=3D"2"/> >>>> >>>> >>>></xsl:stylesheet> >>>> >>>> >>>>-------------------------------------------------- >> >> >>-------------------------------------------------- >>Ed Simon >>XMLsec Inc. >> >>Interested in XML Security Training and Consulting services? Visit "www.= >>xmlsec.com". >> >> > > >----------------------------------------------------------------------------- >Baltimore Technologies plc will not be liable for direct, special, indirect > >or consequential damages arising from alteration of the contents of >this >message by a third party or as a result of any virus being passed on. > >In addition, certain Marketing collateral may be added from time to time >to >promote Baltimore Technologies products, services, Global e-Security or >appearance at trade shows and conferences. > >This footnote confirms that this email message has been swept by >Baltimore MIMEsweeper for Content Security threats, including >computer viruses. > http://www.baltimore.com > > ----------------------------------------------------------------------------------------------- Ed Simon XMLsec Inc. Interested in XML Security Training and Consulting services? Visit "www.xmlsec.com".
Received on Thursday, 2 August 2001 12:44:43 UTC