Enveloped Signature Transform from Pavel Zavora on 2002-02-01 (w3c-ietf-xmldsig@w3.org from January to March 2002)

From: Pavel Zavora <zavora@systinet.com>
Date: Fri, 1 Feb 2002 04:51:20 -0500 (EST)
To: <w3c-ietf-xmldsig@w3.org>
Message-ID: <00d001c1ab05$f60f0450$4b00000a@in.idoox.com>

Dear XML Working Group,

I have to solve the following problem with the Enveloped Signature Transform.

According to the definition of the here() function and XPATH predicate defined in
http://www.w3.org/Signature/Drafts/xmldsig-core/#sec-EnvelopedSignature
subchapter, it is clear that enveloped signature signs/verifies "all" but not self.
Is it also possible to sign/verify the same XML document by using more than one enveloped signatures?

Example:
<test:a ...>
  ...
  <ds:Signature ... >...</ds:Signature> <!-- first signature refers to test:a -->
  <ds:Signature ... >...</ds:Signature> <!-- second signature refers also to test:a -->
</test:a>

Both of these signatures contain enveloped transform and refer to the same "test:a" element.
According to the specification the first signature should sign the second one and the second one should sign the first.
The same problem arise during verification phase. Is there any reccomendation for this case?

Regards
   Pavel
  
Pavel Zavora
Software Developer, Systinet (formerly Idoox)
http://www.systinet.com

Received on Friday, 1 February 2002 08:42:56 UTC