Re: Detached signature of non-sibling elements (?)

Hi,

• Detached Signatures are completely disjoint from the signed data 
objects. Detached signatures are disjoint from the signed data objects 
and may lie within the same document or in a separate file.

When more than one <ds:Reference>s (or XPointer URI fragments) are used, 
then combinations of the different forms with respect to the data 
objects/<ds:Reference> can be achieved.

BR
Konrad Lanz

Explanation:

To be precise when talking about Signature Forms - such as enveloped, 
enveloping or detached - makes only sense with respect to *one* 
(ds:Reference/@URI ; data object) tuple. So a <ds:Signature> can only be 
detached with respect to a <ds:Reference> when its URI refers to a 
node-set that is completely disjoint[1] 
<en.wikipedia.org/wiki/Disjoint_sets> from <ds:Signature>s node-set.

Hence I wrote a few years back ...

https://online.tu-graz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=90836#nameddest=subsection.2.4.1.2
> • Detached Signatures are completely disjoint from the signed data object.
> Detached signatures are disjoint from the signed data object and may 
> lie within the same document as
> the data object or in a separate file.
> When XPointer URI fragments or more <ds:Reference>s than one are used 
> then combinations of these
> different forms with respect to the data objects can be achieved.


[1] http://en.wikipedia.org/wiki/Disjoint_sets

-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
http://jce.iaik.tugraz.at

Received on Thursday, 28 August 2014 09:32:54 UTC