Fwd: W3C XML Digital Signature Object Element Processing Issue

fyi, potential specification clarification?

Begin forwarded message:

From: ext deepak <deepak@infraware.co.kr<mailto:deepak@infraware.co.kr>>
Date: December 14, 2010 11:19:20 PM EST
To: "public-webapps@w3.org<mailto:public-webapps@w3.org>" <public-webapps@w3.org<mailto:public-webapps@w3.org>>
Subject: W3C XML Digital Signature Object Element Processing Issue

Hello There,
I am writing to you on the behalf of my company Infraware Inc. We are in the business of making Web Runtime and Browsers for Smartphones and other mobile devices. We are based in Seoul, Korea (South). I got your email address from your webpage. Currently me and my team are involved in the development of a Web Runtime and we are facing difficulties in validating the XML Digital signatures. We thought and hope you could help us in this regard.

We are able to successfully verify the <Reference> element in case it is referencing to a URL of an external resource but we are unable to do so if it is pointing to an <Object> identifier within the same document (Same Document URI References). For Example ;-

<Reference URI="#prop">
   <Transforms>
    <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
   </Transforms>
   <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
   <DigestValue>uMzc/pTgtDSq0iydCNGiIX/4Q68bAJrGl/1eohZoyUI=</DigestValue>
</Reference>

<Object Id="prop">
  <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
   <SignatureProperty Id="profile" Target="#DistributorSignature">
    <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
   </SignatureProperty>
   <SignatureProperty Id="role" Target="#DistributorSignature">
    <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/>
   </SignatureProperty>
   <SignatureProperty Id="identifier" Target="#DistributorSignature">
    <dsp:Identifier>w3c-testsuite-id-ta-5-5a</dsp:Identifier>
   </SignatureProperty>
  </SignatureProperties>
</Object>

We performed the transformation based on the Canonicalization algorithm mentioned in the transform element, but digest value that we obtain after applying the digest algorithm does not match to the given digest value. We suspect that we are not able to figure out the content to be digested correctly. Should the content to be canonicalized start from <Object Id = “prop”> and end at </Object> or should it start from <SignatureProperties> and end </SignatureProperties>.
We would really appreciate if you could help us with this problem by giving some explanation about the process.
Thank you for taking time to read this mail.

Best Regards,

________________________________
[cid:image001.png@01CB9C5A.AEEA6E20]<http://www.infraware.co.kr/>
  Deepak Tyagi
  Mobile Business Div./ R&D Team 2
  3,4,8F Bando B/D 48-1 Banpo-dong Seocho-gu,Korea
  T 82 2 6190 7936   F 82 2 535 0478   M 82 10 2642 9623   E deepak@infraware.co.kr<mailto:vsceo@infraware.co.kr>   H www.infraware.co.kr<http://www.infraware.co.kr/>

Received on Monday, 20 December 2010 17:04:47 UTC