EnvelopedSignature in Dsig2.0 from Pratik Datta on 2010-10-17 (public-xmlsec@w3.org from October 2010)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sat, 16 Oct 2010 17:29:46 -0700 (PDT)
To: public-xmlsec@w3.org
Message-ID: <919e8abc-a188-43e7-a106-f19494dcd949@default>

Meiko had said that it is not very clear how to do Enveloped Signatures in Dsig 2.0.

 

 

We already had this

6.7.1 Selection Type="http://www.w3.org/2010/xmldsig2#xml"

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-Type-xml

 

"EnvelopedSignature: "true" or "false". Whether the current signature should be excluded from the selection. 

Note: The parameter EnvelopedSignature may be removed, because in an enveloped signature, sign an EnvelopedSignature without excluding the signature itself."

 

We need to decide if we are going to remove it.

 

 

I also added this line in section "6.8 "2.0 Mode" Canonicalization Algorithms" in the Oct 16th draft.

"Note: The input passed to Canonicalization must always exclude the current <Signature> node. I.e. the <Signature> must be passed as one of the exclusion elements. This is equivalent to always having an implicit Enveloped Signature Transform. "

 

And this one too  in section "4.4.3.8 The dsig2:Selection Element"

"In the first case, the current Signature node must be added as an exclusion, even if it is not explicitly excluded by the Selection"

 

 

Pratik

Received on Sunday, 17 October 2010 00:31:33 UTC