XPath transformation sample from Petteri Stenius on 2000-04-06 (w3c-ietf-xmldsig@w3.org from April to June 2000)

From: Petteri Stenius <Petteri.Stenius@remtec.fi>
Date: Thu, 6 Apr 2000 18:55:25 +0300
To: "'IETF/W3C XML-DSig WG (E-mail)'" <w3c-ietf-xmldsig@w3.org>
Message-ID: <CD0FF8F92CA8D311B9AB00105A14D5570B1009@server.remtec.fi>

Hello,

If I understand the XPath transformation spec correctly then the sample
XPath expression for SignatureValue and DigestValue exclusion are wrong.

The sample expression returns a node-set that does not contain the
*elements* SignatureValue and DigestValue but does actually contain their
*text* child nodes!


I've attached sample output from our current preliminary XPath
transformation implementation:

- out.xml is a signed XML document I use as input for the XPath
transformation (the SignatureValue is not correct, it's not a signed value
but the plain digest)

- xpath.txt is the output from a separate XPath transformation, with each
node from the node-set serialized on a separate row

The XPath expression is as follows:

/descendant-or-self::node()[
not(self::dsig:SignatureValue and parent::dsig:Signature[@dsig:Id='S1'])
and not(self::dsig:DigestValue and ancestor::*[3 and @dsig:Id='S1'])
]

A simple working XPath expression would be:

/descendant-or-self::node()[
not(ancestor-or-self::dsig:Signature[@dsig:Id='S1'])
]

This expression would exclude the entire Signature element.

Petteri

--
Petteri Stenius                            Petteri.Stenius@remtec.fi
Remtec Systems, Ltd.                           Office +358-9-5259240
                                                 Fax +358-9-52592411
http://www.remtec.fi/                         Mobile +358-50-5506161

Attachments

text/plain attachment: xpath.txt
application/octet-stream attachment: out.xml

Received on Thursday, 6 April 2000 11:55:33 UTC