Re: XMLDSIG proposal: enveloped signatures, xpath and here()

Isn't the Id attribute for Signature optional?  In this
case, I don't think that it can be used as a general way
of identifying the Signature node from within the spec (although
applications may set an Id for the Signature node and use
it in other ways).

--Kevin


On Sun, 23 Jul 2000, TAMURA Kent wrote:

> 
> In message "XMLDSIG proposal: enveloped signatures, xpath and here()"
>     on 00/07/17, Merlin Hughes <merlin@baltimore.ie> writes:
> > After implementing the transforms from WD-xmldsig-core-20000711
> > I have been left with some conceptual troubles over the
> > specification of the enveloped signature and XPath transforms;
> > and, in particular, here().
> 
> These troubles are the same as I wrote in the following mail:
> 	> Date: Mon, 3 Jul 2000 14:16:06 +0900
> 	> From: TAMURA Kent <kent@trl.ibm.co.jp>
> 	> To: w3c-ietf-xmldsig@w3.org
> 	> Subject: Transform I/O is a sequence of octets
> 
> 
> In message "XMLDSIG proposal: enveloped signatures, xpath and here()"
>     on 00/07/17, Merlin Hughes <merlin@baltimore.ie> writes:
> > If the latter, then why not eliminate the here()
> > function and replace it with an XPath variable that
> > corresponds to the Id of the Signature.
> > 
> > The resulting XPath definition of the enveloped signature 
> > transform would be:
> > 
> > <XPath xmlns:dsig="&dsig;">
> >   (//. | //@* | //namespace::*)
> >
> [not(ancestor-or-self::dsig:Signature[attribute::Id=$signature-id])]
> > </XPath>
> 
> I prefer this proposal.  This is simpler and easier to implement
> than here().
> 
> -- 
> TAMURA Kent @ Tokyo Research Laboratory, IBM
> 

Received on Monday, 24 July 2000 13:36:07 UTC