additional XML Digital Signature clarifications

The XML Digital Signature recommendation is an excellent document, and improves
tremendously with each versions. I have a few questions, just clarifications:

1) I assume a Manifest is not required to be within a Signature element. If a
Manifest is within a Signature element it must be within an Object element, but
not otherwise.

This allows a Manifest to be included in multiple signatures, as discussed in
section 2.3 (Extended Example). Ignoring namespaces and content:

<Signature>,,,<Reference URI=#Manifest
Type="">... </Reference></Signature>
<Signature>,,,<Reference URI=#Manifest
Type="">... </Reference></Signature>
<Signature>,,,<Reference URI=#Manifest
Type="">... </Reference></Signature>
<Manifest Id=>

2) In 4.3.2 on the SignatureMethod,the specification states "While there is a
single identifier, that identifier may specify a format containing multiple
distinct signature values".

I'm not sure what this sentence is trying to say. Does it simply mean that the
signature values will vary for an algorithm based on the input? Is there an
example of what this is getting at

3) The KeyInfo section mentions a rawX509Certificate type, but this is not
referenced in the KeyInfo schema.  Should it be one of the choices? Wouldn't the
X509Data element with the X509Certificate contain a base64 encoded binary
certificate value as well?

4) A minor typo in 4.4, KeyInfo, 3rd paragraph: octect should be octet (end of

< Frederick

Received on Sunday, 21 January 2001 15:59:32 UTC