- From: XML DSig <xmldsig@hotmail.com>
- Date: Mon, 12 Feb 2001 10:46:31 +0530
- To: w3c-ietf-xmldsig@w3.org
Hi:
In the signed XML documents such as this:
-----------------
<?xml version='1.0' encoding='UTF-8'?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000119"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference URI="file:///E:/Code/XSS4JPoC/SimpleSigningPoC/personal.xml">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>sNiXgt6+NHWnE+Mwn+ZZfoPPEwE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
bO6TFCw+JLYDwbrMYFxW+CeJBZlDotPuDXbMu4d+Jz6tmANuGzxtAw==
</SignatureValue>
<KeyInfo>
<KeyValue>
<DSAKeyValue>
-----------------
[using IBM XSS4J]
we find there are URI's mentioned corresponding to the algorithm.
I would like to know
1) What do these URI's correspond to and what do the mean in the real life
implementation scenario ?
2) Is it appropriate to interpret the URI's as "keys" whose values
correspond to java "class" which is the implementation of the actual
algorithm ?
3) There seems to be no reference to the XML Schema / DTD in the document,
so how does one validate it ?
4) There is a reference to the XMLDSIG namespace, should the recipient
application expect to find the XMLSchema corresponding to the XML Signed
document at the given URI ?
I would appreciate if some members of the list would share their insight on
this.
Thanks in advance.
-XMLDSig.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Received on Monday, 12 February 2001 00:17:06 UTC