What is the appropriate way to interpret URI's in the XML signed document.


In the signed XML documents such as this:
<?xml version='1.0' encoding='UTF-8'?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <Reference URI="file:///E:/Code/XSS4JPoC/SimpleSigningPoC/personal.xml">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

[using IBM XSS4J]

we find there are URI's mentioned corresponding to the algorithm.

I would like to know

1) What do these URI's correspond to and what do the mean in the real life 
implementation scenario ?

2) Is it appropriate to interpret the URI's as "keys" whose values 
correspond to java "class" which is the implementation of the actual 
algorithm ?

3) There seems to be no reference to the XML Schema / DTD in the document, 
so how does one validate it ?

4) There is a reference to the XMLDSIG namespace, should the recipient 
application expect to find the XMLSchema corresponding to the XML Signed 
document at the given URI ?

I would appreciate if some members of the list would share their insight on 

Thanks in advance.


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Received on Monday, 12 February 2001 00:17:06 UTC