Hello All,

I want to thank everyone for their insights to my numerous questions.
Everyone has been most helpful.

We have a question about the XML DSig spec regarding Section,
Reference Processing Model.

Specifically, we would like to clarify the following prose:


1. URI="" Identifies the nodeset (minus any comment nodes) of the XML
resource containing the signature 

2. URI="#chapter1" Identifies a nodeset containing the element with ID
attribute value 'chapter1' of the XML resource containing the signature. XML
Signature   (and its applications) modify this nodeset to include the
element plus all descendents including namespaces and attributes -- but not


Consider the following clarification, and please let us know if this is the
correct interpretation:

When a same-document reference (1) or a bare fragment identifier (2) is used
as a URI Reference, 
it must be dereferenced as an XPath node-set. This node-set must have ALL
comments stripped from it 
(e.g. equivalent to passing the node-set through an arbitrary 'comment
stripping' transformation) before
canonicalization is used. The type of canonicalization used is orthogonal to
the stripping of all comments. 
For example, comments must still be stripped even if a canonicalization
method that preserves comments is used.

And finally, why must comments be stripped anyway?

Kind Regards,

Blake Dournaee
Toolkit Applications Engineer
RSA Security
"The only thing I know is that I know nothing" - Socrates

Received on Monday, 9 July 2001 19:38:09 UTC