- From: Mauro Arcolini <arcolini@sec.di.unipi.it>
- Date: Fri, 8 Feb 2002 12:41:08 +0100
- To: <w3c-ietf-xmldsig@w3.org>
- Message-ID: <001001c1b095$7fda4070$0902a8c0@win9>
merlin wrotes: >Mauro, >The XPath filter "not (ancestor-or-self::ds:Signature)" will >remove _all_ signatures from the document, so signatures can >be added at will without breaking validity. >An alternative filter could be constructed using: >here()/ancestor::ds:Signature[1]/following-sibling::ds:Signature >This would be slow, and would simply remove Signatures added >_following_ this signature. This would constrain the placement >of signatures, but might be more interesting. Yes its'a solution. >Alternatively, with the enveloped signature transform, new >signatures could be added as ds:Object elements within the >first signature itself without XPath and without breaking >validity. It seems a very good solution, but do you repeat this behaviour if you want add other ds:Signature?, i.e. if you want sign the first and the second ds:Signature, without breaking the second, do you add the third ds:Signature as ds:Object element of the second e so on?? Mauro Arcolini, GapXse
Received on Friday, 8 February 2002 06:27:36 UTC