- From: Blake Dournaee <blake@sarvega.com>
- Date: Wed, 25 Aug 2004 15:32:15 -0700
- To: "'Srinivas'" <tarapur_01@yahoo.com>, <w3c-ietf-xmldsig@w3.org>
Srinivas - The most general answer to your question is that there is nothing about an XML signature <Reference> element that distinguishes between a header and a body, or any other data. The reason why I say this is because you specify the reference to be digested with a URI fragment and it is de-referenced from there. If you are performing a same-document detached signature (which is common with a SOAP message), the URI attribute value for the <Reference> element will be #foo where foo is the element with the Id value of foo. In your case, foo is the Body. In many cases the body of a SOAP document may have an Id. For the case of a SOAP message header, the header may not have an Id attribute, so you must use an XPath expression in that case. Either way, you still use a <Reference> element, but simply change the URI based on the target to digest if needed. For the case of the XPath transform it would be the empty quotes "" denoting the entire node-set with a filter over it for the header. Blake Dournaee Senior Security Architect Sarvega, Inc. -----Original Message----- From: w3c-ietf-xmldsig-request@w3.org [mailto:w3c-ietf-xmldsig-request@w3.org] On Behalf Of Srinivas Sent: Wednesday, August 25, 2004 3:05 PM To: w3c-ietf-xmldsig@w3.org Subject: Question about signing document header with XML Signature Hi, I wonder if the gurus out in XML land could throw some light on this matter. I am using XML Signature to sign a message. I had no trouble with figuring out the use of XML Signature for signing the message body. Next, what I wanted to find out was, can I use a similar technique to sign the message header too? Meaning, am I correct in concluding that there is no difference in the usage of XML Signature for signing either the message body or the message header? Thanks for you assistance, -Ravi _______________________________ Do you Yahoo!? Express yourself with Y! Messenger! Free. Download now. http://messenger.yahoo.com
Received on Wednesday, 25 August 2004 22:32:20 UTC