[xmlsec] Emailing: EdTestFormNoMSO.zip

Edward Shallow ed.shallow at rogers.com
Wed Sep 24 07:21:31 PDT 2003


     Thanks for your hints. The following works fine. 2 points of notice.

1) In the Pre-Digest buffer (see below) I will get extra white space and/or
CRLFs for every "subtract" I add in the transform chain. Do I need to do
another Canonicalization after the set of filters ? Can this be expressed as
a transform ?

2) Is there any way to do a "wildcard" type thing with the "subtract" so I
might use only a single filter instead of one for every //SignatureN ? Like
a sort of //Signature(*) or something ?


<?xml version="1.0"?>
		<Data>We must sign this.</Data>
		<Signature1>1st exclude</Signature1>
		<Signature2>2nd exclude</Signature2>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
			<Reference URI="">
Filter="intersect"> //Document </dsig-xpath:XPath>
Filter="subtract"> //Signature1 </dsig-xpath:XPath>
Filter="subtract"> //Signature2 </dsig-xpath:XPath>

== PreDigest data - start buffer:
                <Data>We must sign this.</Data>


== PreDigest data - end buffer


-----Original Message-----
From: xmlsec-admin at aleksey.com [mailto:xmlsec-admin at aleksey.com] On Behalf
Of Aleksey Sanin
Sent: September 23, 2003 11:55 PM
To: Edward Shallow
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Emailing: EdTestFormNoMSO.zip

>Secondly but related, how would one create parallel signatures over the 
>same data using XMLSec ?  Using 2 successive sign operations ?

>Assuming one is using a template, what would it look like for the 2nd sign
operation ? 
Template is just an XML file, remember :)

>For this 2nd pass, does the enveloped-signature transform only exclude 
>the signature being applied (i.e. the 2nd) ?
Enveloped transform by definition excludes only the current signature (see
XMLDSig spec for details).
It does not matter is it first or second signature.

>If so, what is the best way to exclude the 1st ? 
XInclude, XPath, XPath2 or XSLT transofrms are probably the simplest ways
(you might have interop problems with XPath2). But probably I wouldn't use
XSLT just for that task.


xmlsec mailing list
xmlsec at aleksey.com

More information about the xmlsec mailing list