[xmlsec] Emailing: EdTestFormNoMSO.zip

Edward Shallow ed.shallow at rogers.com
Wed Sep 24 08:29:28 PDT 2003


Yes, there is no burning reason to carry different element names for each
signature. I thought I'd need distinct names for countersignature support,
but I don't believe I do. Even in that scenario, the counter-signature
should arguably be over all existing signatures, etc ...

Thanks,
Ed

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: September 24, 2003 10:07 AM
To: Edward Shallow
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Emailing: EdTestFormNoMSO.zip


>1) In the Pre-Digest buffer (see below) I will get extra white space 
>and/or CRLFs for every "subtract" I add in the transform chain. Do I 
>need to do another Canonicalization after the set of filters ? Can this 
>be expressed as a transform ?
>  
>
It's OK. You just need to remember that XML includes not only element but
also text nodes.
For example if you have following XML

<doc>
    <Signature1/>
    <Signature2/>
</doc>

then you have 3 element nodes and 3 text nodes. If you remove, say,
<Signature1/>, the text nodes around it stay. Thus you would have

<doc>
   
    <Signature2/>
</doc>

If you want to remove this text node "\n   " then you need to specify it 
in the XPath expression but
actually there is no reason to do this.

>2) Is there any way to do a "wildcard" type thing with the "subtract" 
>so I might use only a single filter instead of one for every 
>//SignatureN ? Like a sort of //Signature(*) or something ?
>  
>
It's an XPath expression and //dsig:Signature should do it
(http://www.zvon.org/xxl/XPathTutorial/Output/example2.html)

Aleksey









More information about the xmlsec mailing list