[xmlsec] Setting base for evaluating Reference URIs when signing

Jonathan Share jshare at opera.com
Wed Sep 3 02:48:09 PDT 2008

Jonathan Share wrote:
> Hi,
> My background is that I'm writing a Pylons web application that will 
> sign Widgets based on the current state of the w3c spec[1].
> In order to do this I'm extracting the widget to a temporary directory 
> and then using the PyXmlSec wrapper around the xmlsec library to create 
> the Signature Template in memory creating Reference elements relative to 
> the root of where I extracted the zip file, something like this.
> <Reference URI="config.xml">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue></DigestValue>
> </Reference>

Erm, don't know what happened to the end of my mail there.

I had continued something like...

Problem is that when trying to sign the template xmlsec doesn't know 
where to resolve the relative URIs relative to so uses the current 
working directory. This works fine in a command line script but not 
suitable for a web application.

So the core question is, how can I tell xmlsec which uri/path to use as 
a base for evaluating relative URIs?

Googling around hasn't turned up much, the closest being a reference in 
the Apache Java Xml Security library for a BaseURI property somewhere 
that sounds like it does what I want, so I'm looking for the xmlsec 
equivalent. Any help finding it would be appreciated.

Kind Regards,


[1] http://dev.w3.org/2006/waf/widgets-digsig/
[2] http://xml.apache.org/security/Java/faq.html#baseURI

More information about the xmlsec mailing list