OASIS ebXML Messaging Services TC

 View Only

  • 1.  Re: Signature Transforms

    Posted 08-24-2001 15:38
    The example is incorrect. The ds:Transforms element should include two (2) ds:Transform elements. The first must have an algorithm of http://www.w3.org/2000/09/xmldsig#enveloped-signature: <Transforms xmlns= http://www.w3.org/2000/09/xmldsig# > <Transform Algorithm= http://www.w3.org/2000/09/xmldsig#enveloped-signature /> <Transform Algorithm= http://www.w3.org/TR/1999/REC-xpath-19991116 > <XPath> not(ancestor-or-self::eb:TraceHeaderList or ancestor-or-self::eb:Via) </XPath> </Transform> </Transforms> as per the spec language at line 2027-2030 of the v1.0 spec. Cheers, Chris David Fischer wrote: > > Hi Ralph, > > Remember in Vienna when we went back and forth on whether it is necessary to > create a transform to exclude the Signature element? I'm still not sure. . . > > http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/ > > <Reference URI= > > <Transforms> > <Transform > Algorithm= http://www.w3.org/TR/1999/REC-xpath-19991116 > > <XPath xmlns:dsig= &dsig; > > > not(ancestor-or-self::dsig:Signature) > </XPath> > </Transform> > </Transforms> > <DigestMethod Algorithm= http://www.w3.org/2000/09/xmldsig#sha1 /> > <DigestValue>. . .</DigestValue> > </Reference> > > This seems to have a Transform excluding the Signature element. However, in our > example on page 54 we have: > > <ds:Reference URI= > > <Transforms> > <Transform > Algorithm= http://www.w3.org/TR/1999/REC-xpath-19991116 > > <XPath xmlns:dsig= http://www.w3.org/2000/09/xmldsig# > > not(ancestor-or-self::eb:TraceHeaderList or > ancestor-or-self::eb:Via) > </XPath> > </Transform> > </Transforms> > <ds:DigestMethod > Algorithm= http://www.w3.org/2000/09/xmldsig#dsa-sha1 /> > <ds:DigestValue>...</ds:DigestValue> > </ds:Reference> > > We don't exclude the Signature in the Transform. In Vienna, we decided that > this happened automatically, can you confirm? > > Regards, > > David Fischer > Drummond Group. > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: < http://lists.oasis-open.org/ob/adm.pl >


Related Content