> > Yes, but it's somewhat difficult. You can either use an XPath filter > > transform to select the node, or refer to the node by an ID attribute. > > It's not 100% clear to me how you mean that, but I am new to XML Security > (though not to XML). Do you see the problem in retrieving the correct XML > element from the tree (both for signer and receiver), but not in the > signing process itself?
The signing step is transparent to the caller once you have created the transforms you want. Other than creating the XPath (quite simple unless you don't know XPath), it's easy to do. The problem is in the verification step, where an infinite number of XPaths produce the same node set, so determining what's been signed is difficult or inefficient. ID-based signing is much cleaner, but requires schemas or application-specific knowledge, at least prior to the emergence of xml:id. -- Scott
