Eric Scheid wrote:
> does the signature technology we use for the atom format allow us
> to state that certain child elements are not to be included in
> the signature algorithm?
Yes, the signature specification provides for an XPath filter[1] to
be defined that excludes flagged portions of the data from the signature.
You may remember that we discussed this subject back in September[2] when I
proposed that we require that signatures on Atom Entries should be required
to include the following XPath filter element:
<XPath Filter="subtract"
xmlns="http://www.w3.org/2002/06/xmldsig-filter2";;>
.//[EMAIL PROTECTED]
</XPath>
Items added to entries after they are signed should be given a "not-signed"
attribute. I gave an example of this in PaceHeadInEntry[3] where you will
see "<head not-signed>...</head>" in the example. If all signatures on Atom
entries include the filter above then you could add any content you wanted
without interfering with the signature mechanism. Note: A signature on an
Atom feed should *not* contain the XPath above.
bob wyman
[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-XPath
[2] http://www.imc.org/atom-syntax/mail-archive/msg09604.html
http://www.imc.org/atom-syntax/mail-archive/msg09596.html
[3] http://www.intertwingly.net/wiki/pie/PaceHeadInEntry
