> What about a SigningTransformer and a VerifyingTransformer ? The > SigningTransformer would then sign the referenced portions as the last > transformer in a pipeline; the VerifyingTransformer would check the > signatures as the first transformer, either passing the correct content > through or somehow marking the content or signature as invalid. I hope I > understood the spec correctly so far; I guess that the specification does > not apply to other content than serialized XML.
My take on the specification, but I can't claim perfect understanding, is that it covers signing any kind of content. Quoting from the Introduction: > XML Signatures can be applied to any digital content (data object), > including XML. An XML Signature may be applied to the content of one or > more resources. Enveloped or enveloping signatures are over data within > the same XML document as the signature; detached signatures are over data > external to the signature element. For enveloped signatures, your suggestion should work fine. The trick seems to be how to handle detached signatures. I think the only solution is to develop a generator that: 1) requests an arbitrary resource from somewhere (within the sitemap; outside world; etc.) 2) generates the xml-signature document 3) sends this new document down the pipeline This shouldn't (hopefully) be too hard as we already (I think) have the ability to request information from the outside world (the aggregation stuff). Thoughts? Jason Foster --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
