> OK, I've dug through each and every bit of sample code and unit tests > supplied with Santuario. I'm still not finding what I need. The samples sign > an entire document as enveloped, not a subsection of a document.
I'm not sure why reading the specification isn't sufficient, but the answer is, you either sign via ID attribute references (which has issues with wrapping attacks and ID recognition, but may be fine) or you sign something else and then apply an XPath transform to the result to subset the actual node set to sign. That's safer but more complex and requires XPath support (not a problem in Java, big problem in C++). -- Scott
