The specification doesn't say anything about using the ID attribute as a URI reference point. Maybe this is covered in a more generic XML document? The XPath usage is somewhat explained, although there's no example.
http://www.w3.org/TR/xmldsig-core/#sec-URI On Wed, Mar 16, 2011 at 12:53 PM, Cantor, Scott E. <[email protected]> wrote: > > OK, I've dug through each and every bit of sample code and unit tests > > supplied with Santuario. I'm still not finding what I need. The samples > sign > > an entire document as enveloped, not a subsection of a document. > > I'm not sure why reading the specification isn't sufficient, but the answer > is, you either sign via ID attribute references (which has issues with > wrapping attacks and ID recognition, but may be fine) or you sign something > else and then apply an XPath transform to the result to subset the actual > node set to sign. That's safer but more complex and requires XPath support > (not a problem in Java, big problem in C++). > > -- Scott > > >
