> Or I suppose the other option would be to make sure you validate prior > to sign. If I could think of some fancy way to do it, we could even > mark base64binary elements somehow and have the security library convert > them to normalised form as part of signing.
You mean verify first and then validate? You can, but until recently it required two parse operations, which isn't reasonable. I don't know if Xerces-C supports in-memory validation of a DOM yet. The Java code does. -- Scott
