Hello, I need help to understand my options. We have a situation when I have to verify xmlsignature of in memory document .
Signature is a separate document and has no URI and transforms, and look like:
dsig:Signature xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd";>
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>bhfW/9PpxZpL/uHzFXCJAPNvvbo=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
Is It possible and how? The W3C Sig. Spec states that: "If the URI attribute is omitted , the receiving application is expected to know the identity of the object. For example, a lightweight data protocol might omit this attribute given the identity of the object is part of the application context." Luda
