Thanks for the pointer Scott. I'll take another look at the reference implementation.
I'm kind of interested in the Apache security stuff now and my question on which of the samples to focus on still stands. Can you (or anyone out there on the list) suggest a tutorial or even just which of the samples best covers the process of creating an enveloped signature and then validates it? Thanks Marty -----Original Message----- From: Scott Cantor [mailto:[EMAIL PROTECTED] Sent: Friday, 1 July 2005 12:58 AM To: security-dev@xml.apache.org Subject: RE: Enveloped suggestions > I had also looked at the reference implementation that ships with the JWSDP > 1.5 but had problems in being able to specify a particular element via URI. > The sample given seems to specify the whole document with a "" blank String > but when I try a relative URI (#elementname) it falls on it's arse. You can't specify an element in a fragment by name, only by ID. Which has its own set of endless problems since IDs are technically only legal in the presence of a DTD, so there are endless hacks to try and establish what attributes are IDs and they all require knowing ahead of time what's been signed. -- Scott
