Just had a crack at using the id and it seems to work. Given that my app is building the XML to begin with I think I can live with the limitations you mentioned.
I notice that the reference samples (JWSDP 1.5) seem to ignore the canonicalization process on both the signing and verification processes. (I tested removing some whitespace and wondered why it would not verify until I took a closer look at the code). So I guess I'm still interested in which of the Apache samples fits best (and does canonicalization properly). Regards Marty -----Original Message----- From: Martin Ravell [mailto:[EMAIL PROTECTED] Sent: Friday, 1 July 2005 8:28 AM To: security-dev@xml.apache.org Subject: RE: Enveloped suggestions Thanks for the pointer Scott. I'll take another look at the reference implementation. I'm kind of interested in the Apache security stuff now and my question on which of the samples to focus on still stands. Can you (or anyone out there on the list) suggest a tutorial or even just which of the samples best covers the process of creating an enveloped signature and then validates it? Thanks Marty -----Original Message----- From: Scott Cantor [mailto:[EMAIL PROTECTED] Sent: Friday, 1 July 2005 12:58 AM To: security-dev@xml.apache.org Subject: RE: Enveloped suggestions > I had also looked at the reference implementation that ships with the JWSDP > 1.5 but had problems in being able to specify a particular element via URI. > The sample given seems to specify the whole document with a "" blank String > but when I try a relative URI (#elementname) it falls on it's arse. You can't specify an element in a fragment by name, only by ID. Which has its own set of endless problems since IDs are technically only legal in the presence of a DTD, so there are endless hacks to try and establish what attributes are IDs and they all require knowing ahead of time what's been signed. -- Scott
