Michael, if i understand right the http://www.remote-server.com/file.doc by
definition (w3c) is a detached signature because it point to a "thing" located
external to the signature itself
Francisco
> Subject: Re: doubt with enveloped signature concept> To:
> security-dev@xml.apache.org> CC: [EMAIL PROTECTED];
> security-dev@xml.apache.org> From: [EMAIL PROTECTED]> Date: Tue, 8 Jan 2008
> 14:48:52 -0500> > [EMAIL PROTECTED] wrote on 01/08/2008 02:30:00 PM:> > >
> Francisco Sepulveda wrote:> > > Hello, I'm having problems with respect to
> what i understand about the> > > concept of an "enveloped signature"> > >> >
> > The W3C define the signature as /"The signature is over the XML content> >
> > > that contains the signature as an element. The content provides the>
> root> > > XML document element. Obviously, enveloped signatures must take
> care> not> > > to include their own value in the calculation of the
> |SignatureValue|"/> > >> > > I have seen that the following xml document has
> a broad acceptation as> a> > > typical use of digital signature .... the
> classic enveloped signature> of> > > the whole document> > >> > > <document>>
> > > <element>> > > </element>> > > <signature>> > > <SignedInfo>> > > ...> >
> > <Reference URI="">> > > <Transforms>> > > <Transform> > >
> Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/>> > >
> </Transforms>> > > <DigestMethod .../>> > > <DigestValue> ....
> </DigestValue>> > > </Reference>> > > </SignedInfo>> > > ...> > >
> </signature>> > > </document>> > >> > > In the above example, there is clear
> for me that the signature is child> > > > of the xml content being signed.> >
> >> > > But i read in a book from McGrawHill an it shows this example of a> >
> > signature that is enveloped, enveloping and detached...> > >> > > * *> > >>
> > > *<Contract1>*> > >> > > * <ImportantContent Id="ImportantElement">*> > >>
> > > * This is important content!*> > >> > > * </ImportantContent>*> > >> > >
> * *> > >> > > * <Signature Id="ThreeTypes">*> > >> > > * <SignedInfo>*> > >>
> > > * <Reference> > > URI=**"http://www.remote-server.com/file.doc";>*> > >> >
> > * . . .*> > >> > > * </Reference>*> > >> > > * <Reference
> URI=**"#contract2">*> > >> > > * . . .*> > >> > > * </Reference>*> > >> > > *
> <Reference URI=**"#ImportantElement">*> > >> > > * . . .*> > >> > > *
> </Reference>*> > >> > > * </SignedInfo>*> > >> > > * <SignatureValue> . . .
> </SignatureValue>*> > >> > > * <Object Id="contract2">*> > >> > > *
> <Contract2> This is also very important> > > content! </Contract2>*> > >> > >
> * </Object>*> > >> > > * </Signature>*> > >> > > *</Contract1>*> > >> > > *
> *> > >> > > *FOR ME, the detached and enveloping signature are REALLY clear,
> but i> > > have doubt about the enveloped signature .... the book said*> > >>
> > > * *> > >> > > *"The Signature Element is enveloped by the <Contract1>
> element. This> > > particular association gives the XML Signature the
> enveloped property"*> > >> > > * *> > >> > > * *> > >> > >> > > So, that is
> my point, maybe i'm wrong but for me the <Reference> > >
> URI=*"#ImportantElement"> is a detached signature or not???*> >> > Based on
> the example above, you're right and the book is wrong. If in> > the example
> above, the ImportantElement ID was an attribute of the> > Content element
> then it would be enveloped. It might be nice to send the> > author a comment
> about that.> > I think there is a misunderstanding. This statement> "The
> Signature Element is enveloped by the <Contract1> element. This> particular
> association gives the XML Signature the enveloped property"> is correct. The
> Contract1 element envelopes the Signature element.> > The <Reference
> URI=*"#ImportantElement"> is a detached Signature..> > What we do not know,
> without more information, is whether the <Reference>
> URI="http://www.remote-server.com/file.doc";> points to the document that>
> contains the Contract1 element. If it does, that is an Enveloped Signature.>
> > >> > >> > > My final question is, if a really want to sign the
> <ImportantContent>> > > element using an enveloped signature. Do i really
> need to put the> > > signature as child of the <ImportantContent> element or
> not?? does the> > > location of the signature have a significant impact?> >>
> > Yes, otherwise it is not an enveloped signature.> >> > > or when the> > >
> signature is enveloped it is allways located as the "last child" of the> > >
> > document element inside an XML document..> >> > It doesn't have to be the
> last child, it could be the first, the second,> > or any descendant element.>
> >> > --Sean>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
