[xmlsec] Question about default transform and multi-signature suggestion

Aleksey Sanin aleksey at aleksey.com
Sat Jun 9 17:09:58 PDT 2012


1) Correct

2) You can use XPath transforms to select any nodeset

Aleksey

On 6/9/12 11:05 AM, Neko wrote:
> Dear Aleksey
> 
> About transform, I want to check if my understanding is wrong.
> Under self-referencing signature, the result node set of Xpath should be
> canonicalized.
> The CanonicalizationMethod only decides how the SignedInfo canonicalized.
> If no c14n Transform specified, then xmlsec applies the default c14n,
> which is http://www.w3.org/TR/2001/REC-xml-c14n-20010315
> The enveloped signature transform will remove the signature node in the
> content to sign, while nothing needs to be done in enveloping or
> detached signature.
> 
> And about multi-signature suggestion, is there any suggested rule to
> generate signatures?
> It seems that enveloped signature is not suitable for this kind of use.
> 
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list