10.6. Security of Signatures
Because the XMLDSIG standard provides a very flexible digital signature mechanism, there are lots of ways to misuse it and produce insecure or misleading results. When designing a system using XMLDSIG, you should consider the factors discussed in this section.
10.6.1. Transforms
The Transforms mechanism makes it easy to sign data derived from processing the content of an identified resource. For instance, an application might wish to sign a form, but permit users to enter limited field data without invalidating a previous signature on the form. The application could use an XPath-based Transform to exclude those portions that the user will change. Transforms can also include encoding changes, canonicalization instructions, ...
Get Secure XML: The New Syntax for Signatures and Encryption now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.