RFC 3653 (rfc3653) - Page 2 of 15

XML-Signature XPath Filter 2

Alternative Format: Original Text Document
< Previous
Next >
RFC 3653             XML-Signature XPath Filter 2.0        December 2003


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Acknowledgements (Informative) . . . . . . . . . . . .  4
       1.2.  W3C Status . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Terminology. . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Specification of Signature Filter Transform. . . . . . . . .  5
       3.1.  Algorithm Identifier . . . . . . . . . . . . . . . . .  5
       3.2.  Syntax of Signature Filter Transform . . . . . . . . .  5
       3.3.  Input and Evaluation Context of Signature Filter
             Transform. . . . . . . . . . . . . . . . . . . . . . .  7
       3.4.  Processing Model of Signature Filter Transform . . . .  7
   4.  Examples of Signature Filter Transform . . . . . . . . . . .  9
   5.  Normative References . . . . . . . . . . . . . . . . . . . . 13
   6.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14
   7.  Full Copyright Statement . . . . . . . . . . . . . . . . . . 15

1.  Introduction

   The XML Recommendation [XML] specifies the syntax of a class of
   objects called XML documents.  The Namespaces in XML Recommendation
   [XML-NS] specifies additional syntax and semantics for XML documents.
   The XML Signature Recommendation [XML-DSig] defines standard means
   for specifying information content to be digitally signed, including
   the ability to select a portion of an XML document to be signed using
   an XPath transform.

   This specification describes a new signature filter transform that,
   like the XPath transform [XML-DSig, section 6.6.3], provides a method
   for computing a portion of a document to be signed.  In the interest
   of simplifying the creation of efficient implementations, the
   architecture of this transform is not based on evaluating an [XPath]
   expression for every node of the XML parse tree (as defined by the
   [XPath] data model).  Instead, a sequence of XPath expressions is
   used to select the roots of document subtrees -- location sets, in
   the language of [XPointer] -- which are combined using set
   intersection, subtraction and union, and then used to filter the
   input node-set.  The principal differences from the XPath transform
   are:

      *  A sequence of XPath operations can be executed in a single
         transform, allowing complex filters to be more easily expressed
         and optimized.
      *  The XPath expressions are evaluated against the input document
         resulting in a set of nodes, instead of being used as a boolean
         test against each node of the input node-set.





Boyer, et al.                Informational
< Previous
Next >