RFC 3653 (rfc3653) - Page 2 of 15
XML-Signature XPath Filter 2
Alternative Format: Original Text Document
RFC 3653 XML-Signature XPath Filter 2.0 December 2003
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Acknowledgements (Informative) . . . . . . . . . . . . 4
1.2. W3C Status . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology. . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Specification of Signature Filter Transform. . . . . . . . . 5
3.1. Algorithm Identifier . . . . . . . . . . . . . . . . . 5
3.2. Syntax of Signature Filter Transform . . . . . . . . . 5
3.3. Input and Evaluation Context of Signature Filter
Transform. . . . . . . . . . . . . . . . . . . . . . . 7
3.4. Processing Model of Signature Filter Transform . . . . 7
4. Examples of Signature Filter Transform . . . . . . . . . . . 9
5. Normative References . . . . . . . . . . . . . . . . . . . . 13
6. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14
7. Full Copyright Statement . . . . . . . . . . . . . . . . . . 15
1. Introduction
The XML Recommendation [XML] specifies the syntax of a class of
objects called XML documents. The Namespaces in XML Recommendation
[XML-NS] specifies additional syntax and semantics for XML documents.
The XML Signature Recommendation [XML-DSig] defines standard means
for specifying information content to be digitally signed, including
the ability to select a portion of an XML document to be signed using
an XPath transform.
This specification describes a new signature filter transform that,
like the XPath transform [XML-DSig, section 6.6.3], provides a method
for computing a portion of a document to be signed. In the interest
of simplifying the creation of efficient implementations, the
architecture of this transform is not based on evaluating an [XPath]
expression for every node of the XML parse tree (as defined by the
[XPath] data model). Instead, a sequence of XPath expressions is
used to select the roots of document subtrees -- location sets, in
the language of [XPointer] -- which are combined using set
intersection, subtraction and union, and then used to filter the
input node-set. The principal differences from the XPath transform
are:
* A sequence of XPath operations can be executed in a single
transform, allowing complex filters to be more easily expressed
and optimized.
* The XPath expressions are evaluated against the input document
resulting in a set of nodes, instead of being used as a boolean
test against each node of the input node-set.
Boyer, et al. Informational