Author: Ed Simon, Entrust Technologies
Date: 2000 January
Acknowledgements: Thanks to Kent Tamura of IBM for helping out with impromptu code reviews.
The XML Signature specification describes how to use XPath and XSLT as tranformations to be applied to an XML document before it is digested. For many applications, it might also make sense to create XML Signature <Signature> elements (and their children) through XSL stylesheets. This presentation takes a look at how XSLT code might be written to support these scenarios.
Important: To view most of these links, you require an XML-aware browser such as Internet Explorer 5.01.
In the first scenario, an application is assumed to have created a "template" for an XML Signature from some resources. The XML Signature template includes two URIs and all the details of the XML Signature EXCEPT the cryptographic values, specifically the digests of the resources and the signature value. The cryptographic values are placed in the signature by applying two XSLT stylesheets: one to get the digest values and one to get the signature value. The main role of the XSLT stylesheets is to provide a straight-forward interface for calling Java methods that do the actual cryptographic processing.
In the second scenario, the Signature is over the XSLT-transformed contents of an Object element. The XSLT stylesheet is specified within a Transform element. Unlike the previous example, I did not have time to get all the code working before the F2F meeting so their are no interim results. I think the main difficultly lies in the object type conversion between XSLT's key() function and finding the appropriate Java/DOM class to use; I'll continue to work on this as time permits.
Follow this link to see the abridged source for the Java methods.