- Identify document(s) to be signed; for each of these:
- apply, if necessary, various transforms (eg, Canonicalization, XSLT, XPath)
- create a digest of the transformation results
- Collect all these in a
SignedInfoelement - Sign the
SignedInfo
Remarks:
- Using digests ensures that if the document changes, the signature becomes invalid
- Reference to the algorithm used should be stored with the signature
- The recommendation includes pre-defined algorithm identifications