I have checked the XML Signature Syntax and Processing on W3C website,however it says little about multi-signature.Is there a standard or rule to create multi-signature on one single xml file?Thank youExample
Consider Only same-file referencing)Original xml\[code\]<root> <item> <name>Apple</name> <price>100</price> </item></root>\[/code\]First A signs it with an enveloped signatureA Signed XML\[code\]<root> <item> <name>Apple</name> <price>100</price> </item> <Signature>this is Signature signed by A with Ref URL=""</Signature></root>\[/code\]Now, B wants to sign the XML (containing A's signature)B Signed XML\[code\]<root> <item> <name>Apple</name> <price>100</price> </item> <Signature>Signature A: this is Signature signed by A with Ref URL=""</Signature> <Signature>Signature B: this is Signature signed by B with Ref URL=""</Signature></root>\[/code\]then when it comes to verifying, it becomes confusing...for Signature A, while verifying, it sees\[code\]<root> <item> <name>Apple</name> <price>100</price> </item> <Signature>Signature B: this is Signature signed by B with Ref URL=""</Signature></root>\[/code\]but what it actually signed is\[code\]<root> <item> <name>Apple</name> <price>100</price> </item></root>\[/code\](note that because of enveloped transform, one's signature node is removed while signing and verfying)The same problem might be solved by treating Signature node as root when doing enveloping signature.But if multiple references involved, it might become more complicated.
Consider Only same-file referencing)Original xml\[code\]<root> <item> <name>Apple</name> <price>100</price> </item></root>\[/code\]First A signs it with an enveloped signatureA Signed XML\[code\]<root> <item> <name>Apple</name> <price>100</price> </item> <Signature>this is Signature signed by A with Ref URL=""</Signature></root>\[/code\]Now, B wants to sign the XML (containing A's signature)B Signed XML\[code\]<root> <item> <name>Apple</name> <price>100</price> </item> <Signature>Signature A: this is Signature signed by A with Ref URL=""</Signature> <Signature>Signature B: this is Signature signed by B with Ref URL=""</Signature></root>\[/code\]then when it comes to verifying, it becomes confusing...for Signature A, while verifying, it sees\[code\]<root> <item> <name>Apple</name> <price>100</price> </item> <Signature>Signature B: this is Signature signed by B with Ref URL=""</Signature></root>\[/code\]but what it actually signed is\[code\]<root> <item> <name>Apple</name> <price>100</price> </item></root>\[/code\](note that because of enveloped transform, one's signature node is removed while signing and verfying)The same problem might be solved by treating Signature node as root when doing enveloping signature.But if multiple references involved, it might become more complicated.