Transformation identifier

Table 1. Transformation identifiers
Identifier Description Additional Parameters

http://www.w3.org/2000/09/xmldsig#base64

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into the raw data associated to a BASE64 encoded form.

This is intended to sign the raw data associated with the BASE64 encoded content of an element.

See specification for details.

No

http://www.w3.org/TR/2001/REC-xml-c14n-20010315

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into a canonicalized XML document without any XML comments.

This is intended to transform two equivalent XML documents into a standardized XML representation in order to obtain the same hash value.

For instance: The following two XML nodes are equivalent but would produce different hash values if not canonicalized.

  • <tag Attr1="hello" Attr2="world"/>

  • <tag Attr2="world" Attr1="hello" />

See specification for details.

No

http://www.w3.org/TR/2001/REC-xml-c14n-20010315 #WithComments

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into a canonicalized XML document keeping all XML comments.

This is intended to transform two equivalent XML documents into a standardized XML representation in order to obtain the same hash value.

For instance: The following two XML nodes are equivalent but would produce different hash values if not canonicalized.

  • <tag Attr1="hello" Attr2="world"/>

  • <tag Attr2="world" Attr1="hello" />

See specification for details.

No

http://www.w3.org/2001/10/xml-exc-c14n#

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into a canonicalized XML document without any XML comments, and removing all unused namespaces declaration.

This is intended to transform two equivalent XML documents into a standardized XML representation in order to obtain the same hash value.

For instance: The following two XML nodes are equivalent but would produce different hash values if not canonicalized.

  • <tag Attr1="hello" Attr2="world"/>

  • <tag Attr2="world" Attr1="hello" />

See specification for details.

No

http://www.w3.org/2001/10/xml-exc-c14n #WithComments

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into a canonicalized XML document keeping all XML comments, and removing all unused namespaces declaration.

This is intended to transform two equivalent XML documents into a standardized XML representation in order to obtain the same hash value.

For instance: Following two XML nodes are equivalent but would produce different hash values if not canonicalized.

  • <tag Attr1="hello" Attr2="world"/>

  • <tag Attr2="world" Attr1="hello" />

See specification for details.

No

http://www.w3.org/2000/09/xmldsig #enveloped-signature

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into the same XML document or fragment, but without the Signature node.

This is intended to create enveloped signatures where the <dsig:Signature> node is inside the document, but without taking it into account during signature computation or verification.

See specification for details.

This method can take an optional parameter that is the node where the enveloped signature will be appended.

http://www.w3.org/TR/1999/REC-xpath-19991116

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into a XML document based on the XPath filtering expression applied to each node of the input document, where the expression represents a predicate to the XPath expression (//. | //@* | //namespace::*).

In other words: (//. | //@* | //namespace::*)[expr]

This is intended to identify the nodes to be signed using a XPath expression instead of an attribute of type ID.

For instance: The following samples output only the MyCode node of the input document:

CALL s.appendReferenceTransformation(
  i, 
  "http://www.w3.org/TR/1999/
REC-xpath-19991116",
  "ancestor-or-self::MyCode",
  NULL
CALL s.appendReferenceTransformation(
  i,
 "http://www.w3.org/TR/1999/
REC-xpath-19991116",
  "ancestor-or-self::p:MyCode",
  "p",
  "http://www.tempuri.org")

See specification for details.

XPath expression, followed by NULL or a list of prefix, namespace matching the XPath expression.

http://www.w3.org/2002/06/xmldsig-filter2

See specification for details.

Transforms the output from the previous transformation (or the reference if there is no previous transformation), into a XML document according to a XPath filtering 2.0 expression applied to the entire document at once.

This is intended to identify the nodes to be signed using a XPath expression instead of an attribute of type ID, and to perform fast and more complex operations such as intersect, subtract or union.

For instance: The following samples output the entire document without the MyCode node child of the MyElement root node:

CALL s.appendReferenceTransformation(
  i,
  "http://www.w3.org/2002/06/
xmldsig-filter2",
  "subtract",
  "/MyElement/MyCode")
CALL s.appendReferenceTransformation(
  i,
  "http://www.w3.org/2002/06/
xmldsig-filter2",
  "subtract",
  "/p1:MyElement/p2:MyCode",
  "p2",
  "http://www.tempuri.org/ns2",
  "p1",
  "http://www.tempuri.org/ns1")

See specification for details.

XPathFilter2.0 type (intersect, subtract or union), followed by the XPath expression, followed by NULL or a list of prefix, namespace matching the XPath expression.