OK, thanks to the feedback that has already been offered in this thread
I've been able to make progress on the XML Encryption side of this. Now
to the digital signature side. I'd like to get some opinions on the
following question:
The spec already allows enveloped XML signatures for the document.
Question: should we only allow signing of the entire document or are
there valid use cases for allowing each individual entry in the feed to
be individually signed? e.g.
<!-- Sign entire document -->
<feed>
<entry />
<entry />
<Signature />
</feed>
or
<!-- Each entry could have it's own signature. -->
<feed>
<entry>
<Signature /> <!-- covers the containing <entry /> -->
</entry>
</feed>
or
<!-- One signature for the feed, covering specific entries -->
<feed>
<entry>
<id>urn:abc...</id>
</entry>
<Signature>
<!-- use transform to select only the entry with id = urn:abc... -->
</Signature>
</feed>
I'm quite happy with limiting it to the first as I don't really see much
of a reason to support the second and third examples, but wanted to see
if anyone had any opinions or use cases that could justify the ability
to independently sign individual entries within a feed.
- James
