1/ How do I force inclusion of the root certificate?
You don't want to. Root certificate (trusted certificate) establishes "trust" and it should be communicated to the verifier by the outside trusted channel.
2/ Should the signature verify in the absence of the root certificate?
No. See above. You might want to read a book on PKI/certificates. Aleksey _______________________________________________ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec