How to sign a sub-tree

HI,

FOLLOWING UP ON KB'S THREAD ON SIGNING LESS THAN THE WHOLE
DOCUMENT, I WOULD 
LIKE TO ASK HOW TO USE THE API TO SIGN A SUB-TREE OF MY
DOCUMENT. IT IS EASY 
FOR ME TO RETRIEVE THE SUB-TREE (I.E. THE PARENT ELEMENT)
BECAUSE IT'S 
UNIQUE.

BUT I DON'T QUITE GET HOW I CAN APPLY THE API TO IT: THE
TRANSFORMS ELEMENT I 
WOULD NEED TO CREATE EITHER ACCEPTS A DOCUMENT IN ITS
CONSTRUCTOR OR ANOTHER 
TRANSFORMS ELEMENT, BUT NOT AN ELEMENT. I SURELY DON'T HAVE
TO CONVERT MY 
SUB-TREE INTO A DOCUMENT, SIGN THAT, AND PASS IT BACK?

THANKS,
RALPH

-- 
FOR CONTACT DETAILS, PLEASE SEE WWW.RALPHHOLZ.DE.

> Following up on kb's thread on signing less than the
whole document, I
> would like to ask how to use the API to sign a sub-tree
of my document. It is
> easy for me to retrieve the sub-tree (i.e. the parent
element) because it's
> unique.

Retrieving it via some kind of DOM call is not relevant,
referencing it in an expression (URI or XPath) is what has
to happen. You start with the Reference URI in the signature
and then move to the Transforms that modify the reference by
chopping out parts or pointing at something inside the whole
node set.

> But I don't quite get how I can apply the API to it:
the Transforms element I
> would need to create either accepts a Document in its
constructor or another
> Transforms element, but not an Element. I surely don't
have to convert my
> sub-tree into a Document, sign that, and pass it back?

I suggest you read the XML Signature spec before you go much
farther, it's really mandatory to understand some of that to
use the library properly. At least for the type of signature
you're planning to use and what the processing model is.

-- Scott