XML Digital Signatures •  Chapter 5 163 Signing Parts of Documents We can also sign only a portion of a document, if that is desired.This might be useful if the information is dynamic and changes too often for a signature to be meaningful for the whole document, but for parts of it, it is important to main- tain a signature. Another possibility is that the file is dynamic but different por- tions change at different times. In our weather report file, for example, each city may get updated independently of the others, so it makes sense to maintain the signatures for each city separately. Figure 5.11 shows how to do this for a detached signature. It shows how to sign only the data for San Francisco (National Weather Service station KSFO). If a signature is generated based on this template, that signature would verify only the part of the file within the element weather that has the ID KSFO. Changes to other parts of the file will have no impact on the result of a signature verification process. Figure 5.11 Signing Only the San Francisco Weather Data <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="urn:envelope"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="file:///home/skip/xml/weather.xml#KSFO"> <Transforms> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue/> <KeyInfo> <KeyValue/> </KeyInfo> </Signature> </Envelope> www.syngress.com