XML Digital Signatures •  Chapter 5 179 Solutions Fast Track Understanding How a Digital Signature Works ; A digital signature must provide the following for a datastream: verification of signer authentication and provability of the authentication for an outside party (nonrepudiation). Applying XML Digital Signatures to Security ; An enveloping signature is one in which the signature node itself actually contains the data that is to be signed. ; An enveloped signature is one for which the signature node is contained within the signed datastream. ; A detached signature is one for which the data that is being signed is located in a separate location from the signature itself.This is useful in situations in which it is not practical or desirable to combine the data into a single signed entity. ; An XML digital signature can be used to sign multiple datastreams. These datastreams do not all have to have the same relationship to the signature, so that the signature can simultaneously be any combination of multiples of the three basic types (enveloping, enveloped, and detached). ; If the datastream is an XML document, it is called a node set. ; A node set can be signed partially if desired; it is possible to define a signature so that a specific XML node is the signed data.The rest of the XML node set will be ignored. Using XPath to Transform Documents ; We can use the XML XPath mechanism to apply a transformation to a datastream that is to be signed. ; XPath applies to a node set and is used to create a filter that has the effect of blocking a node or passing it on for further processing. XPath is a recommended feature for a standards-conformant XML digital www.syngress.com