Laurence Bull and David McG. Squire,
XML Signature Extensibility Using Custom Transforms,
In The Fifth International Conference on Web Information
Systems Engineering (WISE 2004),
Brisbane, Australia, No. 3306 in Lecture Notes in Computer Science, pp. 102-112, Springer-Verlag, 22-24 November 2004.The XML Signature specification defines a set of algorithms to be used to ensure security and application inter-operability for content signed using an XML Signature. In this paper we propose two ways to use and disseminate newly defined, or custom, transformation algorithms to address a limitation with XML Signatures arising from their extensibility. This involves downloading the algorithm on-demand and embedding the algorithm in the signature itself. Finally, we highlight a possible vulnerability to attack in the existing XML Signature Core Validation process when using newly defined, or custom transforms, and suggest an extension to the XML Signature standard to remedy this.