XML Digital Signatures "  Chapter 5 169 Using Manifests to Manage Lists of Signed Elements We saw in our example of the signature that was enveloped, enveloping, and detached all simultaneously that there can be multiple Reference elements in a sig- nature.We showed that example in order to demonstrate the flexibility of the XML digital signature syntax. In the real world, that type of signature is not likely to be common. A more practical example that uses multiple Reference elements is a signature for our weather report data in which we explicitly signed the reports for each city separately.This is readily accomplished by taking our example from Figure 5.11 and adding a Reference element for each of the cities in the file. Now lets consider the scenario in which our multicity weather report is sup- posed to be signed by more than one person. In order to accomplish this goal with the techniques we have so far, we would have to create an XML document that has two Signature elements that would be near duplicates of each other.This approach is not very scalable; consider what happens if, after creating such a tem- plate, we add one more city to our list.We would have to correctly add the Reference  element for that city to every Signature. For a large file, it would be easy to miss one.This process would be much easier to manage if we had a macro to use in a single Reference element (for each signature) that would identify a list of references.This is precisely what a Manifest element does.The manifest is a list of references and is an element of Object for an enveloping signature. So, our multi- city, two-signer signature would look like Figure 5.16. Figure 5.16 Signing the Weather Data Using a Manifest <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="urn:envelope"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signer1"> <SignedInfo> <CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#WeatherReport" Type="http://www.w3.org/2000/09/ xmldsig#Manifest"> <Transforms> </Transforms> www.syngress.com Continued