XML Digital Signatures "  Chapter 5 165 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> The XPath syntax describes a node at a time test.  Each node (either a single XML element or any of its data) is checked, and only those that satisfy the test are passed.The filter is applied a single node at a time for the entire document. In our example in Figure 5.12, the test defined by the line //weather[@Id=KSFO] means,Is the current node either the descendant of or the definition itself of the element weather that has the ID KSFO? XPath provides a more general method for choosing the element(s) that we want to sign. It allows us to specify complicated ways of choosing the accepted elements. So, for our scenario of just signing the weather station location data we can use a filter like the one shown in Figure 5.13 below. Figure 5.13 Using XPath to Sign Only the Weather Station Locations <Reference URI="file:///home/skip/xml/weather.xml"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <XPath> ancestor-or-self::location </XPath> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> In this case, just for variety, we have used a different style of the XPath syntax ancestor-or-self::location,  which filters for any node that is the location node in the document or for which the location node is the nodes ancestor. XPath is in the Recommended category of algorithms for XML digital signa- tures, so it might not necessarily be available universally.You should keep this in mind when you create a signature. If you are going to use XPath algorithms, you will find it useful to have an XPath syntax validator such as XPathTester (see www.syngress.com Figure 5.12 Continued