Signature ID: Make it a optional attribute

[psavelis]

Hi everyone!

According to https://www.w3.org/TR/xmldsig-core2/#sec-Overview, the ID and URL attributes are defined as optional (with a ?). I believe it should have a option/parameter to indicate whether theses attributes may be generated or not.

However, I see no option for generating and verifying a signature without theses attributes.
Is there any related issue or a fix for this requirement?

UPDATE:
Just figured out that setting isEmptyUri to true on addReference causes the ID not to render on the output, but it stills does not verify the signature.

Any fix for verifying a signed Xml, having no ID attribute on the reference node?

[cjbarth]

@psavelis , we welcome community contributions for improvements in documentation, fixes for incorrect behavior, and changes enabling additional behavior. Please consider contributing a PR with a test suite to at least recreate the weakness that you're encountering and we might be able to help you code a solution.

[sibelius]

is there a workaround for this ?