Looks like the security vocab defines a signatureAlgorithm field. Would setting that on the key to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 (or another option as defined in RFC6931) be a reasonable method to indicate this?
Looks like the security vocab defines a signatureAlgorithm field. Would setting that on the key to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 (or another option as defined in RFC6931) be a reasonable method to indicate this?