Is it possible to move a signed element, as long as its parent element is not signed?
For example, say that the Envelope/Header/Security/Timestamp element is the third child in the Envelope/Header/Security element AND it is the only element that is signed in the message. Can this element be moved to be the first child of the Security element without breaking the signature?
If yes, then does anyone know of a credible reference where this is documented?
For example, can this message
<Envelope>
<Header>
<Security>
<Signature>
...
</Signature>
<Assertion>...</Assertion>
<Timestamp>...</Timestamp>
</Security>
</Header>
<Envelope>
be changed to this message after the signature was created
<Envelope>
<Header>
<Security>
<Timestamp>...</Timestamp>
<Signature>
...
</Signature>
<Assertion>...</Assertion>
</Security>
</Header>
<Envelope>