[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Digital signature proposal
Hi, please find below a proposal for adding digital signatures to ODF. It consists of two parts. The first one adds digital signature to ODF packages in general. The 2nd describes how they are used in OpenDocument documents. Best regards Michael Digital Signatures (to be added to chapter 17, Packages) ======================================================== Files within a package may have a digital signature applied. Digital signatures are stored in one or more files within the META-INF folder. The names of these files *shall* contain the term "signatures". Each of these files contains a <sig:document-signatures> root element that serves as a container for an arbitrary <Signature> elements as defined by the [xml-dsig] specification. If the <dsig:document-signatures> element contains multiple <Signature> elements, then there *should* be a relation between the digital signatures they define, for instance, they may all apply to the same set of files. Applications *may* require that a digital signature includes a certain set of files. That is, they *may* consider a digital signature to be valid if, and only if, * the digital signature itself is valid, and * if the <Reference> child elements of the <Signature> element reference a certain set of files. In particular, application *may* require that a digital signature references all files contained in a package. The schema for digital signatures is: <?xml version="1.0" encoding="UTF-8"?> <!-- OASIS OpenDocument v1.2 Draft1, 19 Oct 2006 Relax-NG Manifest Schema $Id$ © 2002-2005 OASIS Open --> <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" xmlns:dsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0" xmlns:xmldsig="http://www.w3.org/2000/09/xmldsig#"> <define name="dsig-document-signature"> <element name="dsig:document-signature"> <oneOrMore> <ref name="xmldsig-signature"/> </oneOrMore> </element> </define> <start> <choice> <ref name="dsig-document-signature"/> </choice> </start> <define name="xmldsig-signature"> <element name="xmldsig:Signature"> <ref name="xmldsigMarkup"/> </element> </define> <!-- To avoid inclusion of the complete XMLDSIG schema, anything --> <!-- is allowed within a xmldsig:Signature element --> <define name="xmldsigMarkup"> <zeroOrMore> <choice> <attribute> <anyName/> </attribute> <text/> <element> <anyName/> <ref name="xmldsigMarkup"/> </element> </choice> </zeroOrMore> </define> [xml-dsig] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ Document and Macro Signatures (to be added to chapter 2) ======================================================== An OpenDocument document that is stored in a package may have one or more digital signatures applied. A document signature is a digital signature that is applied to all files contained in a package, regardless whether they are defined by this specification or are application specific extensions. Document signatures are stored in a file called META-INF/documentsignatures.xml in the package as described in section [ref to package signatures]. A document signature *shall* be considered to be valid only if it valid itself, and if it is applied to all files of the package. A macro signature is a digital signature that is applied to macro code and other executable code that may be contained in a package. Macro signatures are stored in a file called META-INF/macrosignatures.xml in the package as described in section [ref to package signatures]. Since macro code and executable code is application specific, this specification does not define to which files a macro signature has to apply. However, an application *shall* consider a macro signature as invalid if a package contains files to which the macro signature is not applied, and which contain macro or executable code that the application is able to execute. Since a document signature is applied to all files, it includes the files to which a macro signature is applied. A document may have document and a macro signatures applied simultaneously, and may have further applications specific signatures applied. -- Michael Brauer, Technical Architect Software Engineering StarOffice/OpenOffice.org Sun Microsystems GmbH Nagelsweg 55 D-20097 Hamburg, Germany michael.brauer@sun.com http://sun.com/staroffice +49 40 23646 500 http://blogs.sun.com/GullFOSS
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]