About elements ReturnSignerIdentity and ReturnSigningTime in DSS Core specification

[Inma Marín López <inma@dif.um.es>]

Hello!
 
I have some questions regarding elements in DSS Core specification. There
are two optional inputs in verification requests: <ReturnSigningIdentity>
and <ReturnSigningTime> which ask for information about one signature.
However, there are situations in which a client can send a
<VerificationRequest> including a XML enveloped signature which includes two
nested signatures (that is, a XML enveloped signature over another XML
enveloped signature created by another identity), for example:
 
<OuterDocument Id=”outer”>
  …..  
  <InnerDocument Id=”inner”>
     …..
     <ds:Signature>
       ….
         <ds:Reference URI=#inner>
       …..
     </ds:Signature>
   </InnerDocument>
    <ds:Signature>
       ….
         <ds:Reference URI=#outer>
       …..
    </ds:Signature>
</OuterDocument>
     

Supposing that the client wants the service to verify both signatures (the
request does not include the element <SignaturePtr> or includes it but not
the attribute ‘XPath’) and wants to know, not only the result of the
verification but also the signer identity and the signing time of both
signatures (or only of one of them) in a single step (one pair
VerificationRequest/VerificationResponse) ….. Could you be so kind as to
tell me how the optional inputs <ReturnSignerIdentity> and
<ReturnSigningTime> should be, please? Should them include an identifier for
the signatures we want to know the information about? And what about
optional outputs <SignerIdentity> and <SigningTime>?

 

 

Besides, I would like to know if you are considering the fact of returning a
whole signing certificate in a VerificationResponse (instead of only the
SignerIdentity), in case there are applications who desire it  to get
information (apart from the identity) about the entity who signed a
document.

 

Thank you very much in advance.