[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] REFORMULATED ISSUE#2: SIGNATURECONTENTS (SIGN REQUEST DISCUSSION)
Mensaje citado por Trevor Perrin <trevp@trevp.net>:
See below my comments enclosed within <JC></JC>
Juan Carlos.
>> 3. As you propose to indicate in the DocumentSelector whether the
>> resulting doc of the transformations has to be enveloped or not,
>> I propose
>> to give all the details here; ie, I propose that this element
>> includes
>> indication of where the resulting document of the transformations
>> will come:
>> detached of the signature, enveloping it or being enveloped by it.
>
>I don't understand the last sentence. But I think what you're describing I
>call "SignaturePlacement".
<JC>Yes, it is what we called SignaturePlacement in both schemas
</JC>
>
>Here's what I was thinking. I really need to write this up. I think this
>is a good model though -
> - SignatureContents determines what the signature covers, and whether
>each thing is included in the signature ("enveloped") or not
> - SignaturePlacement determines where the signature is placed in one of
>the Input Documents (or SignaturePlacement can be omitted, if this is just
>a detached signature)
<JC>
My point is precisely to join together the two functionalities in one.
This is a content/grouping issue.
The rationale is:
1. The fact is that the selector is already giving information of the
relative position of ds:Signature and objects covered by the signature,
because we are indicating whether the object is enveloped or detached.
For me a complete solution would also allow to indicate whether a document
envelopes the ds: Signature.
2. To concentrate in one only place all the information
that the server will require to know what to do with all the documents
that he has received in terms of being transformed and signed, and where to
put them
with relationship to the ds:Signature. So you have one selector
for one document and the indication of transformations and
of its placement with respect to the
signature. You have another selector and the indication of transformations and
its placement, and so on.
My proposal would be something like:
<xs:complexType name="To be defined: semantics: final docs to be
signed and position relative to ds:Signature">
<xs:sequence>
<xs:element name="DocumentSelector"
type="DocumentSelectorType" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="DocumentSelectorType">
<xs:sequence>
<xs:element name="RequestedTransforms"
type="ds:TransformsType" minOccurs="0"/>
<xs:element name="EnvelopeTheSignature"
type="SignaturePlacementType" minOccurs="0">
</xs:sequence>
<xs:attribute name="whichInputDocument" type="xs:integer"
use="required"/>
<xs:attribute name="envelopeIt" type="xs:boolean"
use="optional" >
</xs:complexType>
2. If we would opt by leaving the SignaturePlacement alone, the message could
be
complicated in a situation like this:
Imagine you send two documents. For the first one you define three
transformations: you want
the server to generate three documents (A1,A2,A3) and sign them.
For the second you define two transformations: you want the server to generate
two documents
(B1,B2) and sign them.
Now imagine you want A1,A2 and B2 enveloped; B1 detached and A3 Enveloping the
signature.
With the solution I propose you would have something like:
<ToBeDefinedName>
<DocumentSelector whichInputDocument="1" envelopeIt="true"/>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
<DocumentSelector whichInputDocument="1" envelopeIt="true"/>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
<DocumentSelector whichInputDocument="1" />
<RequestedTransforms>.....</RequestedTransforms>
<EnvelopeTheSignature>
<AfterElement>......</AfterElement> <!--This is a
ds:Transforms element that can contain a XPath expression identifying a
certain element
of the resulting transformed document, and would
indicate the element after which the ds:Signature should be inserted!!!. --->
</AfterElement>
</EnvelopeTheSignature>
</DocumentSelector>
<DocumentSelector whichInputDocument="2"/>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
<DocumentSelector whichInputDocument="2" envelopeIt="true"/>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
<ToBeDefinedName>
As you can see everything dealing with how to get the actually signed
documents from
the input ones, and what to do with them in terms of leaving them detached, be
inserted
in the ds:Signature or envelopt the ds:Signature itself appears here, within
ONE element.
Following the approach you proposed you would have:
<SignatureContents>
<DocumentSelector />
<WhichInputDocument>1</WhichInputDocument>
<RequestedTransforms>.....</RequestedTransforms>
<EnvelopeThisDocument>true</EnvelopeThisDocument>
</DocumentSelector>
</SignatureContents>
<DocumentSelector />
<WhichInputDocument>1</WhichInputDocument>
<RequestedTransforms>.....</RequestedTransforms>
<EnvelopeThisDocument>true</EnvelopeThisDocument>
</DocumentSelector>
<!--Problem: how to indicate the transformations applied to 1 for leading
to A3: If I do not put EnvelopeThisDocument then does it mean that this
document will be detached or enveloping the signature?. My answer would be
OK, lets leave the SignaturePlacement tell it... well lets go on....-->
<DocumentSelector />
<WhichInputDocument>1</WhichInputDocument>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
<!-- Now go back to the second input document -->
<DocumentSelector />
<WhichInputDocument>2</WhichInputDocument>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
<DocumentSelector />
<WhichInputDocument>2</WhichInputDocument>
<RequestedTransforms>.....</RequestedTransforms>
</DocumentSelector>
</SignatureContents>
<DocumentSelector />
<WhichInputDocument>2</WhichInputDocument>
<RequestedTransforms>.....</RequestedTransforms>
<EnvelopeThisDocument>true</EnvelopeThisDocument>
</DocumentSelector>
</SignatureContents>
<!-- Now in another place of the request you propose to have the
SignaturePlacement indicating that the ds:Signature will be inserted
in the resulting document of transforming an input document:-->
<!--OK; here we are... Question: HOW TO EASILY IDENTIFY
HERE THAT THE DOCUMENT THAT HAS TO CONTAIN THE
ds:Signature IS PRECISELY A3,. The most simple answer:
WELL; JUST INDICATE WITH AN INTEGER THE ORDER NUMBER
OF THE CORRESPONDING DocumentSelector!!. And yes, this would
work, but, at what price?:
-spreading one functionality in different parts of the message: more
complications for the server.
-getting a message weaker in front of errors of the client (who has not
made a mistake when counting ;.)?. Not, seriously, in situations
where we can have several DocumentSelector, I would not like this approach.
-adding more text.
-->
<SignaturePlacement signedDocument="3">
<AfterElement>......</AfterElement> <!--This is a ds:Transforms
element that can contain a XPath expression identifying a certain element
of the resulting transformed document, and would indicate the
element after which the ds:Signature should be inserted!!!. --->
</AfterElement>
</SignaturePlacement>
-->
</SignaturePlacement>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]