wd-08

[Trevor Perrin <trevp@trevp.net>]

I added lots of changes from Juan Carlos, Nick, Frederick, and 
myself.  Also I expanded the text in several places to make it more clear.

http://www.oasis-open.org/apps/org/workgroup/dss/download.php/4428/oasis-dss-1.0-core-spec-wd-08.doc
http://www.oasis-open.org/apps/org/workgroup/dss/download.php/4429/oasis-dss-1.0-core-schema-wd-08.xsd

There's no pdf cause my pdf-making thing broke.  Could someone else make one?

There's no timestamp schema cause I moved the timestamp elements into the 
core schema.


Here are a list of changes I decided to make while working on the 
document.  These haven't received much (or any) discussion yet.  Please let 
me know if you disagree with any of them.

Below that are lists of changes that were proposed and discussed on the list.
-------------------------------
  - <SignaturePtr> - the text now says that this may only be used in the 
verify protocol, when sending a signature to the server.  Since knowing the 
location of the signature is necessary for the server to apply the 
Enveloped Signature Transform, I don't think we can eliminate this.

  - NameType - made the 'Format' attribute required, instead of optional.

  - <ResultMajor> / <ResultMinor> are changed from QNames to a String / 
URI, respectively.  This is simple for ResultMajor, since it only assumes 3 
values (Success, RequesterError, ResponderError), and lets ResultMinor be 
extensible without the bother of QNames.

  - The <ResultMinor> codes for verification are expanded.  In particular, 
there are 3 different success codes, depending upon the relation of the 
signature to the input documents:
    - ValidSignature_OnAllDocuments: the signature covers all of the input 
documents, just as they were passed in
    - ValidSignature_OnTransformedDocuments: the signature covers all of 
the input documents, but some of them have additional transforms that the 
client didn't pass in.
    - ValidSignature_NotAllDocuments: not all documents passed in by the 
client were covered by the signature

  - There's also a new failure code:
    - InappropriateSignature - the signature has the wrong semantics or policy

  - New <ReturnTimeStampTime> option for querying the time when verifying a 
TimeStampToken

  - The timestamp elements are moved into the core schema, instead of being 
in their own schema - since these things are all defined by the same 
document, a single schema makes sense, and the separate schemas needed to 
circularly include each other.

  - The <TstInfo>'s fields were changed from attributes to elements, since 
we wanted to add a TSA field, and this is a complex type so it needs to be 
an element.

  - The <XMLTimeStampToken> is of type ds:SignatureType.  It contains a 
<ds:Reference> that refers to the enveloped <TstInfo>.  This <ds:Reference> 
previously referred to the <TstInfo> by 'URI="#tstInfo"'.  This requires 
the <TstInfo> to have an ID=tstInfo attribute, and if there were multiple 
timestamps within the same document, these would conflict.  XML-DSIG allows 
a single <ds:Reference> within a signature to omit the URI attribute, and 
let its reference be determined by the application context.  So I think we 
should use this to point to the <TstInfo>, implicitly.


Nick's suggestions
-------------------------------
  - renamed <Outputs> to <OptionalOutputs>
  - moved <Timestamp> and <RequesterIdentity> into a single "Core Elements" 
section (5)
  - added editorial note #10 that the spec may be updated as we work on 
profiles


Frederick's suggestions
-----------------------------------
  - namespace prefixes aren't normative (1.2)
  - a new version will use a different namespace (1.2)
  - new overview (1.3)
  - renamed <dss:Signature> to <dss:SignatureObject> (2.4)
  - changed ResultMajor/ResultMinor to be string and URI, respectively, 
instead of QNames (2.7)
  - new, more detailed "Basic Processing" (3.3)
  - made <KeySelector> extensible (3.4.4)
  - moved common optional inputs to section 2 (2.6)
  - removed <IgnoreMissingInputDocuments> (4.5)
  - changed <SigningTime> optional output, on verify, to have a 
"ThirdPartyTimestamp" attribute, instead of a "Trusted" attribute
  - fixed URNs in 6.1
  - added some additional text, in a few places

Not Done
--------------
  - move SignatureType out of optional inputs?
  - Frederick: "Indicate Manifest reference hash checking is not performed 
by default, and only is if option VerifyManifests is present (refer to 
4.5.5)" Trevor: on further thought,  shouldn't it be left to profiles to 
define whether this optional input is enabled by default?


Juan Carlos' suggestions
---------------------------------
  - made MimeType attribute on Document/Base64Data optional
  - fixed <ds:SignedReference> to be minOccurs="1" maxOccurs="unbounded"
  - separated schema presentation of options/outputs
  - fixed a few typos
  - added some additional text, in several places

Not Done
----------------
  - Didn't change <ProcessingDetails>; discussions still ongoing
  - Didn't add a SignatureType URI for pkcs#7; Nick suggested only having a 
single URI for CMS/PKCS#7; unsure what to do here


Trevor