OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OASIS DSS "Request for Feedback" - Signing Templates

Folks,

   As a result of a discussion on the September 6th conference call, the
OASIS DSS chairs would like your feedback and opinion on the potential use
of "signing templates" as an option within DSS core. A brief description
follows.

    Essentially signing templates are XML skeleton "signed documents" which
are passed up to the Sign protocol as input. The template embodies all of
the directives and format required of the resultant signature expressed as
an XMLSig-compliant template. 
    
    A signing template contains not only the data to be signed, but also the
format and directives of the signature to be created, expressed as valid
[XMLSig] elements. [XMLSig] elements such as <SignatureValue>,
<DigestValue>, and <X509Certificate> are left empty on input, but are
subsequently populated by the DSS service. The user simply leaves these
selected element tags empty, and the DSS service would automatically include
the generated content and return the signed document in the appropriate
element of the <SignResponse>.

    The best way to illustrate a template is via an example. As one can see,
things like transforms, signature placement, key name, certificate details,
digest algorithms, and more can all be expressed in the template. Things
like digest value, signature value, certificate body, etc ... Are filled in
by the DSS service.

    It is just a convenient way of expressing signature requirements.

    The question to the team is "Should a generic non-specific notion of
templating be incorporated in the DSS core ?"

    Feedback welcome and encouraged.
 

<?xml version="1.0" encoding="UTF-8"?>
<Document>
	<Data>
		<SubData1 MimeType="text/plain">This is some data to be
signed.</SubData1>
		<SubData2 MimeType="text/plain">This is more data to be
signed.</SubData2>
	</Data>
	<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
		<dsig:SignedInfo>
			<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
			<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
				<dsig:Reference URI="">
					<dsig:Transforms>
						<dsig:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
					</dsig:Transforms>
					<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
	
<dsig:DigestValue></dsig:DigestValue>
				</dsig:Reference>
		</dsig:SignedInfo>
		<dsig:SignatureValue>
		</dsig:SignatureValue>
		<dsig:KeyInfo>
			<dsig:KeyName>C=CA, O=Acme, OU=For Test Use Only,
CN=Joe Public, E=JoeP@yahoo.ca</dsig:KeyName>
			<dsig:X509Data>
	
<dsig:X509Certificate></dsig:X509Certificate>
	
<dsig:X509SubjectName></dsig:X509SubjectName>
	
<dsig:X509IssuerSerial></dsig:X509IssuerSerial>
			</dsig:X509Data>
		</dsig:KeyInfo>
	</dsig:Signature>
</Document>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]