[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OASIS DSS "Request for Feedback" - Signing Templates
Folks, As a result of a discussion on the September 6th conference call, the OASIS DSS chairs would like your feedback and opinion on the potential use of "signing templates" as an option within DSS core. A brief description follows. Essentially signing templates are XML skeleton "signed documents" which are passed up to the Sign protocol as input. The template embodies all of the directives and format required of the resultant signature expressed as an XMLSig-compliant template. A signing template contains not only the data to be signed, but also the format and directives of the signature to be created, expressed as valid [XMLSig] elements. [XMLSig] elements such as <SignatureValue>, <DigestValue>, and <X509Certificate> are left empty on input, but are subsequently populated by the DSS service. The user simply leaves these selected element tags empty, and the DSS service would automatically include the generated content and return the signed document in the appropriate element of the <SignResponse>. The best way to illustrate a template is via an example. As one can see, things like transforms, signature placement, key name, certificate details, digest algorithms, and more can all be expressed in the template. Things like digest value, signature value, certificate body, etc ... Are filled in by the DSS service. It is just a convenient way of expressing signature requirements. The question to the team is "Should a generic non-specific notion of templating be incorporated in the DSS core ?" Feedback welcome and encouraged. <?xml version="1.0" encoding="UTF-8"?> <Document> <Data> <SubData1 MimeType="text/plain">This is some data to be signed.</SubData1> <SubData2 MimeType="text/plain">This is more data to be signed.</SubData2> </Data> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI=""> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue></dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue> </dsig:SignatureValue> <dsig:KeyInfo> <dsig:KeyName>C=CA, O=Acme, OU=For Test Use Only, CN=Joe Public, E=JoeP@yahoo.ca</dsig:KeyName> <dsig:X509Data> <dsig:X509Certificate></dsig:X509Certificate> <dsig:X509SubjectName></dsig:X509SubjectName> <dsig:X509IssuerSerial></dsig:X509IssuerSerial> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> </Document>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]