OASIS DSS - SignatureObject on Input

["Edward Shallow" <ed.shallow@rogers.com>]

Folks,

   Another feedback question I was tasked with on the September 6th
conference call (That's what happens when you miss a call, they punish you
when you get back ;).

   One of the questions in the Editorial Section of the EPM Profile relates
to the need for a minor change to the core. As such the chairs thought it
best I post this request for feedback to the list so people are aware.

   It relates to the need to include the <SignatureObject> element as a
valid element in Sign input, which today it is not. The need arises in the
EPM profile which wants to support the embedding of timestamps into existing
signatures, a common occurrence. Here is the text from the EPM Profile
explaining the <SignatureObject> optional input. This stemmed from the
consensus not to "bend" the Verify protocol when in fact no verify is being
requested. This will be common when the Validation Authority either does not
perform timestamping or these 2 services are separated.

The <SignatureObject> optional input is only used when users are requesting
a timestamp <SignatureType>, and additionally would like that timestamp
embedded into an existing signature they may have in their possession. When
creating timestamps, the EPM supports the embedding of the requested
timestamp into an "existing" signature structure. As such the user must be
able to pass in the signature to be timestamped on the request. For this
reason the EPM profile is leveraging the existing <SignatureObject> schema
type as an optional input to carry the user's signature to be timestamped.
The EPM will add a signature timestamp as defined in section 3.1.2.2 above.
Usage of the <SignatureObject> element is required because the signature
into which the timestamp will be added already exists and is not being
generated as part of this request.

   Can the <SignatureObject> be included into the core and the necessary
text and semantics added ?

Ed