OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: OASIS DSS "Request for Feedback" - Signing Templates

At 01:38 PM 9/10/2004 -0400, Edward Shallow wrote:
>Folks,

[...]
>     Essentially signing templates are XML skeleton "signed documents" which
>are passed up to the Sign protocol as input. The template embodies all of
>the directives and format required of the resultant signature expressed as
>an XMLSig-compliant template.


This would be an alternate way of doing many things the Signing protocol 
already does.  I'd rather not have that redundancy in core, so I'm opposed.

Trevor


>
>     A signing template contains not only the data to be signed, but also the
>format and directives of the signature to be created, expressed as valid
>[XMLSig] elements. [XMLSig] elements such as <SignatureValue>,
><DigestValue>, and <X509Certificate> are left empty on input, but are
>subsequently populated by the DSS service. The user simply leaves these
>selected element tags empty, and the DSS service would automatically include
>the generated content and return the signed document in the appropriate
>element of the <SignResponse>.
>
>     The best way to illustrate a template is via an example. As one can see,
>things like transforms, signature placement, key name, certificate details,
>digest algorithms, and more can all be expressed in the template. Things
>like digest value, signature value, certificate body, etc ... Are filled in
>by the DSS service.
>
>     It is just a convenient way of expressing signature requirements.
>
>     The question to the team is "Should a generic non-specific notion of
>templating be incorporated in the DSS core ?"
>
>     Feedback welcome and encouraged.
>
>
><?xml version="1.0" encoding="UTF-8"?>
><Document>
>         <Data>
>                 <SubData1 MimeType="text/plain">This is some data to be
>signed.</SubData1>
>                 <SubData2 MimeType="text/plain">This is more data to be
>signed.</SubData2>
>         </Data>
>         <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
>                 <dsig:SignedInfo>
>                         <dsig:CanonicalizationMethod
>Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>                         <dsig:SignatureMethod
>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                                 <dsig:Reference URI="">
>                                         <dsig:Transforms>
>                                                 <dsig:Transform
>Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>                                         </dsig:Transforms>
>                                         <dsig:DigestMethod
>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
><dsig:DigestValue></dsig:DigestValue>
>                                 </dsig:Reference>
>                 </dsig:SignedInfo>
>                 <dsig:SignatureValue>
>                 </dsig:SignatureValue>
>                 <dsig:KeyInfo>
>                         <dsig:KeyName>C=CA, O=Acme, OU=For Test Use Only,
>CN=Joe Public, E=JoeP@yahoo.ca</dsig:KeyName>
>                         <dsig:X509Data>
>
><dsig:X509Certificate></dsig:X509Certificate>
>
><dsig:X509SubjectName></dsig:X509SubjectName>
>
><dsig:X509IssuerSerial></dsig:X509IssuerSerial>
>                         </dsig:X509Data>
>                 </dsig:KeyInfo>
>         </dsig:Signature>
></Document>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]