[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: OASIS DSS "Request for Feedback" - Signing Templates
At 01:38 PM 9/10/2004 -0400, Edward Shallow wrote: >Folks, [...] > Essentially signing templates are XML skeleton "signed documents" which >are passed up to the Sign protocol as input. The template embodies all of >the directives and format required of the resultant signature expressed as >an XMLSig-compliant template. This would be an alternate way of doing many things the Signing protocol already does. I'd rather not have that redundancy in core, so I'm opposed. Trevor > > A signing template contains not only the data to be signed, but also the >format and directives of the signature to be created, expressed as valid >[XMLSig] elements. [XMLSig] elements such as <SignatureValue>, ><DigestValue>, and <X509Certificate> are left empty on input, but are >subsequently populated by the DSS service. The user simply leaves these >selected element tags empty, and the DSS service would automatically include >the generated content and return the signed document in the appropriate >element of the <SignResponse>. > > The best way to illustrate a template is via an example. As one can see, >things like transforms, signature placement, key name, certificate details, >digest algorithms, and more can all be expressed in the template. Things >like digest value, signature value, certificate body, etc ... Are filled in >by the DSS service. > > It is just a convenient way of expressing signature requirements. > > The question to the team is "Should a generic non-specific notion of >templating be incorporated in the DSS core ?" > > Feedback welcome and encouraged. > > ><?xml version="1.0" encoding="UTF-8"?> ><Document> > <Data> > <SubData1 MimeType="text/plain">This is some data to be >signed.</SubData1> > <SubData2 MimeType="text/plain">This is more data to be >signed.</SubData2> > </Data> > <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> > <dsig:SignedInfo> > <dsig:CanonicalizationMethod >Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <dsig:SignatureMethod >Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <dsig:Reference URI=""> > <dsig:Transforms> > <dsig:Transform >Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > </dsig:Transforms> > <dsig:DigestMethod >Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > ><dsig:DigestValue></dsig:DigestValue> > </dsig:Reference> > </dsig:SignedInfo> > <dsig:SignatureValue> > </dsig:SignatureValue> > <dsig:KeyInfo> > <dsig:KeyName>C=CA, O=Acme, OU=For Test Use Only, >CN=Joe Public, E=JoeP@yahoo.ca</dsig:KeyName> > <dsig:X509Data> > ><dsig:X509Certificate></dsig:X509Certificate> > ><dsig:X509SubjectName></dsig:X509SubjectName> > ><dsig:X509IssuerSerial></dsig:X509IssuerSerial> > </dsig:X509Data> > </dsig:KeyInfo> > </dsig:Signature> ></Document>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]