[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for restructured basic processing.
Dear all, here it is, our proposal for the new and shiny 3.3: """ 3.3 Basic Processing for XML Signatures A DSS server that produces XML signatures SHOULD perform the following steps, upon receiving a <SignRequest>. These steps may be changed or overridden by the optional inputs (for example, see section 3.5.5), or by the profile or policy the server is operating under. The ordering of the <Document> elements inside the <InputDocuments> MAY be ignored by the server. 1. For each <Document> in <InputDocuments> not referenced by optional inputs the server MUST perform the following steps: a. In the case of <Base64XML>, the server base64-decodes the document [XML-NT-Document] contained in <Document> into an octet stream. i. Processing continues with step b for an external RefURI. ii. For a same-document ReferenceURI [XMLSig-Same-Document] the server tries to parse the octet stream to NodeSetData [XMLSig-Node-Set-Data]. b. The server MAY apply additional XML signature transforms. These transforms should be applied as per [XMLSig-RefProcModel] . i. Processing continues with step c for an octet stream. ii. Following [XMLSig], if the end result of these transforms is an XML node set, the server must convert the node set back into an octet stream using Canonical XML [XML-C14N]. c. The server forms a <ds:Reference> with the elements and attributes set as follows: i. If the <Document> has a RefURI attribute, the <ds:Reference> element’s URI attribute is set to the value of the RefURI attribute, else this attribute is omitted. A signature MUST NOT be created if more than one RefURI is omitted in the set of input documents. ii. If the <Document> has a RefType attribute, the <ds:Reference> element’s Type attribute is set to the value of the RefType attribute, else this attribute is omitted. iii. The <ds:DigestMethod> element is set to the hash method that was used in step 1 (for a <Document>), or to the input document’s <ds:DigestMethod> (for a <DocumentHash>). iv. The <ds:DigestValue> element is set to the hash value that was calculated in step 1 (for a <Document>), or to the input document’s <ds:DigestValue> (for a <DocumentHash>). v. The <ds:Transforms> element is set to the sequence of transforms applied by the server in steps 1 and 2. This sequence MUST describe the effective transform as a unique procedure from parsing until hash. 2. References resulting from processing of optional inputs MUST be included. In doing so, the server MAY reflect the ordering of the <Document> elements. 3. The server creates an XML signature using the <ds:Reference> elements created in Step 3, according to the processing rules in [XMLSig]. """ All the best, Stefan.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]