[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for restructured basic processing.
Dear all,
here it is, our proposal for the new and shiny 3.3:
"""
3.3 Basic Processing for XML Signatures
A DSS server that produces XML signatures SHOULD perform the following
steps, upon receiving a <SignRequest>.
These steps may be changed or overridden by the optional inputs (for
example, see section 3.5.5), or by the profile or policy the server is
operating under.
The ordering of the <Document> elements inside the <InputDocuments> MAY
be ignored by the server.
1. For each <Document> in <InputDocuments> not referenced by
optional inputs the server MUST perform the following steps:
a. In the case of <Base64XML>, the server base64-decodes the
document [XML-NT-Document] contained in <Document> into an
octet stream.
i. Processing continues with step b for an external RefURI.
ii. For a same-document ReferenceURI [XMLSig-Same-Document]
the server tries to parse the octet stream to
NodeSetData [XMLSig-Node-Set-Data].
b. The server MAY apply additional XML signature transforms.
These transforms should be applied as per
[XMLSig-RefProcModel] .
i. Processing continues with step c for an octet stream.
ii. Following [XMLSig], if the end result of these
transforms is an XML node set, the server must convert
the node set back into an octet stream using Canonical
XML [XML-C14N].
c. The server forms a <ds:Reference> with the elements and
attributes set as follows:
i. If the <Document> has a RefURI attribute, the
<ds:Reference> element’s URI attribute is set to the
value of the RefURI attribute, else this attribute is
omitted.
A signature MUST NOT be created if more than one RefURI
is omitted in the set of input documents.
ii. If the <Document> has a RefType attribute, the
<ds:Reference> element’s Type attribute is set to the
value of the RefType attribute, else this attribute is
omitted.
iii. The <ds:DigestMethod> element is set to the hash method
that was used in step 1 (for a <Document>), or to the
input document’s <ds:DigestMethod> (for a
<DocumentHash>).
iv. The <ds:DigestValue> element is set to the hash value
that was calculated in step 1 (for a <Document>), or to
the input document’s <ds:DigestValue> (for a
<DocumentHash>).
v. The <ds:Transforms> element is set to the sequence of
transforms applied by the server in steps 1 and 2. This
sequence MUST describe the effective transform as a
unique procedure from parsing until hash.
2. References resulting from processing of optional inputs MUST be
included. In doing so, the server MAY reflect the ordering of the
<Document> elements.
3. The server creates an XML signature using the <ds:Reference>
elements created in Step 3, according to the processing rules in
[XMLSig].
"""
All the best,
Stefan.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]