[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: suggestion for 3.3.3 (Action 05-07-25-1)
Dear all,
The problem with the current text is that client side splicing could
potentially lead to signatures not validating due to problems with
normalization plus that the optional input SignaturePlacement often
implies to create an EnvelopedSignature.
So my suggestion to replace the current 3.3.3 is to amend
<ds:SignaturePlacement> as follows:
<xs:element name="SignaturePlacement">
<xs:complexType>
<xs:choice>
<xs:element name="XPathAfter" type="xs:string"/>
<xs:element name="XPathFirstChildOf" type="xs:string"/>
</xs:choice>
<xs:attribute name="WhichDocument" type="xs:IDREF"/>
<xs:attribute name="createEnvelopedSignature"
type="xs:boolean" default="true"/>
</xs:complexType>
</xs:element>
The server splices the Signature into the Document and returns it as
DocumentWithSignature:
Further if createEnvelopedSignature == true do Basic Processing and
override Step 4. to include an Enveloped Signature Transform as the
first Transform.
An EnvelopedSignature signature is a Signature enveloped in a document
pointed at by the same-document URI="".
Hence the <dss:Document> pointed at by Which Document must have no or
the empty URI="" as a value for RefURI and must be parseable xml.
best regards
Konrad
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]