[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: suggestion for 3.3.3 (Action 05-07-25-1)
Dear all, The problem with the current text is that client side splicing could potentially lead to signatures not validating due to problems with normalization plus that the optional input SignaturePlacement often implies to create an EnvelopedSignature. So my suggestion to replace the current 3.3.3 is to amend <ds:SignaturePlacement> as follows: <xs:element name="SignaturePlacement"> <xs:complexType> <xs:choice> <xs:element name="XPathAfter" type="xs:string"/> <xs:element name="XPathFirstChildOf" type="xs:string"/> </xs:choice> <xs:attribute name="WhichDocument" type="xs:IDREF"/> <xs:attribute name="createEnvelopedSignature" type="xs:boolean" default="true"/> </xs:complexType> </xs:element> The server splices the Signature into the Document and returns it as DocumentWithSignature: Further if createEnvelopedSignature == true do Basic Processing and override Step 4. to include an Enveloped Signature Transform as the first Transform. An EnvelopedSignature signature is a Signature enveloped in a document pointed at by the same-document URI="". Hence the <dss:Document> pointed at by Which Document must have no or the empty URI="" as a value for RefURI and must be parseable xml. best regards Konrad
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]