[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] suggestion for 3.3.2 (Action 05-07-25-1)
Hi Trevor and all, for minor amendments please see inline. Trevor Perrin wrote: > > A small point, please see "Way Forward on Basic Processing in terms of EnvelopedSignatures, ds:Objects (EnvelopingSignatures), client-side splicing plus client-side transforms." > > Konrad Lanz wrote: > >> Dear all, >> >> The problem with the current text is that client side splicing could >> potentially lead to signatures not validating due to problems with >> normalization and lost/inherited namespaces plus that the name >> Enveloping signature does not reflect the fact that multiple such >> objects can be included in a signature. >> >> An EnvelopingSignature is a Signature having <ds:Objects> which are >> referenced by <ds:References> having a same-document Uri. >> >> Hence an <dss:Document> having a same-document Uri and an optional >> input pointing at it is to be inserted as an <ds:Object> >> included/spliced in the signature and returns the signature. >> >> The suggestion concerning EnvelopingSignature is to rename the >> optional Input <dss:EnvelopingSignature> to <dss:IncludeObject> and >> modify it as follows to replace current Section 3.3.1. >> <xs:element name="IncludeObject"> >> <xs:complexType> >> <xs:attribute name="WhichDocument" type="xs:IDREF"/> >> <xs:attribute name="hasObjectTagsAndAttributesSet" >> type="xs:boolean" default="false"/> >> <xs:attribute name="ObjId" type="xs:string" >> use="optional"/> > <xs:attribute name="createReference" type="xs:boolean" use="optional" default="true"/> >> </xs:complexType> >> </xs:element> >> >> And add the following normative text: >> >> The server splices the to-be-enveloped documents as <ds:Object>(s) >> into the returned <ds:Signature>. (This step might be omitted in a >> Profile) >> A client can use any server that implements basic processing to >> create an enveloping XML signature by using this optional input. >> To do this, the client > sets createReference to true and >> refers to this object using a same-document URI value for the RefURI >> attribute of the Document pointed at by WhichDocument. >> The given URI should dereference the relevant parts of the >> included Object to be included in the calculation for the >> corresponding reference. >> >> In the case of the Document pointed at by WhichDocument having >> Base64Data, <ds:Object>('s) MIME Type is to be set to the value of >> <dss:Base64Data>('s) MIME Type value and the Encoding is to be set to >> http://www.w3.org/TR/xmlschema-2/#base64Binary. >> best regards Konrad
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]