OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Manifest validation

This sentence in 4.6.2:

"If an error occurs while verifying a <ds:Reference> within a manifest, it will be
treated no differently from an error that occurs while verifying a <ds:Reference>
within a <ds:SignedInfo>."

should be replaced with something like:

"The results of verifying individual <ds:Reference>'s within a <ds:Manifest> are returned in the
<dss:VerifyManifestResults> optional output."

The <ManifestResult> elements are already described below.

Also consider renaming
4.6.2 Optional Input <VerifyManifests>
to
4.6.2 Optional Input <VerifyManifests> and Output <VerifyManifestResults>

Regards,
Tommy

On 10/4/05, Konrad Lanz <Konrad.Lanz@iaik.tugraz.at> wrote:
Dear all,

These are the necessary changes to verify manifests and to give feedback
to a client application. Tommy can you please check I haven't forgot
anything.

If someone supplies the optional input <VerifyManifests> the optional
output <VerifyManifestResults> is
returned indicating the status of the verification. It also causes the
<ProcessingDetails> optional output to be returned giving
information about signature core validation.

Further the service will always respond in such a case with the
following ResultMinor.
The client (client application) will have to determine how to interpret
the result - either valid or invalid.

urn:oasis:names:tc:dss:1.0:resultminor:indetermined:checkOptionalOutputs

<xs:element name="VerifyManifestResults"
type="dss:VerifyManifestResultsType"/>
<xs:complexType name="VerifyManifestResultsType">
  <xs:sequence>
    <xs:element ref="dss:ManifestResult" maxOccurs="unbounded"/>
  </xs:sequence>
</xs:complexType>

<xs:element name="ManifestResult">
  <xs:complexType>
    <xs:element name="ReferenceXpath" type="xs:string"/>
    <xs:element name="Status" type="xs:anyURI"/>
  </xs:complexType>
</xs:element>

An XPath expression is used to identify the Manifesto's Reference for
which the validation status is reported.
The status (Status) contains a URI that indicates the validation outcome
- valid or invalid.

The ResultCodes for verification responses shall be changed to the
following:

urn:oasis:names:tc:dss:1.0:resultminor:valid:signature:onAllDocuments
urn:oasis:names:tc:dss:1.0:resultminor:valid:signature:onTransformedDocuments
urn:oasis:names:tc:dss:1.0:resultminor:valid:signature:notAllDocumentsReferenced
urn:oasis:names:tc:dss:1.0:resultminor:invalid:refencedDocumentNotPresent
urn:oasis:names:tc:dss:1.0:resultminor:invalid:indeterminateKey
urn:oasis:names:tc:dss:1.0:resultminor:invalid:untrustedKey
urn:oasis:names:tc:dss:1.0:resultminor:invalid:incorrectSignature
urn:oasis:names:tc:dss: 1.0:resultminor:inappropriate:signature
and eventually
urn:oasis:names:tc:dss:1.0:resultminor:indetermined:checkOptionalOutputs

best regards
Konrad



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]