XML time-stamp processing text for time-stamp profile

[Juan Carlos Cruellas <cruellas@ac.upc.edu>]

Dear all,

Please find attached a proposal for details on text to be included 
within the time-stamp profile dealing with the basic processing for XML 
time-stamp for both SignRequest and VerifyRequest. I have taken the 
document of the profile, emptied all the sections and add what I think 
there should be the two new sections in order to facilitate the editor 
their inclusion in the final document. Nevertheless, I also copy below 
the text for facilitating comments in emails.

New section 3.3 (section 3 corresponds to profile of Signing Protocol. 
The text gives details on how the server should proceed for generating a 
XML time-stamp.
-------
3.3 Processing for XML time-stamps
If the <dss:SignatureType> content is 
“oasis:names:tc:dss:1.0:core:schema:XMLTimeStampToken” or when this 
element is not present and the server decides to generate a XML 
time-stamp, it MUST follow the rules established in the core for 
generating digital signatures (section 3.3 of [DSSCore]) with the 
changes mentioned below.
The server MUST perform the following steps between steps 2 and 3 of 
[DSSCore] section 3.3.1:
2.a Generate a dss:TSTInfo element as defined in [DSSCore] section 5.1.2 
with the suitable contents, and envelope it within a new ds:Object.
2.b Generate a new ds:Reference element referencing (explicitly or 
implicitly) the aforementioned ds:Object enveloping the TSTInfo. Set its 
“Type” attribute to 
“urn:oasis:names:tc:dss:1.0:core:schema:XMLTimeStampToken”.
2.c Insert this ds:Reference element within the ds:SignedInfo and the 
ds:Object element within the resulting ds:Signature element as mandated 
by [XMLSig]
----------------


New section 4.3. Section 4 corresponds to Verifying Protocol. The text 
gives details on how the server should proceed for verifying a XML 
time-stamp.


------------------
4.3 Processing for XML time-stamps
When receiving a dss:VerifyRequest requesting a XML time-stamp token 
verification the server MUST proceed as follows:
1.	Extract the dss:TimeStamp element from the dss:SignatureObject element.
2.	Proceed as indicated in section 4.3.2.2 steps 2 to 6 (both included) 
of [DSSCore]. This ensures that the arrived signature is a XML 
time-stamp as defined in [DSSCore] section 5.1.2 and that it envelopes 
and signs the corresponding dss:TSTInfo element.
3.	Proceed as indicated in section 4.3 steps 2 to 4 (both included) of 
[DSSCore] for each of the rest of ds:Reference elements within the 
ds:SignedInfo element. This will allow the server to retrieve the 
time-stamped documents from the corresponding ds:Reference elements, to 
extract them from the request, to validate their digests, to verify the 
signature value, and to generate the corresponding result value.

------------------

REMAINING ISSUE: Steps 2 to 4 in 4.3 contains details on how the server 
should proceed in case the ds:Signature (which is now a time-stamp) is 
an enveloped signature.... should we then clarify in the text of the 
time-stamp profile that this will not be possible ever for this kind of 
signatures?



Regards

Juan Carlos.

timestamping-TextForXMLTimestamp.doc