[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Action [Konrad] enable DocumentWithSignature for VerifyResponse,put before 4.6.7
Dear all, a text draft proposal for the end of section 4.6.7 Konrad 4.6.7 Optional Input <ReturnUpdatedSignature> and Outputs <DocumentWithSignature>, <UpdatedSignature>. [...] <UpdatedSignature>/<SignatureObject> [Optional] The resulting updated signature or timestamp or, in the case of a signature being enveloped in an output document, a pointer to the signature. A DSS server SHOULD perform the following steps, upon receiving a <ReturnUpdatedSignature>. These steps may be changed or overridden by a profile or policy the server is operating under. (e.g For PDF documents enveloping cms signatures) 1. If the signature to be verified and updated appears within a <SignatureObject>'s <ds:Signature> (detached or enveloping) or <Base64Signature> then the <UpdatedSignature> optional ouput MUST contain the modified <SignatureObject> with the corresponding <ds:Signature> (detached or enveloping) or <Base64Signature> child containing the updated signature. 2. If the signature to be verified and updated is enveloped, and if the <VerifyRequest> contains a <SignatureObject> with a <SignaturePtr> pointing to an <InputDocument> (<Base64XML>, <InlineXML>, <EscapedXML>) enveloping the signature then the server MUST produce the following TWO optional outputs, first a <DocumentWithSignature> optional output containing the document that envelopes the updated signature, second an <UpdatedSignature> optional output containing a <SignatureObject> having a <SignaturePtr> element that MUST point to the former <DocumentWithSignature>. 3. If there is no <SignatureObject> at all in the request then the server MUST produce only a <DocumentWithSignature> optional output containing the document beeing updated signature. No <UpdatedSignature> element will be generated. ad 2.) and 3.) The <DocumentWithSignature> optional output (for the schema schema refer to section 3.5.8) contains the input document with the given signature inserted. It has one child element: <Document> [Required] This returns the given document with a signature inserted in some fashion. The resulting document with the updated enveloped signature is placed in the optional output <DocumentWithSignature>. The server places the signature in the document identified using the <SignatureObject>/<SignaturePtr>'s WhichDocument attribute. This <Document> MUST include a “same-document” RefURI attribute which references the data updated (e.g of the form RefURI=“”). In the case of a non-XML input document.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]