OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3417) Public Comment:Comment on ODF v1.2 CD 05 - Document Signatures

    [ http://tools.oasis-open.org/issues/browse/OFFICE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21444#action_21444 ] 

Dennis Hamilton commented on OFFICE-3417:

Here's the part that I thought might be worth remembering to say something about in our DSig material too, although not all of it:

Any or all files in the container can be signed in their entirety with the exception of the signatures.xml file because that file contains the computed signature information. Whether and how the signatures.xml file SHOULD be signed depends on the objective of the signer:

•  If the signer wants to allow signatures to be added or removed from the container without invalidating the signer's signature, the signatures.xml file SHOULD NOT be signed. 

•  If the signer wants any addition or removal of a signature to invalidate the signer's signature, the Enveloped Signature transform (defined in Section 6.6.4 of XML-Signature Syntax and Processing) can be used to sign the entire preexisting signature file excluding the <Signature> being created. This transform would sign all previous signatures, and it would become invalid if a subsequent signature was added to the package. 

•  If the signer wants the removal of an existing signature to invalidate the signer's signature but also wants to allow the addition of signatures, an XPath transform can be used to sign just the existing signatures. (This is only a suggestion. The particular XPath transform is not a part of UCF specification.) 

This provides for co-signing, assuming none of the existing signatures are set up to prevent it.

[My earlier observation about namespaces may simply be a defect in the example I looked at.  It appears that the ODF namespace for a root element that holds one or more XML DSigs is proposed to be used.  ]

> Public Comment: Comment on ODF v1.2 CD 05 - Document Signatures
> ---------------------------------------------------------------
>                 Key: OFFICE-3417
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3417
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging
>    Affects Versions: ODF 1.2 CD 05
>            Reporter: Robert Weir 
>             Fix For: ODF 1.2 CD 06
> Copied from office-comment list
> Original author: "Pope, Nick" <Nick.Pope@thales-esecurity.com> 
> Original date: 6 Sep 2010 19:48:26 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/201009/msg00001.html

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]