OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SignaturePtr problems ...

Dear colleagues,

sorry come up late with a statement contradicting my view from the call.
But looking at the code produced for WhichDocument attribute I realized
our view of the intention of tghis attribute is wrong:

ÂÂÂ public DocumentBaseType getWhichDocument() {

The attribute does not point directly to an arbitrary (XML) document
holding a signature but it refers to an instance of InputDocumentType.
So my assumption is wrong, _it is_ an in-document reference!

So the SignaturePtr is _not_Â capable of identifying a signature within
a SignatureObject/Base64Signature! This sounds reasonable if you think
of just one signature directly contained within the Base64Signature. But
e.g. XAdES this may not be true. This shortcoming also makes it unusable
for the intended replacement of a Peter's SignatureIdentifier.

An obvious solution would be to replace the Base64Signature (in
SignatureObject) by a 'SignatureAsDocument' of the type DocumentType.
This allows easy referencing, it would fix the relationship in cases
where the signature should be included directly in SignatureObject. It
also would allow to transport big (encapsulating) signatures as
attachments.

The original

ÂÂ <xs:complexType name="SignatureObjectType">
ÂÂÂÂÂ <xs:choice>
ÂÂÂÂÂÂÂÂ <xs:element name="Base64Signature" type="dsb:Base64DataType"/>
ÂÂÂÂÂÂÂÂ <xs:element name="SignaturePtr" type="dss2:SignaturePtrType"/>
ÂÂÂÂÂ </xs:choice>
ÂÂÂÂÂ <xs:attribute name="SchemaRefs" type="xs:IDREFS" use="optional"/>
ÂÂ </xs:complexType>

would morph to

ÂÂ <xs:complexType name="SignatureObjectType">
ÂÂÂÂÂ <xs:sequence>
ÂÂÂÂÂÂÂÂ <xs:element name="SignatureDocument" type="DocumentType"
minOccurs="0"/>
ÂÂÂÂÂÂÂÂ <xs:element name="SignaturePtr" type="SignaturePtrType"
minOccurs="0"/>
ÂÂÂÂÂ </xs:sequence>
ÂÂÂÂÂ <xs:attribute name="SchemaRefs" type="xs:IDREFS" use="optional"/>
ÂÂ </xs:complexType>

But, big drawback, would add another element even in the case of plain
vanilla 'one signature, one detached document' calls. Easy structures
for simple calls _and_ also supporting the complexity of XMLDSig isn't easy!


What's your view?

-- 
Andreas KÃhne 
phone: +49 177 293 24 97 
mailto: kuehne@trustable.de

Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612

Director Andreas KÃhne

Company UK Company No: 5218868 Registered in England and Wales

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]