[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XML time-stamp processing text for time-stamp profile
Dear all, Please find attached a proposal for details on text to be included within the time-stamp profile dealing with the basic processing for XML time-stamp for both SignRequest and VerifyRequest. I have taken the document of the profile, emptied all the sections and add what I think there should be the two new sections in order to facilitate the editor their inclusion in the final document. Nevertheless, I also copy below the text for facilitating comments in emails. New section 3.3 (section 3 corresponds to profile of Signing Protocol. The text gives details on how the server should proceed for generating a XML time-stamp. ------- 3.3 Processing for XML time-stamps If the <dss:SignatureType> content is “oasis:names:tc:dss:1.0:core:schema:XMLTimeStampToken” or when this element is not present and the server decides to generate a XML time-stamp, it MUST follow the rules established in the core for generating digital signatures (section 3.3 of [DSSCore]) with the changes mentioned below. The server MUST perform the following steps between steps 2 and 3 of [DSSCore] section 3.3.1: 2.a Generate a dss:TSTInfo element as defined in [DSSCore] section 5.1.2 with the suitable contents, and envelope it within a new ds:Object. 2.b Generate a new ds:Reference element referencing (explicitly or implicitly) the aforementioned ds:Object enveloping the TSTInfo. Set its “Type” attribute to “urn:oasis:names:tc:dss:1.0:core:schema:XMLTimeStampToken”. 2.c Insert this ds:Reference element within the ds:SignedInfo and the ds:Object element within the resulting ds:Signature element as mandated by [XMLSig] ---------------- New section 4.3. Section 4 corresponds to Verifying Protocol. The text gives details on how the server should proceed for verifying a XML time-stamp. ------------------ 4.3 Processing for XML time-stamps When receiving a dss:VerifyRequest requesting a XML time-stamp token verification the server MUST proceed as follows: 1. Extract the dss:TimeStamp element from the dss:SignatureObject element. 2. Proceed as indicated in section 4.3.2.2 steps 2 to 6 (both included) of [DSSCore]. This ensures that the arrived signature is a XML time-stamp as defined in [DSSCore] section 5.1.2 and that it envelopes and signs the corresponding dss:TSTInfo element. 3. Proceed as indicated in section 4.3 steps 2 to 4 (both included) of [DSSCore] for each of the rest of ds:Reference elements within the ds:SignedInfo element. This will allow the server to retrieve the time-stamped documents from the corresponding ds:Reference elements, to extract them from the request, to validate their digests, to verify the signature value, and to generate the corresponding result value. ------------------ REMAINING ISSUE: Steps 2 to 4 in 4.3 contains details on how the server should proceed in case the ds:Signature (which is now a time-stamp) is an enveloped signature.... should we then clarify in the text of the time-stamp profile that this will not be possible ever for this kind of signatures? Regards Juan Carlos.
timestamping-TextForXMLTimestamp.doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]