W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2008

ACTION-65: Document use case and semantics of byte-range signatures. (draft)

From: Chris Solc <csolc@adobe.com>
Date: Mon, 6 Oct 2008 19:23:40 -0700
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <686848D3189C0845A6E5FA781D6A0FFF0416FD619D@nambx03.corp.adobe.com>

Use Case:
A customer wishes to use an XML signature to sign a binary file where a section of the file is permitted to change.  An example would be an image file that contains meta-data that changes as it is edited by different applications.

Requirement:
The ability to sign a subset of a non XML resource.

Proposal:
Add a new ByteRange transform that produces as output, a subset of the input Octet stream.  The ByteRange transform contains a collection of byte ranges (defined by a starting byte offset and a length value) that describe the exact set of bytes from the input Octet stream to be used in the digest calculation of the signatures.  More than one byte range can be used do exclude a set of bytes in the middle of the input Octet Stream.

Example:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
     <SignedInfo>
      ...
       <Reference URI="./image.jpeg">
         <Transforms>
           <Transform Algorithm="http://www.w3.org/2009/xmldsig#ByteRange">
             <ByteRange>
               <Range offset="0" length="20"/> <!-- first 20 bytes of the image -->
               <Range offset="220" length="50"/>  <!-- bytes 220 to 270 -->
             </ByteRange>
           </Transform>
         </Transforms>
         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
         <DigestValue></DigestValue>
       </Reference>
     </SignedInfo>
     <SignatureValue></SignatureValue>
    </Signature>
Received on Tuesday, 7 October 2008 02:24:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:55 GMT