W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: Unparsed Entities (signature filters)

From: John Boyer <jboyer@uwi.com>
Date: Thu, 8 Apr 1999 11:20:15 -0700
Message-ID: <003c01be81ec$7437c6f0$9ccbf4cc@kuratowski.uwi.bc.ca>
To: "Dsig group" <w3c-xml-sig-ws@w3.org>
Hi Richard,

Thanks for asking; info below.

>However, you raise one point that is quite interesting: should we provide
>the ability to identify authenticated resources in the Manifest either by
>means of a reference (XML Link and Hash) or by value (package sub-element)?
>This is a bit different from what I have proposed: packaging can be done
>outside the Manifest.
>Nonetheless, this does not really change my opinion regarding the fact that
>the Signature Standard shall not require the signature engine to "chase"
>given external entities. Somewhere I feel that our divergence may be due to
>different concept regarding the API that is used at the end.
>Are you contemplating something so that in final you sign an XML document
>that is input as a stream in the signature engine?
>  SignatureEngine engine =new SignatureEngine();
>  engine.setParameter(...);
>  engine.encode(inputStream, outputStream); // envelope approach (i.e.
>Or do you envision something where you explicitly indicate the elements (or
>resources) that should be authenticated?
>  Signature sig =new Signature();
>  sig.setParameter(...);
>  sig.addResource(element1);
>  sig.addResource(element2);
>  Element xsig =sig.encode();
>In the first case, the standard must specify global attributes to identify
>which elements must be authenticated. In the second case, this is the
>of the application layer to identify these elements. Which approach has
>adopted for XFDL?

In XFDL, we don't separate the data,  presentation, and presentation logic
layers.  With regard to signatures, this is similar to saying that a
stylesheet is 'somehow' brought into the XML document before we sign some
portion of the XML.

So, although we don't have the "chase down the resource" problem, it is
technically similar to other problems that we solved with a signature

The signature filter expresses--in the markup-- the subset of the document
that should be encoded.  Any element that matches certain patterns is either
kept or omitted.  So, our method is more like the second block of code.

>  Signature sig =new Signature();
>  sig.setParameter(...);
>  sig.addResource(element1);
>  sig.addResource(element2);
>  Element xsig =sig.encode();

When someone presses a signature button on an XFDL form, we would create a
signature object, and we would set up parameters, which incidentally may be
expressed in the form (such as what cryptographic service provider to use).
The sig.addResource() calls are essentially another way of expressing this
idea of signature filter, except that there are no imperative.  Instead, the
sig.encode(theForm) procedure knows how to read the signature filter in
theForm and do pattern matches to decide whether or not to include each
element in the message to be hashed.  The subset of the document selected is
still in valid XFDL (and hence valid XML), and this is what gets hashed.
The encrypted hash along with the signers certificate (PKCS7 blob) are then
base64'd and stuck into the signature element being created in the form.
Actually, the signature element is created before the hash, and copies of
the signature parameters and signature filter from the signature button are
added before the hash.  So, the only thing that gets added after hashing is
a subelement that  contains the base64'd pkcs7 blob, which the verification
obviously omits when recomputing the hash.

It seems that the signature filter idea could easily be extended to say that
a signature should 'obtain' a list of resources, which could then be put in
the signature element by the encoding routine before the hash is generated.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

>Richard D. Brown
>Software Architect - R&D
>GlobeSet, Inc. Austin TX - U.S.
Received on Thursday, 8 April 1999 14:15:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:44:59 UTC