EPUB3 Digital Signatures Use Case from Alex Milowski on 2013-03-06 (public-xml-processing-model-wg@w3.org from March 2013)

From: Alex Milowski <alex@milowski.com>
Date: Wed, 6 Mar 2013 12:46:18 -0800
To: XProc WG <public-xml-processing-model-wg@w3.org>
Message-ID: <CABp3FNLqye46dBs8r90OOLV5dKOVLAWbcEh7EU_pX6j3o9orjQ@mail.gmail.com>

EPUB3 defines "EPUB Open Container Format (OCF) 3.0" [1] that has a
concrete representation of a zip file.  Within that zip file, a single XML
document (META-INF/signatures.xml, see [2]) can contain digital signatures,
as defined by "XML Signature Syntax and Processing" [3], for any entry
within the container.

When packaging an EPUB3 book, one can imagine a pipeline that generates a
zip file containing a generated META-INF/signatures.xml which contains the
signatures for a number of packaged parts (e.g. other XML documents).

I believe the step used in Use Case 5.10 and the proposed zip steps can be
used to do this.  It would be a good test of the design of both the zip
steps and a proposed signature step that we can construct a pipeline that
produces valid OCF output with signatures contained within.

We may want to consider a note for digital signatures steps.

[1] http://idpf.org/epub/30/spec/epub30-ocf.html
[2]
http://idpf.org/epub/30/spec/epub30-ocf.html#sec-container-metainf-signatures.xml
[3] http://www.w3.org/TR/xmldsig-core/

-- 
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."

Bertrand Russell in a footnote of Principles of Mathematics

Received on Wednesday, 6 March 2013 20:46:49 UTC