Scenarios/FAQ

Joseph asked for this to be posted for consideration before the FTF.

This is a first draft of (some of) the questions that will end up in the new
scenarios/FAQ document.  In addition, rough notes on what the answers will
be are given.

Please feel free to comment on these answers.  Also, certainly there are
additional useful questions/answers.

Eventually, the answers will be given in detail along with example markup
conforming to the DSig spec.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company



1) I have some data in a non-XML format (could be any data such as a JPEG,
word processor, database or spreadsheet file).  How do I sign it?

A1: If the data is addressable by a URL, you could create a detached
signature.  The SignedInfo Reference would include a URI to the data.

A2: Alternately, if you have a copy of the data in some temporary file or
memory buffer, you can put the data in an enveloping signature.  The data
must be base-64 encoded before putting it an Object element in Signature
(because it is not XML).


2) I have a whole XML document.  How do I sign it?

A1: If the XML document is addressable by a URL, then you could create a
detached signature. The SignedInfo Reference would include a URI to the XML
document.

A2: If you have a copy of the XML document in some temporary file or memory
buffer, you can put the data in an enveloping signature.  It is likely that
you will have to base-64 encode the XML document since an entire XML
document cannot appear as element content.  Alternately, character sequences
forbidden from content by XML can be escaped using the XML escaping
mechanism.

A3: You could create an enveloped signature inside the XML document. The
SignedInfo Reference would refer to the document’s root element.  The
signature would have to use transforms to excluded itself from the message
digested in the Reference’s DigestValue.


3) I have an XML document containing an XML element E that I would like to
sign, where E is not the root element.  How do I add a signature to my
document that signs E (from the opening angle bracket of its start tag to
the closing angle bracket of its end tag, including all descendant
elements)?

Create a signature S which identifies element E by IDREF or by transform.
For the sake of simplicity, S can be placed as a sibling element of E, which
would make S a detached signature.

S could also be made an enveloping signature by placing E within S, or an
enveloped signature by placing S within E.


4) I have an XML document containing an XML element E that I would like to
sign multiple times, where E is not the root element.  How do I add a
signature to my document that signs E (from the opening angle bracket of its
start tag to the closing angle bracket of its end tag, including all
descendant elements)?

Create multiple detached signatures as sibling elements of E.  Each
signature’s SignedInfo Reference could identify E by IDREF or by transform.

Alternately, the signatures S1, S2, … could be enveloping signatures.  Each
successive signature would envelope E as well as the previously affixed
signatures.  For example, The first signature S1 envelopes E in an Object,
then has a SignedInfo Reference that indicates the Object.  The second
signature S2 wraps signature S1 in an Object, and uses a SignedInfo
Reference to indicate the Object containing S1 (and E).  etc.


5) I have an XML document.  How do I combine that document with a signature
such that, in the resulting document, the signature signs the original
document?

A1: Create an enveloping signature around the root element of the document.
A2: Create an enveloped signature.  The signature is placed inside the
document, and its SignedInfo Reference contains transforms that omit the
signature from the document.


6) I want to sign an element, but some of its meaning is derived from
attributes (e.g. xmlns) and tag names of its ancestor elements.  How do I
preserve relevant information in an element’s ancestors?

A1: For namespace attributes in particular, one could canonicalize.
A2: In general, the start and end tags of relevant ancestors need to be
included in the signed content, and unwanted descendants of those ancestors
must be omitted.  Xpath transforms are typically used to accomplish this
task.

NOTE: This is a representative question for document closure, and there is
no solution under the current specification, which does not REQUIRE that the
digest message be derived by the listed transforms.


7) How do I sign multiple resources with the same signature?

A: SignedInfo can have multiple references.


8) Suppose there are multiple elements in the same document.  How do I sign
the elements plus the order in which the elements appeared in the document?

A: Don’t uses multiple references.  Instead, use an Xpath transform, since
the expected result is that the elements included by the Xpath are given in
document order.

NOTE: This is a representative question for document closure, and there is
no solution under the current specification, which does not REQUIRE that the
digest message be derived by the listed transforms.

9) Suppose I have a document that must be multiply signed, but the second
signer is allowed to make certain changes before signing.  How do I allow
the second signer’s changes without breaking the first signer’s signature
and without undermining the security of the first signer’s signature?

A: Xpath transform.  The specific elements to be changed have their content
omitted by the transform.  The transform is signed.  Changing the transform
breaks the signature; changing anything not omitted by the transform breaks
the signature.

NOTE: This is a representative question for document closure, and there is
no solution under the current specification, which does not REQUIRE that the
digest message be derived by the listed transforms.


10) How do I sign everything related to what the user was looking at when
s/he signed?

This can be quite application-specific.  If an application’s document format
already maintains both the data and the information about how to render it,
then the signature need only be made to cover all of the relevant elements
in the given document.

If the application separates the data and rendering information into
separate files, such as XML markup for the data plus an XSL stylesheet, then
there are two solutions.

A1: Two SignedInfo References, one to data and one to the rendering
information.
A2: If the rendering information is specifically an XSL stylesheet, then the
XSLT transform could be used.


11) How do I give the application more control over when the signed
resources are validated?

A:  Use a Manifest or Package.


12) How do I create a signature over some content at a URL such that I can
change the URL without breaking the signature?

A: Use Reference in a Manifest to indicate the content by URI.  Reference in
Signature should indicate Manifest but should have transform that omits URI.
Thus, URI can be changed without breaking signature.

NOTE: Core validation does not validate digest values in Manifest, so the
application must validate the Manifest after calling upon core validation.


13) Suppose I have multiple documents from the same application, each
containing a detached signature S over an element E identified by IDREF.
The element E has the same identifier in each document.  How do I put all of
the signed elements into a single validating document (i.e. the ID of each E
must be changed to be unique)?

A: Use omission Xpath transform to drop the ID and IDREF pieces.  In order
to use a transform, the References to actual elements E must be in a
Manifest.  Again, this means that the resulting signatures are
application-specific.


14) How do I change an enveloping signature to a detached signature without
breaking the signature?

A: Manifest + transforms to omit URI, IDREF and certain specific transforms.


15) A digital signature must provide message authentication and signer
authentication.  The DigestValue and SignatureValue elements provide message
authentication.  How is signer authentication accomplished?

A: This is essentially about the use of PKI and certificates to associate a
public key with a person or entity in a secure manner.  Core validation gets
the key from KeyInfo.  Any association of that key to a certificate, and any
CA signature on that certificate must be checked by the application after
core validation, along with any other relevant checks on the certificate
like expiry, revocation, etc.

Received on Monday, 17 January 2000 19:44:23 UTC