Re: Multiple signatures on multiple files from Tom Gindin on 2002-07-26 (w3c-ietf-xmldsig@w3.org from July to September 2002)

From: Tom Gindin <tgindin@us.ibm.com>
Date: Fri, 26 Jul 2002 16:25:27 -0400
To: "David Wall" <dwall@Yozons.com>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <OFBA3F94E6.F8D2C700-ON85256C02.006FA16D@pok.ibm.com>

      I thought that you were supposed to do this by creating a Manifest
and then have each signer sign that, creating a Signature element for each
one.  Alternatively, you could construct a common SignedInfo and then have
each signer incorporate that in their Signature element.
SignatureProperties would make sense only if you were trying to have a
later signer include one or more of the earlier signatures in his signed
document, and we don't have a SignatureProperty name for that action in the
spec.  If they're independent signatures, you wouldn't want to use that
feature at all.

            Tom Gindin

"David Wall" <dwall@Yozons.com>@w3.org on 07/25/2002 07:49:49 PM

Please respond to "David Wall" <dwall@Yozons.com>

Sent by:    w3c-ietf-xmldsig-request@w3.org


To:    <w3c-ietf-xmldsig@w3.org>
cc:
Subject:    Multiple signatures on multiple files


I currently have an XML file that we create that includes several files
(such as Word, Excel, PDF...) that are stored inline with BASE64 encoding.
Each of these files can be electronically signed by multiple parties using
a standard digital signature (which hashes the content of a file with some
metadata like timestamps, IP addresses, etc.) generated for each party.

Clearly, I don't want to have to repeat the encoded file as an element in
each Object.SignatureProperties for since the file can have multiple
electronic signatures attached (each are independent of the other
signatures).

Should I do this by creating an Object element that contains just the
encoded file (one Object element per file), and then create multiple
Signature elements (one per each electronic signature) such that is has a
Reference pointing to the Object.SignatureProperties?  From the schema, it
doesn't seem that this is possible since the Object element is inside the
Signature element.  I see something about "detached signatures," but it's
just complex enough that I'm not sure how I should be attacking this.

Thanks,
David

Received on Friday, 26 July 2002 16:26:04 UTC