This document describes the interoperability requirements over a features, operations, and requirements specified by the XML Signature Processing and Syntax specification as required by the charter and defined by IETF RFC2026:
4.1.2 Draft Standard A specification from which at least two independent and interoperable implementations from different code bases have been developed, and for which sufficient successful operational experience has been obtained, may be elevated to the "Draft Standard" level. For the purposes of this section, "interoperable" means to be functionally equivalent or interchangeable components of the system or process in which they are used.
Tests to satisfy this requirement should operate over the following (tenative) list of (mostly) MANDATORY operations (as based on the last call draft (20000228)) requirements and features:
Feature | Key Word | Implementation |
Operation: Reference elements
generation/validation |
MUST | |
Feature: Detached Signature | MUST | |
Feature: Enveloped Signature | MUST | |
|
MUST | |
Feature: Enveloping Signature | MUST | |
|
MUST | |
Operation: SignatureValue
generation/validation |
MUST | |
Requirement: Signing parts of a document | MUST | |
|
MUST SHOULD |
|
Feature: Minimal C14N | MUST | |
Feature: Canonical XML | SHOULD | |
Feature: KeyValue | MUST |
As well as the following external algorithms:
Algorithm Type | Algorithm | Key Word | Implementation |
Digest | SHA1 | REQUIRED | |
Encoding | Base64 | REQUIRED | |
Encoding | QuotedPrintable | RECOMMENDED | |
MAC | HMAC-SHA1 | REQUIRED | |
Signature | DSAwithSHA1 (DSS) |
REQUIRED | |
Signature | RSAwithSHA1 | RECOMMENDED |
There are three deliverables involved in getting this rolling:
a web/email interface that can run on top of an implemenation (e.g., Simon's example interface)
// Format the test case String strXmlSignatureTestCase = "<XmlSignatureTestCase>" + "<Sender>" + "<Name>Acme Signatures Inc.</Name>" + "<XmlSignatureAutoresponderUri>http://www.acmesigs.com/xmlsigautoresponder</ XmlSignatureAutoresponderUri>" + "</Sender>" + "<Description>Signature should verify</Description>" + "<Signature xmlns=\"http://www.w3.org/2000/02/xmldsig#\">" + " ." + "</Signature>" + "<XmlSignatureTestCase>"; // Send the test case to the other org's autoresponder URL urlAutoResponder = new URL("http://www.iotp.com/xmlsigautoresponder"); URLConnection urlconAutoResponder = u.openConnection(); urlconAutoResponder.getOutputStream().write(strXmlSignatureTestCase ); // Get the result from the other org's autoresponder String strTestResult = urlconAutoResponder.getInputStream().read(); // Process result process(strTestResult); The (pseudo) code on the server side might look like this . public class XmlSigInteroperabilityServlet extends HttpServlet { private static String strTitle = "XML Signature InteroperabilityTester"; private static XmlSigTester xst = null; public void init(ServletConfig sc) throws ServletException { super.init(sc); xst = new XmlSigTester(); if (!xst.doInit().equals("SUCCESS")) { throw new UnavailableException(this, "Could not initialize XmlSigTesterclass."); } } public void doPost (HttpServletRequest req, HttpServletResponse res, HttpSession httpsesn) throws ServletException, IOException, Exception { String strSignatureElement =req.getParameter("theXmlSignature").trim(); String strVerificationStatus = "INCOMPLETE"; try { strVerificationStatus = xst.verifySignature(strSignatureElement); } catch (Exception ex) { doPageError(req, res, ex, "The verification processing failed ."); } StringBuffer htmlOutput = new StringBuffer( "<HTML>" + "<HEAD>" + "<TITLE>" + strTitle + "</TITLE>" + "</HEAD>" + "<BODY>" + "<H1>" + strTitle + "</H1>" + "<H2>Verification parameters</H2>" + "<H3>Signature received from sender</H3>" + "<TEXTAREA name=\"theXmlSignature\" rows=\"20\" cols=\"120\">\n" + strSignatureElement + "</TEXTAREA><HR>"); htmlOutput.append( "<H2>Signature verification results</H2>" + "<P>" + "The verification indicates that the signature is "); htmlOutput.append("\"" + strVerificationStatus + "\""); htmlOutput.append( "</P>" + "\n</BODY>" + "</HTML>"); PrintWriter pw = res.getWriter(); pw.println(htmlOutput); pw.flush(); pw.close(); } }
Last revised by Reagle $Date: 2000/04/06 18:52:48 $
=======