Asynchronous Processing Abstract Profile of the OASIS Digital Signature Services Version 1.0

Similar documents
Abstract Code-Signing Profile of the OASIS Digital Signature Services

J2ME Code-Signing Profile of the OASIS Digital Signature Services

Signature Gateway Profile of the OASIS Digital Signature Service

Proposed Visual Document Signatures Profile of OASIS DSS

Deployment Profile Template Version 1.0 for WS-Reliability 1.1

XDI Requirements and Use Cases

Implementation profile for using OASIS DSS in Central Signing services

Metadata for SAML 1.0 Web Browser Profiles

OASIS - Artifact naming guidelines

Level of Assurance Authentication Context Profiles for SAML 2.0

SAML V2.0 Profile for Mandator Credentials

SAML V2.0 Profile for Token Correlation

Digital Signature Service Core Protocols, Elements, and Bindings

Metadata for SAML 1.0 Web Browser Profiles

DSS Extension for Local Signature Computation Version 1.0

Test Assertions for the SCA Assembly Model Version 1.1 Specification

XACML Profile for Requests for Multiple Resources

OpenOffice Specification Sample

Test Assertions for the SCA Web Service Binding Version 1.1 Specification

TestCases for the SCA Assembly Model Version 1.1

OASIS Specification Document Template Usage

Service Component Architecture Client and Implementation Model for C++ Test Cases Version 1.1

SCA JMS Binding v1.1 TestCases Version 1.0

Using the AMQP Anonymous Terminus for Message Routing Version 1.0

KMIP Opaque Managed Object Store Profile Version 1.0

SAML V2.0 EAP GSS SSO Profile Version 1.0

KMIP Opaque Managed Object Store Profile Version 1.0

Electronic PostMark (EPM) Profile of the OASIS Digital Signature Service

SCA JMS Binding Specification v1.1 Test Assertions Version 1.0

DSS Extension for Local Signature Computation Version 1.0

SCA-J POJO Component Implementation v1.1 TestCases Version 1.0

This document is a preview generated by EVS

SOA-EERP Business Service Level Agreement Version 1.0

KMIP Storage Array with Self-Encrypting Drives Profile Version 1.0

Network Working Group Internet-Draft August 2005 Expires: February 2, Atom Link No Follow draft-snell-atompub-feed-nofollow-00.

TestCases for the SCA POJO Component Implementation Specification Version 1.1

XACML v3.0 XML Digital Signature Profile Version 1.0

KMIP Symmetric Key Lifecycle Profile Version 1.0

{Describe the status and stability of the specification here.}

Test Assertions for the SCA_J Common Annotations and APIs Version 1.1 Specification

SOA-EERP Business Service Level Agreement Version 1.0

Key Management Interoperability Protocol Crypto Profile Version 1.0

Updates: 2710 September 2003 Category: Standards Track. Source Address Selection for the Multicast Listener Discovery (MLD) Protocol

TestCases for the SCA Web Service Binding Specification Version 1.1

Network Working Group Internet-Draft August 2005 Expires: February 2, Atom Link No Follow draft-snell-atompub-feed-nofollow-03.

Test Assertions for the SCA Policy Framework 1.1 Specification

Expires: February 25, 2004 August 27, Using the NETCONF Configuration Protocol over Secure Shell (SSH) draft-wasserman-netconf-over-ssh-00.

Multi-Server Based Namespace Data Management of Resource Namespace Service

Network Working Group Internet-Draft January 25, 2006 Expires: July 29, Feed Rank draft-snell-atompub-feed-index-05.txt. Status of this Memo

Category: Standards Track September 2003

Kerberos SAML Profiles

Search Web Services - searchretrieve Operation: Abstract Protocol Definition Version 1.0

Category: Standards Track December 2003

Updates: 2535 November 2003 Category: Standards Track

Network Working Group. November Encoding Long Options in the Dynamic Host Configuration Protocol (DHCPv4)

Authentication, Authorization and Accounting Requirements for the Session Initiation Protocol

TestCases for the SCA Web Service Binding Specification Version 1.1

Network Working Group Request for Comments: Category: Best Current Practice January 2004

PPS (Production Planning and Scheduling) Part 3: Profile Specifications, Version 1.0

Hierarchical Resources: Non-XML Resource Use Case

Request for Comments: 2493 Category: Standards Track January 1999

Network Working Group. Category: Standards Track February SIEVE Filtering: Spamtest and VirusTest Extensions

Position Paper: Facets for Content Components

Network Working Group Request for Comments: 4913 Category: Experimental July 2007

SSTC Response to Security Analysis of the SAML Single Sign-on Browser/Artifact Profile

Request for Comments: 3934 Updates: 2418 October 2004 BCP: 94 Category: Best Current Practice

Network Working Group. Category: Standards Track <draft-aboba-radius-iana-03.txt> 30 March 2003 Updates: RFC IANA Considerations for RADIUS

OASIS - Artifact Naming Guidelines

Network Working Group Request for Comments: 3397 Category: Standards Track Apple Computer, Inc. November 2002

SAML v2.0 Protocol Extension for Requesting Attributes per Request Version 1.0

Network Working Group. Category: Standards Track September 2003

SAML v2.0 Protocol Extension for Requesting Attributes per Request Version 1.0

SAML v2.0 Protocol Extension for Requesting Attributes per Request Version 1.0

Network Working Group Internet-Draft October 27, 2007 Intended status: Experimental Expires: April 29, 2008

Request for Comments: 4633 Category: Experimental August 2006

OSLC Change Management Version 3.0. Part 2: Vocabulary

Open Command and Control (OpenC2) Language Specification. Version 0.0.2

Web Services Security X509 Certificate Token Profile

XML Security Derived Keys

Request for Comments: 2711 Category: Standards Track BBN October 1999

Hierarchical Resource profile of XACML

Steven Newhouse, Microsoft Mario Antonioletti, EPCC August 1, 2011

TAXII Version Part 5: Default Query

Proposal for SAML Attribute Changes

Internet-Draft Harvard U. Editor March Intellectual Property Rights in IETF Technology. <draft-ietf-ipr-technology-rights-02.

E. Lewis ARIN September 23, KEY RR Secure Entry Point Flag draft-ietf-dnsext-keyrr-key-signing-flag-09. Status of this Memo

Digital Signature Service Core Protocols and Elements

Network Working Group Request for Comments: 3634 Category: Standards Track Comcast Cable J. Bevilacqua N. Davoust YAS Corporation December 2003

OASIS - Artifact Naming Guidelines

Category: Standards Track September MIB Textual Conventions for Uniform Resource Identifiers (URIs)

saml requesting attributes v1.1 wd01 Working Draft January 2016 Standards Track Draft Copyright OASIS Open All Rights Reserved.

Category: Standards Track October 2006

Network Working Group Request for Comments: 4424 February 2006 Updates: 4348 Category: Standards Track

SAML 2.0 Protocol Extension for Requested Authentication Context

SWOP Specifications for Web Offset Publications Edition 10.0 Errata

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

TestCases for the SCA_J Common Annotations and APIs Version 1.1 Specification

SIP Forum Copyrights and Trademark Rights in Contributions Policy

Expires: October 9, 2005 April 7, 2005

Web Services Security: XCBF Token Profile

Transcription:

Asynchronous Processing Abstract Profile of the OASIS Digital Signature Services Version 1.0 OASIS Standard 11 April 2007 Specification URIs: This Version: http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-asynchronous_processing-spec-v1.0- os.html http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-asynchronous_processing-spec-v1.0- os.pdf http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-asynchronous_processing-spec-v1.0- os.doc Latest Version: http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-asynchronous_processing-spec-v1.0- os.html http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-asynchronous_processing-spec-v1.0- os.pdf http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-asynchronous_processing-spec-v1.0- os.doc Technical Committee: OASIS Digital Signature Services TC Chair(s): Nick Pope, Thales esecurity Juan Carlos Cruellas, Centre d'aplicacions avançades d Internet (UPC) Editor(s): Andreas Kuehne, individual Related work: This specification is related to: oasis-dss-core-spec-v1.0-os Abstract: This document defines protocol profiles and processing profiles for the purpose of creating and verifying German Signature Law signatures. Status: This document was last revised or approved by the membership of OASIS on the above date. The level of approval is also listed above. Check the current location noted above for possible later revisions of this document. This document is updated periodically on no particular schedule. Technical Committee members should send comments on this specification to the Technical Committee s email list. Others should send comments to the Technical Committee by using the Send A Comment button on the Technical Committee s web page at http://www.oasisopen.org/committees/dss/. Copyright OASIS Open 2007. All Rights Reserved. Page 1 of 16

For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasisopen.org/committees/dss/ipr.php. The non-normative errata page for this specification is located at http://www.oasisopen.org/committees/dss/. Copyright OASIS Open 2007. All Rights Reserved. Page 2 of 16

Notices OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director. OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director. Copyright OASIS 1993 2007. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. The names "OASIS" are trademarks of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance. Copyright OASIS Open 2007. All Rights Reserved. Page 3 of 16

Table of Contents 1 Introduction...5 1.1 Terminology...5 1.2 Normative References...5 1.3 Non-Normative References...5 1.4 Namespaces...5 1.5 Overview (Non-normative)...6 2 Profile Features...7 2.1 Identifier...7 2.2 Scope...7 2.3 Relationship To Other Profiles...7 2.4 Signature Object...7 2.5 Transport Binding...7 2.6 Security Binding...7 3 Polling Protocol...8 3.1 Element <PendingRequest>...8 3.1.1 Element <OptionalInputs>...8 3.2 Element <Response>...9 4 Profile of Signing Protocol...10 4.1 Element <SignRequest>...10 4.2 Element <SignResponse>...10 4.2.1 Element <ResultMajor>...10 4.2.2 Element <OptionalOutputs>...10 4.2.3 Element <SignatureObject>...11 5 Profile of Verifying Protocol...12 5.1 Element <VerifyRequest>...12 5.1.1 Element <OptionalInputs>...12 5.1.2 Element <SignatureObject>...12 5.1.3 Element <InputDocuments>...12 5.2 Element <VerifyResponse>...12 5.2.1 Element <ResultMajor>...12 5.2.2 Element <OptionalOutputs>...12 A. Acknowledgements...14 B. Example (Non-Normative)...15 Copyright OASIS Open 2007. All Rights Reserved. Page 4 of 16

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 1 Introduction This is an abstract profile. Further profiles will build on this one to provide a basis for implementation and interoperability. This draft profiles the OASIS DSS core protocol for asynchronous processing. Although most applications of the OASIS Digital Signature Service supply the results immediately there is a demand for deferred delivering of results. E.g. the German Signature Law explicitly requires the commitment of the certificate holder or at least a time slot for the certificate holder to deny the signing request [SigG]. Another use case for a asynchronous protocol may arise in a verification request if a minimum latency between creation and verification has to be respected. This profile is intended to be generic, so it may be combined with other profiles freely. A protocol for asynchronous processing is already defined in the XML Key Management Specification [XKMS]. This profile borrows ideas from the XKMS protocol for the OASIS Digital Signature Service. The following sections describe how to understand the rest of this document. 1.1 Terminology The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this specification are to be interpreted as described in IETF RFC 2119 [RFC 2119]. These keywords are capitalized when used to unambiguously specify requirements over protocol features and behavior that affect the interoperability and security of implementations. When these words are not capitalized, they are meant in their naturallanguage sense. This specification uses the following typographical conventions in text: <ns:element>, Attribute, Datatype, OtherCode. 1.2 Normative References [Core-XSD] S. Drees et al. DSS Schema. OASIS, February 2007 [DSSCore] S. Drees et al. Digital Signature Service Core Protocols and Elements. OASIS, February 2007 [RFC 2119] S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. http://www.ietf.org/rfc/rfc2119.txt, IETF RFC 2119, March 1997.. [XML-ns] T. Bray, D. Hollander, A. Layman. Namespaces in XML. http://www.w3.org/tr/1999/rec-xml-names-19990114, W3C Recommendation, January 1999. [XMLSig] D. Eastlake et al. XML-Signature Syntax and Processing. http://www.w3.org/tr/1999/rec-xml-names-19990114, W3C Recommendation, February 2002. [SigG] Framework for Electronic Signatures, Amendment of Further Regulations Act (Signaturgesetz SigG), 21 May 2001. http://www.regtp.de/imperia/md/content/tech_reg_t/digisign/119.pdf [XKMS2] Phillip Hallam-Baker XML Key Management Specification (XKMS 2.0) http://www.w3.org/tr/2004/cr-xkms2-20040405/, W3C Candidate Recommendation, 5 April 2004. 1.3 Non-Normative References 1.4 Namespaces The structures described in this specification are contained in the schema file [XYZ-XSD]. All schema listings in the current document are excerpts from the schema file. In the case of a disagreement between the schema file and this document, the schema file takes precedence. Copyright OASIS Open 2007. All Rights Reserved. Page 5 of 16

42 This schema is associated with the following XML namespace: 43 urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:1.0 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 If a future version of this specification is needed, it will use a different namespace. Conventional XML namespace prefixes are used in this document: The prefix async: stands for this profiles namespace [Core-XSD]. The prefix dss: (or no prefix) stands for the DSS core namespace [Core-XSD]. The prefix ds: stands for the W3C XML Signature namespace [XMLSig]. Applications MAY use different namespace prefixes, and MAY use whatever namespace defaulting/scoping conventions they desire, as long as they are compliant with the Namespaces in XML specification [XML-ns]. 1.5 Overview (Non-normative) This profile defines a simple mechanism for asynchronous signing and verification requests. This profile is similar to the asynchronous processing protocol defined in the XKMS spec [XKMS]. In the first call the client supplies its input values as defined in the core and the applied profiles. The server may reply synchronously with the appropriate result. On the other hand the server may reply with an empty result, giving the <ResultMajor> code Pending and a <async:responseid> element as an <OptionalOutput>. The server generates the value of the <async:responseid> on its own. The client may initiate a <PendingRequest> call from time to time with the <async:responseid> of the initial response included in the <async:responseid> element within the <dss:optionalinputs>. When the server finally succeeds with its processing the results will be delivered to the client with its next polling call. In this case the <ResultMajor> must not be Pending but the <ResultMajor> resulting from the request processing. A notification mechanism isn t defined yet, but may be subject to following versions of this profile. Copyright OASIS Open 2007. All Rights Reserved. Page 6 of 16

68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 2 Profile Features 2.1 Identifier urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing Add an <AdditionalProfile> element containing this URI to use this profile. 2.2 Scope This document profiles the DSS signing and verifying protocols defined in [DSSCore]. 2.3 Relationship To Other Profiles This profile is based directly on the [DSSCore]. This profile is an abstract profile which is not implementable directly. This profile is intended to be combined with other profiles freely. 2.4 Signature Object This profile does not specify or constrain the type of signature object. 2.5 Transport Binding This profile does not specify or constrain the transport binding. 2.6 Security Binding This profile does not specify or constrain the security binding. Copyright OASIS Open 2007. All Rights Reserved. Page 7 of 16

84 85 86 87 88 89 90 91 3 Polling Protocol The polling protocol extends the core protocol using the <PendingRequest> element for initiating a polling request. This is different from the initial request because the request specific data was already transmitted. 3.1 Element <PendingRequest> The <PendingRequest> element is sent by the client to request the result from a pending signature or verification initiated earlier. It contains the following attributes and elements inherited from <RequestBaseType> : 92 RequestID [Optional] 93 94 This attribute is used to correlate requests with responses. When present in a request, the server MUST return it in the response. 95 Profile [Optional] 96 97 98 99 100 101 This attribute indicates a particular DSS profile. It may be used to select a profile if a server supports multiple profiles, or as a sanity-check to make sure the server implements the profile the client expects. In this special case of a <PendingRequest> the required profile information is already defined within the initial call to the server. So Profile MUST be omitted in a <PendingRequest>. Consequently there MUST NOT be any <AdditionalProfile> optional input elements in a <PendingRequest>. 102 <OptionalInputs> [Optional] 103 Any additional inputs to the request. This element may be used e.g. for authentication data. 104 105 106 107 108 109 110 111 112 In addition to <RequestBaseType> the <PendingRequest> element defines the following <ResponseID> element: 3.1.1 Element <OptionalInputs> This profile defines the new input element of <async:responseid>. <async:responseid> To correlate subsequent <PendingRequest> calls to the initial request the <async:responseid> element is introduced by this profile. The client MUST take care of the value returned by the initial <SignRequest> in <async:responseid>. Copyright OASIS Open 2007. All Rights Reserved. Page 8 of 16

113 114 115 116 117 118 119 120 121 122 123 124 125 3.2 Element <Response> The <PendingRequest> may response with a generic <Response> in cases where the service is unable to specialise down to <SignResponse> or <VerificationResponse>. This will happen when the service doesn t recognise the given ResponseID. The <ResultMinor> is set to the special value of ResponseIdUnknown. Urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultminor:ResponseIdU nknown The <ResultMajor> code in this case is RequesterError. This result code shows up only in response to a <PendingRequest>. In the case of successful interpretation of the ResponseID attribute the service returns a <SignResponse> or <VerifyResponse> as intended by the initial request. Copyright OASIS Open 2007. All Rights Reserved. Page 9 of 16

126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 4 Profile of Signing Protocol 4.1 Element <SignRequest> No additional elements of <SignRequest> defined by this profile. 4.2 Element <SignResponse> 4.2.1 Element <ResultMajor> This profile defines the additional <ResultMajor> code, which may show up in response to a <SignRequest> or <PendingRequest>: urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:pending This result value means that the operation did not finish yet. Subsequent requests may return this result code again. After the server has finished the operation the call will return the signing result indicated by the urn:oasis:names:tc:dss:1.0:resultmajor:success value or an error code. In case an asynchronous service is unable to reply in a synchronous manner and a requests to this service is made without profiling the call as asynchronous ( using the given profile identifier within the Profile attribute or the <AdditionalProfiles> element ), the service returns a <ResultMajor> of RequesterError and a <ResultMinor> of: urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultminor:asynchronousonly 4.2.2 Element <OptionalOutputs> This profile defines the new optional output element of <async:responseid>. <async:responseid> To correlate subsequent <PendingRequest> calls to the initial request the <async:responseid> element is introduced by this profile. The service will generate a suitable value on its own behalf. So the client MUST take care of the value returned in <async:responseid> for subsequent <PendingRequest>. If the server returns the <ResultMajor> code urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:pending the contents of the <OptionalOutputs> element children other than <async:responseid> are undefined. If the server returns the <ResultMajor> code urn:oasis:names:tc:dss:1.0:resultmajor:success the <OptionalOutputs> MUST contain the results defined by the accompanying profiles as expected in synchronous operation. 161 Copyright OASIS Open 2007. All Rights Reserved. Page 10 of 16

162 163 164 165 166 167 168 169 170 4.2.3 Element <SignatureObject> If the server returns the <ResultMajor> code urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:pending the content of the <SignatureObject> element is undefined. If the server returns the <ResultMajor> code urn:oasis:names:tc:dss:1.0:resultmajor:success the <SignatureObject> MUST contain the results defined by the accompanying profiles as expected in synchronous operation. Copyright OASIS Open 2007. All Rights Reserved. Page 11 of 16

171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 5 Profile of Verifying Protocol 5.1 Element <VerifyRequest> 5.1.1 Element <OptionalInputs> This profile doesn t interfere with the element defined from [DSSCore]. 5.1.2 Element <SignatureObject> This profile doesn t interfere with the element defined from [DSSCore]. 5.1.3 Element <InputDocuments> This profile doesn t interfere with the element defined from [DSSCore]. 5.2 Element <VerifyResponse> 5.2.1 Element <ResultMajor> This profile defines the additional <ResultMajor> code, which may show up in response to a <SignRequest> or <PendingRequest>: urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:pending This result value means that the operation did not finish yet. Subsequent requests may return this result code again. After the server has finished the operation the call will return the verification result indicated by the urn:oasis:names:tc:dss:1.0:resultmajor:success value or an error code. In case an asynchronous service is unable to reply in a synchronous manner and a requests to this service is made without profiling the call as asynchronous ( using the given profile identifier within the Profile attribute or the <AdditionalProfiles> element ), the service returns a <ResultMajor> of RequesterError and a <ResultMinor> of: urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultminor:asynchronousonly 5.2.2 Element <OptionalOutputs> This profile defines the new optional output element of <async:responseid>. <async:responseid> To correlate subsequent <PendingRequest> calls to the initial request the <async:responseid> element is introduced by this profile. The service will generate a suitable value on its own behalf. So the client MUST take care of the value returned in <async:responseid> for subsequent <PendingRequest>. If the server returns the <ResultMajor> code urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:pending Copyright OASIS Open 2007. All Rights Reserved. Page 12 of 16

204 205 206 207 208 209 210 the contents of the <OptionalOutputs> element children other than <async:responseid> are undefined. If the server returns the <ResultMajor> code urn:oasis:names:tc:dss:1.0:resultmajor:success the <OptionalOutputs> MUST contain the results defined by the accompanying profiles as expected in synchronous operation. 211 Copyright OASIS Open 2007. All Rights Reserved. Page 13 of 16

212 213 214 215 216 217 218 219 A. Acknowledgements The following individuals have participated in the creation of this specification and are gratefully acknowledged: Participants: Trevor Perrin, individual Pieter Kasselman, Betrusted Tommy Lindbert, individual Copyright OASIS Open 2007. All Rights Reserved. Page 14 of 16

220 B. Example (Non-Normative) 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 Example of an initial signing request : <dss:signrequest Profile="urn:oasis:names:tc:dss:1.0:profile:dss_interop" RequestID="I0d2f1de663c75dc52f468e678af1bfd6" xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"> <dss:optionalinputs> <dss:signaturetype>...</dss:signaturetype> <dss:additionalprofile> urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing </dss:additionalprofile> </dss:optionalinputs> <dss:inputdocuments> <dss:document ID="..." RefType="..." RefURI="...">... </dss:document> </dss:inputdocuments> </dss:signrequest> 237 238 The request above may result in an response like this : 239 240 241 242 243 <dss:result> 244 <dss:resultmajor> 245 246 </dss:resultmajor> 247 </dss:result> 248 <dss:optionaloutputs> 249 250 </dss:optionaloutputs> 251 </dss:signresponse> 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 <dss:signresponse RequestID="I0d2f1de663c75dc52f468e678af1bfd6" Profile="urn:oasis:names:tc:dss:1.0:profile:dss_interop" xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:async="urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:1.0"> urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:resultmajor:pending <async:responseid>i517f0e98752098c7245f2892f59ef9fc</async:responseid> The server return a <dss :ResultMajor> value Pending with no Signature returned. So the client will send a PendingRequest using the value of <async:responseid> from this response. A PendingRequest may look like this : <async:pendingrequest RequestID="If82506cfa678bedf2cdc1549f5970641" xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" xmlns:async="urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:1.0"> <dss:optionalinputs> <dss:additionalprofile> urn:oasis:names:tc:dss:1.0:profiles:asynchronousprocessing:1.0 </dss:additionalprofile> <async:responseid>i517f0e98752098c7245f2892f59ef9fc</async:responseid> </dss:optionalinputs> </async:pendingrequest> The server may respond with a <dss:resultmajor> value Pending again. But finally server side processing will be finished and the server replies such a Response : <dss:signresponse RequestID="If82506cfa678bedf2cdc1549f5970641" Profile="urn:oasis:names:tc:dss:1.0:profile:dss_interop" xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"> <dss:result> <dss:resultmajor> urn:oasis:names:tc:dss:1.0:resultmajor:success </dss:resultmajor> </dss:result> <dss:signatureobject> <ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">... Copyright OASIS Open 2007. All Rights Reserved. Page 15 of 16

279 280 281 282 283 284 </ds:signature> </dss:signatureobject> </dss:signresponse> Copyright OASIS Open 2007. All Rights Reserved. Page 16 of 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback