Relative references in the current version of XAdES

MURATA Makoto eb2m-mrt at asahi-net.or.jp
Sun May 31 06:57:42 CEST 2015


Folks,

The current version of XAdES allows the use of URIs in several places.
Some of them are used as unique names, while others are references.

URIs as references may contain relative references with or without
fragment identifiers.  Such relative references lead to seemingly
orphan OPC pars.

There are two options:
A: We disallow relative references.
B: We allow relative references but also introduce
   relationship types only for avoding orphan parts.

Here is a list of URIs as references in the current version of
XAdES.

1) ReferenceInfo/@URI

This identifies the data object.

2) QualifyingProperties/@Target

The mandatory Target attribute MUST refer to the Id attribute of the
corresponding ds:Signature. Its value MUST be an URI with a bare-name
XPointer fragment. When this element is enveloped by the XAdES
signature, its not-fragment part MUST be empty. Otherwise, its
not-fragment part MAY NOT be empty.


3) DataObjectFormat/@ObjectReference

This attribute MUST reference the ds:Reference element of the
ds:Signature corresponding with the data object qualified by this
property.

4) SPURI

This references the signature policy.

5) DocumentationReference

This references a further explanatory documentation of the object
identifier.

6) QualifyingPropertiesReference/@URI

The mandatory URI attribute contains a bare-name XPointer fragment and
references an external QualifyingProperties element. Its not-fragment
part identifies the enclosing document and its bare-name XPointer
fragment identifies the aforementioned element.

7) Include/@URI

The URI attribute in Include element identifies one time-stamped data
object.

8) Cert/@URI

The optional URI attribute indicates where the referenced certificate can
be found.

9) CRLIdentifier/@URI

Its URI attribute could serve to indicate where the identified CRL is
archived.

10) CSPIdentifier/@URI

The optional URI attribute could serve to indicate where the OCSP
response identified is archived.

11) TimeStampValidationData/@URI

Optional URI attribute MAY be used for referencing the time-stamp
container of the time-stamp token whose validation data is contained
within this element.

Regards,
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20150531/c4edeafb/attachment.html>


More information about the sc34wg4 mailing list