NonStop SOAP User's Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

251

252

253

254

255

256

257

258

259

260

NonStop SOAP with Digital Signatures

NonStop SOAP User’s Manual—520501-012

7-9

NonStop SOAP Header for Digital Signature

<ds:SignatureMethod>

Requirement Category: Mandatory

SignatureMethod is an element that provides specifications to generate a

signature and validate it. Various cryptographic functionalities (such as hashing,

public key algorithms, MACs, paddings, and similar functionalities) involved in the

manipulation of signatures are identified using the algorithm specified in this

element. Signature algorithms take two implicit parameters: keying material

determined from KeyInfo and octet stream output by

CanonicalizationMethod. The required identifier for SignatureMethod is:

http://www.w3.org/2000/09/xmldsig#rsa-sha1

The RSA algorithm strictly refers to the RSASSA-PKCS1-v1_5 algorithm described

in RFC2437. The RSA algorithm takes no explicit parameters. A request containing

any other algorithm that violates these specifications is considered invalid. The

SignatureValue content for an RSA signature is the base64 [MIME] encoding of

the octet string computed as per RFC2437.

<ds:Reference URI>

Requirement Category: Mandatory

Reference element identifies the section of the document that needs to be signed

and may occur one or more times. It specifies a digest algorithm, digest value, an

identifier (optional) of the object being signed, and a list of transforms to be applied

before digesting. The identifier must be of URI type. The URI attribute identifies a

data object using a URI-Reference, as specified by RFC2396. The identification

(URI) and transforms describe how the digested content (input to the digest

method) was created. The XML signature applications MUST be able to parse the

URI syntax. Valid URI attributes can identify inputs by using any of the following

methods:

Method 1:

URI=http://www.hp.com/DSIG.xml

Identifies the octets that represent the external resource

'http://www.hp.com/DSIG.xml', that is probably an XML document given

its file extension.

Method 2:

URI="http://www.hp.com/DSIG.xml#chapter1"

Identifies the element with ID attribute value 'chapter1' of the external XML

resource 'http://www.hp.com/DSIG.xml', provided as an octet stream.

For the sake of interoperability, the element identified as 'chapter1' must be

obtained using an XPath transform rather than a URI fragment.