Merge pull request #30 from IHE/json-submission-set-option

Json submission set option

README.md

@@ -53,7 +53,8 @@ This profile is motivated by customer requirements for Document Digital Signatur
 1. [Notes about deviation from profile are not being stated in the DSGj profile.](https://github.com/IHE/ITI.DSGj/issues/13)
 2. [The usage of DSGj with MHD(ITI-105) is not covered by the DSGj chapter.](https://github.com/IHE/ITI.DSGj/issues/14)
 3. [DSGj does not contain guidance around homeCommunityID](https://github.com/IHE/ITI.DSGj/issues/15)
-4. [Will add examples after Public-Comment](https://github.com/IHE/ITI.DSGj/issues/19) 
+4. [Will add examples after Public-Comment](https://github.com/IHE/ITI.DSGj/issues/19)
+5. [Provision of a JSON Schema file](https://github.com/IHE/ITI.DSGj/issues/31)
 
 # Closed Issues
 

Volume1/ch-37.html

@@ -173,7 +173,7 @@ <h2 id="37.2">37.2 DSG Actor Options</h2>
       </thead>
       <tbody>
         <tr>
-          <td rowspan="5">Content Creator (Note 1)</td>
+          <td rowspan="6">Content Creator (Note 1)</td>
           <td>Detached Signature</td>
           <td>
             <a href="../Volume1/ch-37.html#37.2.1">ITI TF-1: 37.2.1</a>
@@ -197,14 +197,20 @@ <h2 id="37.2">37.2 DSG Actor Options</h2>
            <ins> <a href="../Volume1/ch-37.html#37.2.3">ITI TF-1: 37.2.3</a></ins>
           </td>
         </tr>
+        <tr>
+          <td><ins>JSON Submission Set Signature</ins></td>
+          <td>
+            <ins><a href="../Volume1/ch-37.html#37.2.3.1">ITI TF-1: 37.2.3.1</a></ins>
+          </td>
+        </tr>
         <tr>
           <td><ins>JSON Enveloping Signature</ins></td>
           <td>
             <ins><a href="../Volume1/ch-37.html#37.2.4">ITI TF-1: 37.2.4</a></ins>
           </td>
         </tr>
         <tr>
-          <td rowspan="5">Content Consumer (Note 1)</td>
+          <td rowspan="6">Content Consumer (Note 1)</td>
           <td>Detached Signature</td>
           <td>
             <a href="../Volume1/ch-37.html#37.2.1">ITI TF-1: 37.2.1</a>
@@ -228,6 +234,12 @@ <h2 id="37.2">37.2 DSG Actor Options</h2>
             <ins><a href="../Volume1/ch-37.html#37.2.3">ITI TF-1: 37.2.3</a></ins>
           </td>
         </tr>
+        <tr>
+          <td><ins>JSON Submission Set Signature</ins></td>
+          <td>
+            <ins><a href="../Volume1/ch-37.html#37.2.3.1">ITI TF-1: 37.2.3.1</a></ins>
+          </td>
+        </tr>
         <tr>
           <td><ins>JSON Enveloping Signature</ins></td>
           <td>
@@ -313,6 +325,18 @@ <h3 id="37.2.3"><ins>37.2.3 JSON Detached Signature Option</ins></h3>
         for documents signed with a Detached Signature.
       </ins>
     </p>
+    <h4 id="37.2.3.4"><ins>37.2.3.4 JSON SubmissionSet Signature Option</ins></h4>
+    <p><ins>The JSON SubmissionSet Signature Option is a variant on the JSON Detached Signature Option.</ins></p>
+    <p><ins>The Content Creator shall have the ability to create a Detached Signature document that includes
+        reference to all the documents included in the SubmissionSet, except for the Detached Signature
+        document itself; and a reference to the SubmissionSet unique ID. This Detached Signature document is included in the SubmissionSet.</ins></p>
+    <p><ins>The JSON SubmissionSet Signature Option requires the use of a Document Sharing Profile.</ins></p>
+    <p><ins>
+      Content Consumers that support the SubmissionSet Signature Option shall have the capability to
+      perform signature verification specified in
+      <a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-5.10.html#5.10.5">ITI TF-3: 5.10.5</a>
+      for all the documents contained within the Detached Signature.</ins>
+    </p>
     <h3 id="37.2.4"><ins>37.2.4 JSON Enveloping Signature Option</ins></h3>
     <p>
       <ins>

Volume3/ch-5.10.html

@@ -176,10 +176,9 @@ <h4 id="5.10.3.1">5.10.3.1 Protected Header</h4>
         <h5 id="5.10.3.1.1">5.10.3.1.1 "sigD" Header Parameter</h5>
         <ul>
           <li>sigD parameter SHALL be included as per 5.2.8.1 of the JAdES Specification</li>
-            <li>mID member SHALL be present and set to "http://uri.etsi.org/19182/ObjectIdByURI"</li>            
-              <li class="bullet-list1">
-                The pars member SHALL be an array of strings that contain references to each data object* being signed. This array is considered the manifest of the data objects being signed. Each string in this array shall be a URI. See <a href="5.10.6.1.9">Section 5.10.6.1.9</a> for more details.
-             </li>
+            <li>mID member SHALL be present and set to "http://uri.etsi.org/19182/ObjectIdByURIHash"</li>            
+            <li>The pars member SHALL be an array of strings that contain references to each data object* being signed. This array is considered the manifest of the data objects being signed. Each string in this array shall be a URI. See <a href="5.10.6.1.9">Section 5.10.6.1.9</a> for more details.</li>
+            <li>The hashV, and the hashM members SHALL be present</li>
             <li>ctys member SHALL be present</li>
         </ul>
         <p class="note">* Note: Data Objects refer to the binary representations of documents or any other content on which the digital signature is captured and verified</p>
@@ -190,8 +189,47 @@ <h4 id="5.10.3.2">5.10.3.2 Unprotected Header</h4>
       <h4 id="5.10.3.3">5.10.3.3 Payload</h4>
         <ul><li>The Detached Signature is accomplished by deleting the "payload" member of the JWS JSON Object</li></ul>
       <h4 id="5.10.3.4">5.10.3.4 Signature</h4>
-        <ul><li>As per section 5.2.8.3.2 of JAdES, the JWS Payload SHALL contribute as a stream of octets to the computation of JWS Signature Value</a></li></ul>
-      <h3 id="5.10.4">5.10.4 JSON Enveloping Signature</h3> 
+        <ul><li>As per section 5.2.8.3.3 of JAdES, the JWS Payload SHALL contribute shall contribute as an empty stream to the computation of the JWS Signature Value.</a></li></ul>
+      <h4 id="5.10.3.5">5.10.3.5 JSON SubmissionSet Signature</h4>
+      <p>The SubmissionSet Signature is a variant of the Detached Signature used to digitally sign a complete SubmissionSet. The signature can later be validated to assure that the SubmissionSet is complete and the same as when it was created.
+
+        The SubmissionSet Signature shall be a Detached Signature that has references for:</p>
+        <ul>
+            <li>the SubmissionSet uniqueId as per <a href="5.10.3.5.1">5.10.3.5.1 "IheSSId" (SubmissionSet uniqueId) Header Parameter</a></li>
+            <li>the document uniqueId for each of the documents contained in the SubmissionSet not including the SubmissionSet Signature document within the manifest as per <a href="5.10.3.1.1">above section</a></li>
+        </ul>
+        <p>
+          The SubmissionSet Signature creation is informatively described here with the Content Creator grouped with an XDS Document Source and is equally applicable with grouping the Content Creator with the other Document Sharing infrastructure. The document publication transaction is not specific to the SubmissionSet Signature process or content, and is included here only to show overall workflow.
+
+          Informative process for creating a SubmissionSet Signature:
+       </p>
+      <ol>
+          <li>A set (n) of Documents of interest are gathered, or generated to be published</li>
+          <li>A SubmissionSet is created for the Documents, for example in preparation for using the Provide and Register Document Set-b [ITI-41] transaction or equivalent</li>
+          <li>
+              A Digital Signature document is created which includes reference of:</li>
+              <ol type="i">
+                <li>The SubmissionSet.uniqueId is included in the IheSSId header parameter.</li>
+                <li>All of the (n) documents to be included in the SubmissionSet, other than the signature document, are listed in the manifest.</li>
+                <li>The signature document is processed according to <a href="5.10.3">Section 5.10.3</a>, and thus signed.</li>
+              </ol>
+            </li>
+          <li>The signature document would be added to the SubmissionSet according to <a href="5.10.6">Section 5.10.6</a>. The SubmissionSet may, but is not required, include all the “SIGNS” association defined in <a href="5.10.6.4">Section 5.10.6.4</a> with associations to all the other documents in the SubmissionSet. The “SIGNS” association is redundant in this case as the SubmissionSet already groups these documents.</li>
+          <li>The SubmissionSet with the (n) documents and the Digital Signature document is submitted using the Provide and Register Document Set-b [ITI-41] transaction, or equivalent from the other Document Sharing infrastructures.</li>
+      </ol>
+        <h5 id="5.10.3.5.1">5.10.3.5.1 "IheSSId" (SubmissionSet uniqueId) Header Parameter</h4>
+          <p><b>Semantics</b></p>
+          <p>The IheSSId header parameter shall be a new signed (protected) header parameter that qualifies the signature.</br></br>
+            The IheSSId header parameter's value shall specify the SubmissionSet uniqueId as per the <a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-4.2.html#4.2.3.3.12">4.2.3.3.12 SubmissionSet.uniqueId</a>
+          </p>
+          <p><b>Syntax</b></p>
+          <p>The IheSSId header parameter is defined below:</br></br>
+
+            "IHESSID" : {"type":"string","format":"oid"}. </br></br>
+
+            <b>Note:</b> The <a href="5.10.2.1.3">crit</a> header parameter shall include the "IheSSId" extension header parameter when the SubmissionSet Option is used. 
+          </p>
+        <h3 id="5.10.4">5.10.4 JSON Enveloping Signature</h3> 
       <h4 id="5.10.4.1">5.10.4.1 Protected Header</h4>
         <h5 id="5.10.4.1.1">5.10.4.1.1 "cty" (content type) Header Parameter</h5>
         <ul><li>SHALL be included as per syntax specified in IETF RFC 7515, clause 4.1.10.</li></ul>
@@ -251,7 +289,7 @@ <h5 id="5.10.6.1.8">5.10.6.1.8 XDSDocumentEntry.language</h5>
       <p>The language of the signature content SHALL be ‘art’ as in "artificial".</p>
       <h5 id ="5.10.6.1.9">5.10.6.1.9 XDSDocumentEntry.uniqueId</h5>
       <p>
-        SHALL use a URI format to hold the document uniqueID. For documents that do not use a URI as the uniqueId, the Affinity Domain SHOULD determine an appropriate way to encode the DocumentEntry.uniqueId. See ebRIM Representation <a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-4.2.html#4.2.3.2.26">Section 4.2.3.2.26</a></p>
+        SHALL use a URI format to hold the document uniqueId. For documents that do not use a URI as the uniqueId, the Affinity Domain SHOULD determine an appropriate way to encode the DocumentEntry.uniqueId. See ebRIM Representation <a href="https://profiles.ihe.net/ITI/TF/Volume3/ch-4.2.html#4.2.3.2.26">Section 4.2.3.2.26</a></p>
       <h4 id="5.10.6.3">5.10.6.3 Document Sharing - Folder Metadata</h4>
       <p>This document content profile makes no changes to the structure of Folders.</p>
       <h4 id="5.10.6.4">5.10.6.4 Document Associations</h4>