| JSON Enveloping Signature |
@@ -313,6 +325,19 @@ 37.2.3 JSON Detached Signature Option
for documents signed with a Detached Signature.
+ 37.2.3.4 JSON SubmissionSet Signature Option
+ The JSON SubmissionSet Signature Option is a variant on the JSON Detached Signature Option.
+ The Content Creator shall have the ability to create a Detached Signature document that includes
+ reference to all the documents included in the SubmissionSet, except for the Detached Signature
+ document itself; and a reference to the
+ SubmissionSet unique ID. This Detached Signature document is included in the SubmissionSet.
+ The JSON SubmissionSet Signature Option requires the use of a Document Sharing Profile.
+
+ Content Consumers that support the SubmissionSet Signature Option shall have the capability to
+ perform signature verification specified in
+ ITI TF-3: 5.5.5
+ for all the documents contained within the Detached Signature.
+
37.2.4 JSON Enveloping Signature Option
From 37658bcf0b067391cac8b814d4db109ffe41e090 Mon Sep 17 00:00:00 2001
From: ritikarawlani <38657562+ritikarawlani@users.noreply.github.com>
Date: Wed, 24 Jul 2024 15:09:30 +0530
Subject: [PATCH 2/5] updates
---
Volume1/ch-37.html | 5 ++---
Volume3/ch-5.10.html | 38 ++++++++++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 9 deletions(-)
diff --git a/Volume1/ch-37.html b/Volume1/ch-37.html
index bd4ba1d..8f93ff2 100644
--- a/Volume1/ch-37.html
+++ b/Volume1/ch-37.html
@@ -329,13 +329,12 @@ 37.2.3.4 JSON SubmissionSet Signature Option
The JSON SubmissionSet Signature Option is a variant on the JSON Detached Signature Option.
The Content Creator shall have the ability to create a Detached Signature document that includes
reference to all the documents included in the SubmissionSet, except for the Detached Signature
- document itself; and a reference to the
- SubmissionSet unique ID. This Detached Signature document is included in the SubmissionSet.
+ document itself; and a reference to the SubmissionSet unique ID. This Detached Signature document is included in the SubmissionSet.
The JSON SubmissionSet Signature Option requires the use of a Document Sharing Profile.
Content Consumers that support the SubmissionSet Signature Option shall have the capability to
perform signature verification specified in
- ITI TF-3: 5.5.5
+ ITI TF-3: 5.10.5
for all the documents contained within the Detached Signature.
37.2.4 JSON Enveloping Signature Option
diff --git a/Volume3/ch-5.10.html b/Volume3/ch-5.10.html
index 6f09eb1..f8f9552 100644
--- a/Volume3/ch-5.10.html
+++ b/Volume3/ch-5.10.html
@@ -176,10 +176,9 @@ 5.10.3.1 Protected Header
5.10.3.1.1 "sigD" Header Parameter
- sigD parameter SHALL be included as per 5.2.8.1 of the JAdES Specification
- - mID member SHALL be present and set to "http://uri.etsi.org/19182/ObjectIdByURI"
- -
- The pars member SHALL be an array of strings that contain references to each data object* being signed. This array is considered the manifest of the data objects being signed. Each string in this array shall be a URI. See Section 5.10.6.1.9 for more details.
-
+ - mID member SHALL be present and set to "http://uri.etsi.org/19182/ObjectIdByURIHash"
+ - The pars member SHALL be an array of strings that contain references to each data object* being signed. This array is considered the manifest of the data objects being signed. Each string in this array shall be a URI. See Section 5.10.6.1.9 for more details.
+ - The hashV, and the hashM members SHALL be present
- ctys member SHALL be present
* Note: Data Objects refer to the binary representations of documents or any other content on which the digital signature is captured and verified
@@ -190,8 +189,35 @@ 5.10.3.2 Unprotected Header
5.10.3.3 Payload
- The Detached Signature is accomplished by deleting the "payload" member of the JWS JSON Object
5.10.3.4 Signature
- - As per section 5.2.8.3.2 of JAdES, the JWS Payload SHALL contribute as a stream of octets to the computation of JWS Signature Value
- 5.10.4 JSON Enveloping Signature
+ - As per section 5.2.8.3.3 of JAdES, the JWS Payload SHALL contribute shall contribute as an empty stream to the computation of the JWS Signature Value.
+ 5.10.3.5 JSON SubmissionSet Signature
+ The SubmissionSet Signature is a variant of the Detached Signature used to digitally sign a complete SubmissionSet. The signature can later be validated to assure that the SubmissionSet is complete and the same as when it was created.
+
+ The SubmissionSet Signature shall be a Detached Signature that has references for:
+
+ - the SubmissionSet uniqueID using the data URI scheme
+ - the document uniqueID for each of the documents contained in the SubmissionSet not including the SubmissionSet Signature document
+
+
+ The SubmissionSet Signature creation is informatively described here with the Content Creator grouped with an XDS Document Source and is equally applicable with grouping the Content Creator with the other Document Sharing infrastructure. The document publication transaction is not specific to the SubmissionSet Signature process or content, and is included here only to show overall workflow.
+
+ Informative process for creating a SubmissionSet Signature:
+
+
+ - A set (n) of Documents of interest are gathered, or generated to be published
+ - A SubmissionSet is created for the Documents, for example in preparation for using the Provide and Register Document Set-b [ITI-41] transaction or equivalent
+ -
+ A Digital Signature document is created which includes reference of:
+
+ - The SubmissionSet.uniqueId is included in the manifest.
+ - All of the (n) documents to be included in the SubmissionSet, other than the signature document, are listed in the manifest.
+ - The signature document is processed according to Section 5.10.3, and thus signed.
+
+
+ - The signature document would be added to the SubmissionSet according to Section 5.10.6. The SubmissionSet may, but is not required, include all the “SIGNS” association defined in Section 5.10.6.4 with associations to all the other documents in the SubmissionSet. The “SIGNS” association is redundant in this case as the SubmissionSet already groups these documents.
+ - The SubmissionSet with the (n) documents and the Digital Signature document is submitted using the Provide and Register Document Set-b [ITI-41] transaction, or equivalent from the other Document Sharing infrastructures.
+
+ 5.10.4 JSON Enveloping Signature
5.10.4.1 Protected Header
5.10.4.1.1 "cty" (content type) Header Parameter
- SHALL be included as per syntax specified in IETF RFC 7515, clause 4.1.10.
From 33a9021bc6ccc8bf6acab451ea8a362f97aac8aa Mon Sep 17 00:00:00 2001
From: ritikarawlani <38657562+ritikarawlani@users.noreply.github.com>
Date: Mon, 29 Jul 2024 13:25:07 +0530
Subject: [PATCH 3/5] update with SSId
---
Volume3/ch-5.10.html | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/Volume3/ch-5.10.html b/Volume3/ch-5.10.html
index f8f9552..9447b83 100644
--- a/Volume3/ch-5.10.html
+++ b/Volume3/ch-5.10.html
@@ -195,10 +195,10 @@ 5.10.3.5 JSON SubmissionSet Signature
The SubmissionSet Signature shall be a Detached Signature that has references for:
- - the SubmissionSet uniqueID using the data URI scheme
- - the document uniqueID for each of the documents contained in the SubmissionSet not including the SubmissionSet Signature document
+ - the SubmissionSet uniqueId as per 5.10.3.5.1 "SSId" (SubmissionSet uniqueId) Header Parameter
+ - the document uniqueId for each of the documents contained in the SubmissionSet not including the SubmissionSet Signature document within the manifest as per above section
-
+
The SubmissionSet Signature creation is informatively described here with the Content Creator grouped with an XDS Document Source and is equally applicable with grouping the Content Creator with the other Document Sharing infrastructure. The document publication transaction is not specific to the SubmissionSet Signature process or content, and is included here only to show overall workflow.
Informative process for creating a SubmissionSet Signature:
@@ -209,7 +209,7 @@ 5.10.3.5 JSON SubmissionSet Signature
A Digital Signature document is created which includes reference of:
- - The SubmissionSet.uniqueId is included in the manifest.
+ - The SubmissionSet.uniqueId is included in the SSId header parameter.
- All of the (n) documents to be included in the SubmissionSet, other than the signature document, are listed in the manifest.
- The signature document is processed according to Section 5.10.3, and thus signed.
@@ -217,6 +217,18 @@ 5.10.3.5 JSON SubmissionSet Signature
The signature document would be added to the SubmissionSet according to Section 5.10.6. The SubmissionSet may, but is not required, include all the “SIGNS” association defined in Section 5.10.6.4 with associations to all the other documents in the SubmissionSet. The “SIGNS” association is redundant in this case as the SubmissionSet already groups these documents.
The SubmissionSet with the (n) documents and the Digital Signature document is submitted using the Provide and Register Document Set-b [ITI-41] transaction, or equivalent from the other Document Sharing infrastructures.
+ 5.10.3.5.1 "SSId" (SubmissionSet uniqueId) Header Parameter
+ Semantics
+ The SSId header parameter shall be a new signed header parameter that qualifier the signature.
+ The SSId header parameter's value shall specify the SubmissionSet uniqueId as per the 4.2.3.3.12 SubmissionSet.uniqueId
+
+ Syntax
+ The SSId header parameter shall be defined as in the JSON Schema file and is copied below for information:
+
+ "SSID" : {"type":"string","format":"oid"}.
+
+ Note: The crit header parameter shall include the "SSId" extension header parameter when the SubmissionSet Option is used.
+
5.10.4 JSON Enveloping Signature
5.10.4.1 Protected Header
5.10.4.1.1 "cty" (content type) Header Parameter
@@ -277,7 +289,7 @@ 5.10.6.1.8 XDSDocumentEntry.language
The language of the signature content SHALL be ‘art’ as in "artificial".
5.10.6.1.9 XDSDocumentEntry.uniqueId
- SHALL use a URI format to hold the document uniqueID. For documents that do not use a URI as the uniqueId, the Affinity Domain SHOULD determine an appropriate way to encode the DocumentEntry.uniqueId. See ebRIM Representation Section 4.2.3.2.26
+ SHALL use a URI format to hold the document uniqueId. For documents that do not use a URI as the uniqueId, the Affinity Domain SHOULD determine an appropriate way to encode the DocumentEntry.uniqueId. See ebRIM Representation Section 4.2.3.2.26
5.10.6.3 Document Sharing - Folder Metadata
This document content profile makes no changes to the structure of Folders.
5.10.6.4 Document Associations
From d89e4b8439806421c0d99393649c182e88c62829 Mon Sep 17 00:00:00 2001
From: ritikarawlani <38657562+ritikarawlani@users.noreply.github.com>
Date: Tue, 30 Jul 2024 16:56:16 +0530
Subject: [PATCH 4/5] updates
---
README.md | 3 ++-
Volume3/ch-5.10.html | 16 ++++++++--------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index 5238934..c666a42 100644
--- a/README.md
+++ b/README.md
@@ -53,7 +53,8 @@ This profile is motivated by customer requirements for Document Digital Signatur
1. [Notes about deviation from profile are not being stated in the DSGj profile.](https://github.com/IHE/ITI.DSGj/issues/13)
2. [The usage of DSGj with MHD(ITI-105) is not covered by the DSGj chapter.](https://github.com/IHE/ITI.DSGj/issues/14)
3. [DSGj does not contain guidance around homeCommunityID](https://github.com/IHE/ITI.DSGj/issues/15)
-4. [Will add examples after Public-Comment](https://github.com/IHE/ITI.DSGj/issues/19)
+4. [Will add examples after Public-Comment](https://github.com/IHE/ITI.DSGj/issues/19)
+5. [Provision of a JSON Schema file](https://github.com/IHE/ITI.DSGj/issues/31)
# Closed Issues
diff --git a/Volume3/ch-5.10.html b/Volume3/ch-5.10.html
index 9447b83..019dc31 100644
--- a/Volume3/ch-5.10.html
+++ b/Volume3/ch-5.10.html
@@ -195,7 +195,7 @@ 5.10.3.5 JSON SubmissionSet Signature
The SubmissionSet Signature shall be a Detached Signature that has references for:
@@ -209,7 +209,7 @@ 5.10.3.5 JSON SubmissionSet Signature
A Digital Signature document is created which includes reference of:
- - The SubmissionSet.uniqueId is included in the SSId header parameter.
+ - The SubmissionSet.uniqueId is included in the IheSSId header parameter.
- All of the (n) documents to be included in the SubmissionSet, other than the signature document, are listed in the manifest.
- The signature document is processed according to Section 5.10.3, and thus signed.
@@ -217,17 +217,17 @@ 5.10.3.5 JSON SubmissionSet Signature
The signature document would be added to the SubmissionSet according to Section 5.10.6. The SubmissionSet may, but is not required, include all the “SIGNS” association defined in Section 5.10.6.4 with associations to all the other documents in the SubmissionSet. The “SIGNS” association is redundant in this case as the SubmissionSet already groups these documents.
The SubmissionSet with the (n) documents and the Digital Signature document is submitted using the Provide and Register Document Set-b [ITI-41] transaction, or equivalent from the other Document Sharing infrastructures.
- 5.10.3.5.1 "SSId" (SubmissionSet uniqueId) Header Parameter
+ 5.10.3.5.1 "IheSSId" (SubmissionSet uniqueId) Header Parameter
Semantics
- The SSId header parameter shall be a new signed header parameter that qualifier the signature.
- The SSId header parameter's value shall specify the SubmissionSet uniqueId as per the 4.2.3.3.12 SubmissionSet.uniqueId
+ The IheSSId header parameter shall be a new signed header parameter that qualifies the signature.
+ The IheSSId header parameter's value shall specify the SubmissionSet uniqueId as per the 4.2.3.3.12 SubmissionSet.uniqueId
Syntax
- The SSId header parameter shall be defined as in the JSON Schema file and is copied below for information:
+ The IheSSId header parameter is defined below:
- "SSID" : {"type":"string","format":"oid"}.
+ "IHESSID" : {"type":"string","format":"oid"}.
- Note: The crit header parameter shall include the "SSId" extension header parameter when the SubmissionSet Option is used.
+ Note: The crit header parameter shall include the "IheSSId" extension header parameter when the SubmissionSet Option is used.
5.10.4 JSON Enveloping Signature
5.10.4.1 Protected Header
From bad12a0347742569c39bd81741369866c0a8e241 Mon Sep 17 00:00:00 2001
From: ritikarawlani <38657562+ritikarawlani@users.noreply.github.com>
Date: Tue, 30 Jul 2024 17:04:00 +0530
Subject: [PATCH 5/5] updated
---
Volume3/ch-5.10.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Volume3/ch-5.10.html b/Volume3/ch-5.10.html
index 019dc31..c4d1c1d 100644
--- a/Volume3/ch-5.10.html
+++ b/Volume3/ch-5.10.html
@@ -219,7 +219,7 @@ 5.10.3.5 JSON SubmissionSet Signature
5.10.3.5.1 "IheSSId" (SubmissionSet uniqueId) Header Parameter
Semantics
- The IheSSId header parameter shall be a new signed header parameter that qualifies the signature.
+ The IheSSId header parameter shall be a new signed (protected) header parameter that qualifies the signature.
The IheSSId header parameter's value shall specify the SubmissionSet uniqueId as per the 4.2.3.3.12 SubmissionSet.uniqueId
Syntax
|