Print

Print


Zhiwu Xie wrote:
> 1. A question about "keyInformation". 
> 
> XML signature defines a keyInfoType, which is an open architecture that
> allows the user to choose from some exisitng key schemas or define their
> own (there is a "any" element to choose from). This seems very suitable
> for our use. However the PREMIS data dictionary proposed another
> keyInformation element structure. With this structure it is difficult to
> record some well-established key structure such as x.509 or PGP. Is
> there any way that we can make use of the XML signature keyInfoType in
> PREMIS?

The keyInformation structure in PREMIS was supposed to be a more 
generalized version of the XML signatures schema. Remember, we first 
developed the Data Dictionary, and the Schema followed.  In an early 
proposal by Andrea Goethals, all the elements in all the various key 
structures were included.  When the group reviewed that, we didn't want 
to have so many elements, so we ended up defining 3: the type of key, 
the value of the key, and everything else.  It is in the 
keyVerificationInformation where most of the x.509 or PGP key structure 
would go.  They expectation was that users would map over elements from 
those structures as required.

Though this made some sense from a Data Dictionary point of view, it's 
less generalized from a schema point of view, where the keyInfoType in 
XML signatures really gives you maximum flexibility.  Do you think it 
would have been better if we'd just defined an unstructured keyInfo on 
which users could overlay in effect the established key structures?

> 2. An implementation question.
> 
> I read through the sections about the digital signature, esp p. 4-6 to
> 4-8. In page 2-54 the usage notes said several components were taken fom
> XML signature but did not specify which. This question is just to
> confirm that the following elements are taken directly from XML
> signature therefore the schema shall import XML signature types to
> validate them:
> 
> signatureMethod
> signatureValue
> signatureProperties

Yes.

p