rfc2802.txt

中、英文RFC文档大全打包下载完全版 .

   >

   Content Description

   Algorithm: A list of algorithms used for signing, digest computation,
   and canonicalization.

   Digest: A list of digests of resources to be authentication and
   signed.

   Attribute: Optional element that consists of a collection of
   complementary attributes to be authenticated.

   OriginatorInfo: Element that provides identification and keying
   material information related to the originator.

   RecipientInfo: Optional element that provides identification and
   keying material information related to the recipient.

   Attributes Description

   LocatorHrefBase: The LocatorHrefBase provides a similar construct to
   the HTML HREFBASE attribute and implicitly sets all relative URL
   references within the Manifest to be relative to the HrefBase. For
   example, the IOTP Manifest may contain:

   <Manifest LocatorHrefBase='iotp:<globally-unique-tid>'>

   And subsequent Locators may be:

   <Locator href='C.9'>

   An implementation should concatenate the two locator references with
   "#" to create the entire URL. See definition of the Locator attribute
   on the Digest element for more detail.







Davidson & Kawatsura         Informational                      [Page 8]

RFC 2802              Digital Signatures for IOTP             April 2000


4.3.3 Algorithm

   This specification uses an Algorithm data type which indicates many
   different types of algoirithms. The Algorithm element allows for
   specification of sub-algorithms as parameters of the primary
   algorithm. This is performed via a parameter within the algorithm
   that provides a reference to another Algorithm. An example of this is
   shown in the Parameter section.

   <!ELEMENT Algorithm (Parameter*) >
   <!ATTLIST Algorithm
           ID             ID                #REQUIRED
           type     (digest|signature)      #IMPLIED
           name           NMTOKEN           #REQUIRED >

   Content Description

   Parameter: The contents of an Algorithm element consists of an
   optional collection of Parameter elements which are specified on a
   per algorithm basis.

   Attributes Description

   ID: The ID of the algorithm is used by the Digest and RecipientInfo
   to refer to the signing or digest algorithm used.

   type: The type of algorithm, either a digest or signature. This is
   implied by the element to which the algorithm is referred. That is,
   if the DigestAlgorithmRef refers to an algorithm, it is implicit by
   reference that the targeted algorithm is a digest.

   name:  The type of the algorithm expressed as a Uniform Resource
   Name.

4.3.4 Digest

   The Digest element consists of the fingerprint of a given resource.
   This element is constructed of two sub-elements. This first one
   indicates the algorithm to be used for computation of the
   fingerprint. The second element consists of the fingerprint value.

   <!ELEMENT Digest (Locator, Value) >
   <!ATTLIST Digest
           DigestAlgorithmRef       IDREF    #REQUIRED
   >






Davidson & Kawatsura         Informational                      [Page 9]

RFC 2802              Digital Signatures for IOTP             April 2000


   Content Description

   Locator: Contains a "HREF" or URL Locator for the resources to be
   fingerprinted. For use within IOTP a "scheme" with the value "iotp"
   may be used with the following structure:

     'iotp:<globally-unique-tid>#<id-value>'.

   This should be interpreted as referring to an element with an ID
   attribute that matches <id-value> in any IOTP Message that has a
   TransRefBlk Block with an IotpTransId that matches <globally-unique-
   tid>.

   If the LocatorHrefBase attribute is set on the Manifest element of
   which this Digest element is a child, then concatenate the value of
   the LocatorHrefBase attribute with the value of the Locator attribute
   before identifying the element that is being referred to.

   If the LocatorHrefBase attribute is omitted, <globally-unique-tid>
   should be interpreted as the current IotpTransId, which is included
   in the IOTP message which contains the Manifest component.

   Value: Encoding of the fingerprint value.

   Attributes Description

   DigestAlgorithmRef: ID Reference of algorithm used for computation of
   the digest.

4.3.5 Attribute

   The Attribute element consists of a complementary piece of
   information, which shall be included in the authenticated part of the
   document. This element has been defined primarily for enabling some
   level of customization in the signature element. This is the area
   where a specific IOTP implementation may include custom attributes
   which must be authenticated directly. An Attribute element consists
   of a value, a type, and a criticality.

   At this time, no IOTP specific attributes are specified.

   <!ELEMENT Attribute ANY >
   <!ATTLIST Attribute
           type               NMTOKEN           #REQUIRED
           critical        ( true | false )     #REQUIRED
   >





Davidson & Kawatsura         Informational                     [Page 10]

RFC 2802              Digital Signatures for IOTP             April 2000


   Content Description

   ANY: The actual value of an attribute depends solely upon its type.

   Attributes Description

   type:  Type of the attribute.

   critical: Boolean value that indicates if the attribute is critical
   (true) or not (false). A recipient shall reject a signature that
   contains a critical attribute that he does not recognize. However, an
   unrecognized non-critical attribute may be ignored.

4.3.6 OriginatorInfo

   The OriginatorInfo element is used for providing identification and
   keying material information for the originator.

   <!ELEMENT OriginatorInfo ANY >
   <!ATTLIST OriginatorInfo
           OriginatorRef       NMTOKEN      #IMPLIED
   >

   Content Description

   ANY:  Identification and keying material information may consist of
   ANY construct.  Such a definition allows the adoption of
   application-specific schemes.

   Attributes Description

   OriginatorRef: A reference to the IOTP Org ID of the originating
   signer.

4.3.7 RecipientInfo

   The RecipientInfo element is used for providing identification and
   keying material information for the recipient. This element is used
   either for enabling recognition of a Signature element by a given
   recipient or when determination of the authentication key consists of
   the combination of keying material provided by both the recipient and
   the originator.

   The RecipientInfo attributes provide a centralized location where
   signatures, algorithms, and certificates intended for a particular
   recipient are specified.





Davidson & Kawatsura         Informational                     [Page 11]

RFC 2802              Digital Signatures for IOTP             April 2000


   The signature certificate reference ID MUST point to a certificate
   object.

   <!ELEMENT RecipientInfo ANY >
   <!ATTLIST RecipientInfo
           SignatureAlgorithmRef   IDREF        #REQUIRED
           SignatureValueRef       IDREF        #IMPLIED
           SignatureCertRef        IDREF        #IMPLIED
           RecipientRefs           NMTOKENS     #IMPLIED
   >

   Content Description

   ANY:  Identification and keying material information may consist of
   ANY construct.

   Attributes Description

   SignatureAlgorithmRef: A reference to the signature algorithm used to
   sign the SignatureValueRef intended for this recipient. The signature
   algorithm reference ID MUST point to a signature algorithm within the
   Manifest.

   SignatureValueRef: A reference to the signature value for this
   recipient. The signature value reference ID MUST point to a value
   structure directly included within a Manifest. This reference can be
   omitted if the application can specify the digest value.

   SignatureCertRef: A reference to the certificate used to sign the
   Value pointed to by the SignatureValueRef. This reference can be
   omitted if the application can identify the certificate.

   RecipientRefs: A list of references to the IOTP Org ID of the
   recipients this signature is intended for.

4.3.8 KeyIdentifier

   The key identifier element can identify the shared public/symmetric
   key identification between parties that benefit from a prior
   relationship. This element can be included in the ReceipientInfo
   Element.

   <!ELEMENT KeyIdentifier EMPTY>
   <!ATTLIST KeyIdentifier
     value             CDATA        #REQUIRED
   >





Davidson & Kawatsura         Informational                     [Page 12]

RFC 2802              Digital Signatures for IOTP             April 2000


4.3.9 Parameter

   A Parameter element provides the value of a particular algorithm
   parameter, whose name and format have been specified for the
   algorithm considered.

   <!ELEMENT Parameter ANY >
   <!ATTLIST Parameter
           type       CDATA       #REQUIRED
   >

   For IOTP 1.0, the following parameter type is standardized:
   "AlgorithmRef".

   An AlgorithmRef contains an ID of a "sub-Algorithm" used when
   computing a sequence of algorithms. For example, a signature
   algorithm actually signs a digest algorithm. To specify a chain of
   algorithms used to compute a signature, AlgorithmRef parameter types
   are used in the following manner:

<Algorithm ID='A1' type='digest' name='urn:ibm-com:dom-hash'>
        <Parameter type='AlgorithmRef'>A2</Parameter>
</Algorithm>
<Algorithm ID='A2' type='digest' name='urn:nist-gov:sha1'>
</Algorithm>
<Algorithm ID='A3' type='signature' name='urn:rsasdi-com:rsa-encryption'>
        <Parameter type='AlgorithmRef'>A1</Parameter>
</Algorithm>

   Content Description

   ANY:  The contents of a Parameter element consists of ANY valid
   construct, which is specified on a per algorithm per parameter basis.

   Attributes Description

   type:  The type of the parameter expressed as a free form string,
   whose value is specified on a per algorithm basis.

4.4 Certificate Component

4.4.1 Certificate

   The Certificate element may be used for either providing the value of
   a digital certificate or specifying a location from where it may be
   retrieved.





Davidson & Kawatsura         Informational                     [Page 13]

RFC 2802              Digital Signatures for IOTP             April 2000


   <!ELEMENT Certificate
   (       IssuerAndSerialNumber,
           ( Value | Locator ) )
   >
   <!ATTLIST Certificate
           ID           ID           #IMPLIED
           type         NMTOKEN      #REQUIRED >

   Content Description

   IssuerAndSerialNumber:  Unique identifier of this certificate. This
   element has been made mandatory is order to prevent unnecessary
   decoding during validation of a certificate chain. This feature also
   helps certificates caching, especially when the value is not directly
   provided.

   Value: Encoding of the certificate value. The actual value to be
   encoded depends upon the type of the certificate.

   Locator: XML link element that could be used for retrieving a copy of
   the digital certificate. The actual value being returned by means of
   this locator depends upon the security protocol being used.

   Attributes Description

   ID: Element identifier that may be used to reference the Certificate
   element from a RecipientInfo element.

   type: Type of the digital certificate. This attribute is specified as
   a Universal Resource Name. Support for the X.509 version 3
   certificate [X.509] is mandatory in this specification if the
   Certificate element is used.  The URN for such certificates is
   "urn:X500:X509v3".

4.4.2 IssuerAndSerialNumber

   The IssuerAndSerialNumber element identifies a certificate, and
   thereby an entity and a public key, by the name of the certificate
   issuer and an issuer-specific certificate identification.

   <!ELEMENT IssuerAndSerialNumber EMPTY >
   <!ATTLIST IssuerAndSerialNumber
           issuer        CDATA         #REQUIRED
           number        CDATA         #REQUIRED >







Davidson & Kawatsura         Informational                     [Page 14]

RFC 2802              Digital Signatures for IOTP             April 2000


   Attributes Description

   issuer: Name of the issuing certification authority.  See [RFC 2253]
   for RECOMMENDED syntax.

   number: Issuer-specific certificate identification.

4.5 Common Components

4.5.1 Value

   A value contains the "raw" data of a signature or digest algorithm,
   usually in a base-64 encoded form. See [RFC 2045] for algorithm used
   to base-64 encode data.

   <!ELEMENT Value ( #PCDATA ) >
   <!ATTLIST Value
           ID                 ID            #IMPLIED
           encoding      (base64|none)     'base64'
   >

   Content Description

   PCDATA:  Content value after adequate encoding.