13.3 The RetrievalMethod Element

Previous page
Table of content
Next page

The RetrievalMethod element appears as a child of KeyInfo. It conveys a reference to KeyInfo information that is stored at another location. For example, several signatures in a document might use a key supported by an X.509v3 certificate chain. With RetrievalMethod, that chain need appear only once in the document or remotely outside the document, and each signature's KeyInfo can then reference it. Use of RetrievalMethod is recommended for XMLDSIG implementations and, for same document retrievals only, required for XML Encryption implementations.

graphics/note.gif

The RetrievalMethod element is not an algorithm element, as are all other XML Security elements ending in "Method." That is, it does not have an Algorithm attribute.


RetrievalMethod uses the same syntax and retrieval behavior as the Reference element described in Chapter 10. It has a URI attribute and uses the Reference element processing model, with two exceptions:

  • There are no DigestMethod or DigestValue child elements.

  • Use of the URI attribute is mandatory.

The Type attribute to RetrievalMethod is an optional identifier for the type of data to be retrieved. Dereferencing a RetrievalMethod Reference for all KeyInfo types with a corresponding XML structure results in an XML element or document with that element as the root. The various "raw" key information types, such as rawX509Certificate (for which no XML structure exists), return a binary value and thus normally require a Type attribute. This result occurs because binary types are not unambiguously parseable. If the result of dereferencing and possibly transforming the specified URI is a node-set, it may need to be canonicalized.

The RetrievalMethod element DTD follows:

 <!-- RetrievalMethod DTD --> <!ELEMENT RetrievalMethod (Transforms?) > <!ATTLIST RetrievalMethod           URI    CDATA    #REQUIRED           Type   CDATA    #IMPLIED >

In schema notation, it has the following form:

 <!-- RetrievalMethod schema --> <element name="RetrievalMethod"          type="ds:RetrievalMethodType"/> <complexType name="RetrievalMethodType">     <sequence>         <element name="Transforms"                  type="ds:TransformsType"                  minOccurs="0"/>     </sequence>     <attribute name="URI" type="anyURI"/>     <attribute name="Type" type="anyURI" use="optional"/> </complexType>

Table 13-3. Additional RetrievalMethod Type URIs
Element Name URI
DSAKeyValue http://www.w3.org/2000/09/xmldsig#DSAKeyValue
RSAKeyValue http://www.w3.org/2000/09/xmldsig#RSAKeyValue
DHKeyValue http://www.w3.org/2001/04/xmlenc#DHKeyValue
http://www.w3.org/2000/09/xmldsig#rawX509Certificate
http://www.w3.org/2001/04/xmldsig-more#rawX509CRL
http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket
http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp
PKCS7signedData http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData
http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData

The URIs in Table 13-3 can appear as the Type attribute of a RetrievalMethod, in addition to all of the URIs provided in Table 13-1.

Previous page
Table of content
Next page
Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186
Authors: Donald E. Eastlake, Kitty Niles
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Inside Network Security Assessment: Guarding Your IT Infrastructure
The .NET Developers Guide to Directory Services Programming
Sap Bw: a Step By Step Guide for Bw 2.0
What is Lean Six Sigma
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy