Signed Manifests-Requirements

The following are requirements on the signed manifest:

• Manifest must sit outside the objects being signed

• Manifest must be capable of describing an acyclic graph representing an arbitrary number of arbitrary typed digital objects including:

  • Live objects

  • Dynamic objects

• Must be capable of specifying how the object is to be verified. Check the object's integrity by:

  • Reference (URL, pathname, and so on, not the contents of the object)

  • Value (only the contents of the object excluding the pathname)

  • Reference and value (check both the URL, pathname and the contents)

  • Must support one or more unordered signers

• Must support nested signing models. Objects being signed can themselves be signed objects, such as:

  • Signed manifests

  • Objects with embedded signatures

  • PKCS#7 signed messages

• Each signature must carry an unforgeable credential identifying the signer:

  • Digital certificate

  • Public key

  • Fingerprint

• Must be extensible in the type and format of accepted signer's credentials (certificate neutral):

  • X5.09 certificates

  • SDSI certificates

• Signer's credentials can be either:

  • Embedded

  • Referenced via URL

• Cryptographically neutral with respect to signing algorithms

• Performs complete integrity validation:

  • Verify the integrity of the object

  • Verify the integrity of the manifest

  • Runtime continuous verification for live objects

• Signature format must be based on standards

• Manifest format must be based on standards

• Support emerging standards:

  • New signature block formats

  • New certificate formats

  • use single pass verification of signature(s)

  • Verification must be capable of managing progressively rendered object referents