How to - Tamino XML Security Extensions 4.1.1

Hi,
I would like to know how can i use the “Tamino XML Security Extensions 4.1.1”?
Do you have some schema/data example?
What kind of XML Signature I have to use: Enveloped, Enveloping or Detached?

Thanks,
Guillermo

Hi Guillermo,

the DigitalSignatureExtension supports all three kinds of digital Signature (Enveloped, Enveloping and Detached) and we tested mixtures like e.g. a detached-enveloping-signature or documents with more as one XML Signture as well. For using the DigitalSignatureExtension follow the four install steps described in the documentation which is part of the InstallKit. Keep in mind that for running the XML Security Extensions a JCE is necessary, which is not part of our download. A JCE is part of the JDK 1.4.x or can be downloaded from SUN or www.bouncycastle.org and installed as described in the documentation or Readme file. After you have installed the Security Extensions you have to enable your own schema in the following way:

1. Open the Tamino Schema Editor.
2. Load your schema (has to be a TSD4 schema)
3. Select the root element of the schema
4. In the Logical Properties field, open the trigger property.
5. Select the onInsert property and add the value DigitalSignatureExtension.onInsert
7. Select the Define/update Schema button and define the schema in the database where the DigitalSignatureExtension was installed before.

If you insert a document into your schema, Tamino verifies if it contains a signature and if yes, the signature is validated now. The preparation of your schema like add the ds:Signature element node has to be done by yourself. The attached sample shows a schema prepared for enveloped signatures (The DS:Signature element is imported from the sag:xmlsecurity/signature schema which is also part of the Tamino XML Signature Extensions download) and enabled to be supported by the DigitalSignatureExtension.

regards

Eckehard (R&D Software AG)
envelopedSignature.tsd (1.63 KB)

Hi Eckehard,
Thanks a lot for your help. The documentation shows “TriggerJ_schema” but it didn’t have the “Import” (new Tamino feature) to reference the signature schema, This is the piece that I didn’t have.

Thanks,
Guillermo

Hi Guillermo,

for using the import, you have to convert the schema to TSD4, which can easy be done by using the Tamino 4.1.1. Schema-Editor. For ‘import’ the signature schema, select the schema node of your schema (in case of the TriggerJ_Schema the TriggerJ_schema node), press the right mouse button, select ‘insert’ and then ‘import’. Now an ‘import’ node appears in the tree. Select it. As namespace add ‘http://www.w3.org/2000/09/xmldsig#’ and if you already have defined the xmldsig-core-schema.xsd in your target database (which is part of the Tamino XML Security Extensions download) you can add …/sag:xmlsecurity/signature as schemaLocation. After defining the import you can define element nodes of the imported schema in your own schema like e.g. a DS:Signature element. I would suggest to define the DS:Signature element as optional element. In this case the XML documents that should be valid against this schema can but have not to be signed.

If you now would like to use the DigitalSignatureExtension select the root node of your schema (in case of the TriggerJ_schema the Trigger element node), go to the ‘Logical Properties’ window, open the ‘trigger’ property and add ‘DigitalSignatureExtension.onInsert’ as value to the ‘onInsert’ property. Now you can define the schema. But keep in mind because of you have been defined a trigger in your schema, the ‘Define Schema’ will just work if the DigitalSignatureExtension has been installed in your target database via the Tamino Manager before (see Tamino XML Extensions docu).

(I hope this explanation is not too confusing)

regard Eckehard

Hi Eckehard,
Thanks a lot for your explanation, it was very clear.

Regards,
Guilllermo