Tamino Security Extension (TSE) question?

Guille · April 23, 2003, 7:30pm

Hello,
We have a prospect who’s evaluating Tamino with TSE. He has a XML schema and it includes the Signature definition, also he has a lot of XML documents stored in a file system.
He wants to use Tamino and TSE but he doesn’t want to change their schema nor XML documents.
I would like to know if it’s possible to configure the TSE in order to check the tag “Signature” instead of “ds:Signature”?
Attached to this question I’m leaving the schema and a xml document.

Thanks and Regards,
Guillermo
EnvioDTE.zip (10.5 KB)

Stuart_Fyffe-Collins · April 23, 2003, 7:40pm

Hello Guillermo,

It is more correct to say that the server extenstion checks for the Signature in the http://www.w3.org/2000/09/xmldsig# namespace. So in theory this would work.

kind regards,

Stuart Fyffe-Collins
Software AG (UK) Ltd.

Guille · April 23, 2003, 8:11pm

Hello Stuart,
I’ve changed the schema to enable the DigitalSignatureExtension. I only modified the “Logical Properties/trigger/onInsert” to DigitalSignatureExtension.onInsert, but it doesn’t check the signature.

Regards,
Guillermo

Stuart_Fyffe-Collins · April 23, 2003, 9:57pm

… could you post the changed schema and sample document?

Guille · April 24, 2003, 12:28am

Hello Stuart,
Thanks a lot for your help. Here you have the schema using TSE and a xml document.

Regards,
Guillermo
EnvioDTE_with_TSE.zip (10.6 KB)

Stuart_Fyffe-Collins · April 24, 2003, 2:41pm

Hi Guillermo,

The reason that the signature isn’t being detected is because the Signature element isn’t belonging to the http://www.w3.org/2000/09/xmldsig# namespace but belongs to the default namespace which is http://www.sii.cl/SiiDte which is defined on the root element. So in this case you have defined the digitial signature namespace to be associated with the prefix ds: so you need to have ds:Signature.

I hope this makes sense.

Stuart Fyffe-Collins
Software AG (UK) Ltd.

Guille · April 24, 2003, 7:33pm

Ok, thanks Stuart, I’m going to test it.
Regards,
Guillermo

Guest · April 24, 2003, 8:44pm

Hi Guillermo,

Stuart is right, TSE is searching for Signatures from the w3c dsig namespace. If the trigger has been invoked can easily been seen when you switch on the SXS trace. It is done by selecting the ‘Server Extensions’ node of the database in the Tamino Manager. Now press the ‘Extension Settings’ button and switch on the ‘X-Tension trace switch’. If you load an XML object into the schema where you have set the trigger now, trace is written into the ‘ino:SXS-Trace’ collection. The trace shows you what has been happen in the trigger.

One additional note. It seems for me, that the reference (Reference URI=“#F176466T33”) of the signature in the EnvioDTE.xml points to a not existing target.

regards Eckehard