signdetails

Specifies which certificate attributes are shown to users when they are choosing a certificate to sign the form, and defines the filters used to select the available certificates when the user is signing a form.

For example, the signdetails option could specify that only those certificates with a common name that begins with "Bob" are shown, and that only the owner's common name and e-mail address are shown.

Syntax

   <signdetails>
      dialogcolumns
      filteridentity
   </signdetails>
Note:
  • Both dialogcolumns and filteridentity are optional.
Table 1. signdetails parameters
Expression Setting Description
dialogcolumns (see the following) a list of certificate attributes that should be shown to the user when they are selecting a certificate to sign
filteridentity (see the following) a list of certificate attributes and values that are used to filter which certificates are available to the user for signing

dialogcolumns

The dialogcolumns element uses the following syntax:

   <dialogcolumns>
      <property>attribute1</property>
         ...
      <property>attributen</property>
   </dialogcolumns>
Note:
  • The number of attributes is optional.

Each certificate attribute listed is shown to the user when they view the certificates available for signing. For example, if you want the user to see the owner's common name and e-mail address for each certificate, you would use the following setting:

   <dialogcolumns>
      <property>Subject: CN</property>
      <property>Subject: E</property>
   </dialogcolumns>

For a list of available attributes, see “Certificate Attributes” under.

filteridentity

The filteridentity element uses the following syntax:

 <filteridentity>
      <filter>
         <tag>attribute1</tag>
         <value>value1</value>
      </filter>
      ...
      <filter>
         <tag>attributen</tag>
         <value>valuen</value>
      </filter>
   </filteridentity>
Note: The number of attributes and filters is optional.
Table 2. filter identity parameters
Parameter Type Description
attribute string The name of the attribute you want to user to filter the available certificates.
value string The value to which you want to compare the attribute. Use an asterisk (*) as a wildcard or multiple characters, or a question mark (?) as a wildcard for a single character.

If the value of the attribute matches the filter, then the certificate will be available to the user. For example, to restrict the available certificates to those with a common name beginning with "Bob", you would use the following filter:

   <filteridentity>
      <filter>
         <tag>Subject: CN</tag>
         <value>Bob*</value>
      </filter>
   </filteridentity>

For a list of available attributes, see "Certificate Attributes" under.

Available in

button, signature

Example

This example specifies a signdetails option that makes those certificates with an e-mail address in the IBM® domain available, and shows the serial number and the owner's common name for each certificate.

   <signdetails>
      <dialogcolumns>
         <property>Serial</property>
         <property>Subject: CN</property>
      </dialogcolumns>
      <filteridentity>
         <filter>
            <tag>Subject: E</tag>
            <value>*@ibm.com</value>
         </filter>
      </filteridentity>
   </signdetails>

Usage details

  1. Default: all certificates are available, and the certificate's common name and expiry date are shown to the user.

Certificate attributes

The following is a list of attributes that are common to X.509 certificates.
Note: The names of certificate attributes are case sensitive.
Table 3. certificate attributes
Attribute Description
Version the version of the X.509 specification that the certificate follows
Serial the certificate's serial number
signatureAlg the algorithm used by the Certificate Authority to sign the certificate
BeginDate the date at which the certificate became valid
EndDate the certificate's expiry date
PublicKey the certificate's public key
FriendlyName the certificate's friendly name
Subject: CN the certificate owner's common name
Subject: E the certificate owner's e-mail address
Subject: T the certificate owner's title
Subject: L the certificate owner's locality
Subject: ST the certificate owner's state of residence
Subject: O the organization to which the certificate owner belongs
Subject: OU the name of the organizational unit to which the certificate owner belongs
Subject: C the certificate owner's country of residence
Subject: STREET the certificate owner's street address
Subject: ALL the certificate owner's complete distinguished name
Issuer: CN the certificate issuer's common name
Issuer: E the certificate issuer's e-mail address
Issuer: T the certificate issuer's title
Issuer: L the certificate issuer's locality
Issuer: ST the certificate issuer's state of residence
Issuer: O the organization to which the certificate issuer belongs
Issuer: OU the organizational unit to which the certificate issuer belongs
Issuer: C the certificate issuer's country of residence
Issuer: STREET the certificate issuer's street address
Issuer: ALL the certificate issuer's complete distinguished name
Parent topic: XFDL options and array elements