5.2. Processing an Accept-Signature
5.2. Processing an Accept-Signature
The receiver of an Accept-Signature field fulfills that header as follows:
-
Parse the field value as a Dictionary.
-
For each member of the Dictionary:
2.1. The key is taken as the label of the output signature as specified in Section 4.1.
2.2. Parse the value of the member to obtain the set of covered component identifiers.
2.3. Determine that the covered components are applicable to the target message. If not, the process fails and returns an error.
2.4. Process the requested parameters, such as the signing algorithm and key material. If any requested parameters cannot be fulfilled or if the requested parameters conflict with those deemed appropriate to the target message, the process fails and returns an error.
2.5. Select and generate any additional parameters necessary for completing the signature.
2.6. Create the HTTP message signature over the target message.
2.7. Create the Signature-Input and Signature field values, and associate them with the label.
-
Optionally create any additional Signature-Input and Signature field values, with unique labels not found in the Accept- Signature field.
-
Combine all labeled Signature-Input and Signature field values, and attach both fields to the target message.
By this process, a signature applied to a target message MUST have the same label, MUST include the same set of covered components, MUST process all requested parameters, and MAY have additional parameters.
The receiver of an Accept-Signature field MAY ignore any signature request that does not fit application parameters.
The target message MAY include additional signatures not specified by the Accept-Signature field. For example, to cover additional message components, the signer can create a second signature that includes the additional components as well as the signature output of the requested signature.