For an introduction to signed statements, please refer to our Signed Statement overview documentation.
Creating a signed statement signing order
In order to trigger the use of signed statement, certain conditions must be fulfilled:
- The bundle attribute on the task element must be set to true
- The responsive attribute on the signature element must be set to true
- The request must be sent to DocumentService-v3
The following SOAP example will result in a signing order for Signicat Signature with signed statement.
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns="https://id.signicat.com/definitions/wsdl/Document-v3">
<soap:Header></soap:Header>
<soap:Body>
<create-request-request>
<service>signicat</service>
<password>Bond007</password>
<request>
<document id="1" mime-type="text/plain" xsi:type="provided-document" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<description>Text document</description>
<data>VGFzayAx</data>
</document>
<task id="1" bundle="true">
<document-action type="sign">
<document-ref>1</document-ref>
</document-action>
<signature responsive="true">
<method>nbid-sign</method>
</signature>
</task>
</request>
</create-request-request>
</soap:Body>
</soap:Envelope>Note that, while this example utilizes a provided text document, signed statement signing orders also support signing of PDF documents from SDS (session data storage) and the like, just like regular signature requests. You can find more information about this in our guide for getting started with signing.
Additions to the result document (LTV-SDO)
In addition to the SAML response containing the signature value for the signed statement, the original sign text in its unprocessed form is also included:
<ltv:Authentication>
<ltv:SAMLResponse Format="urn:signicat:format:saml-1.1" MimeType="application/x-saml+xml" Version="1.0"> [REMOVED FOR BREVITY] </ltv:SAMLResponse>
<!-- THIS IS THE NEW PART -->
<ltv:SignedStatement>
<ltv:VisibleSignText> [HERE GOES VISIBLE SIGN TEXT] </ltv:VisibleSignText>
<ltv:NonVisibleSignText> [HERE GOES NON-VISIBLE SIGN TEXT] </ltv:NonVisibleSignText>
<ltv:DocumentIndex> [HERE GOES REFERENCE TO NON-VISIBLE SIGN TEXT]</ltv:DocumentIndex>
</ltv:SignedStatement>
<!-- NEW PART ENDS HERE -->
</ltv:Authentication>The sign text
Visible sign text
The visible part of the sign text is the statement presented to the end-user, expressing the end-user’s consent for the documents to be signed. This text is automatically generated by Signicat.
Non-visible sign text
The non-visible part of the sign text is a JSON data structure containing cryptographic message digests of each of the documents to be signed, together with a zero-based index and the document’s description and MIME type.
{
"attachments": [
{
"index": 0,
"documentDescription": "document.pdf",
"mimeType": "application\/pdf",
"primaryDigestValue": "aren3Efg3BTksqd7Iht0GWccosAFDL5ZAk4qi+2ifNU=",
"primaryDigestMethod": {
"algorithm": "http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256"
},
"secondaryDigestValue": "mU7l\/lD\/HSWUzZY2yxNZ1ys34SNYm7vx2Jk8WBL51Vs=",
"secondaryDigestMethod": {
"algorithm": "http:\/\/www.w3.org\/2007\/05\/xmldsig-more#sha3-256"
}
}
]
}Document index
If multiple documents are signed, the same sign text will be included in each LTV-SDO (long-term validation signed data object). In other words, each separate LTV-SDO will contain a sign text referring to each and every one of the documents. In order to make the connection between the LTV-SDO and the entry in the non-visible sign text clear and unambiguous, the zero-based index of the relevant entry in the non-visible sign text is included in each LTV-SDO.
Supported ID methods
The methods that currently support signed statement signatures are as follows:
|
ID method
|
Signature type
|
|---|---|
| Norwegian BankID | Simple signed statement |
| Norwegian BankID on mobile | Simple signed statement |
| Swedish BankID | Signed statement with non-visible properties |
| Danish NemID | Signed statement with non-visible properties |