link

# Signed statement signing orders

For an introduction to signed statements, refer to our signed statement overview documentation.

# Creating a signed statement signing order

In order to trigger the use of signed statement, certain conditions must be fulfilled:

  • The bundle attribute on the task element must be set to true
  • The responsive attribute on the signature element must be set to true
  • The request must be sent to DocumentService-v3

The following SOAP example will result in a signing order with signed statement.

# Signing Order Request Example

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns="https://id.signicat.com/definitions/wsdl/Document-v3">
   <soap:Header></soap:Header>
   <soap:Body>
      <create-request-request>
         <service>signicat</service>
         <password>Bond007</password>
         <request>
            <document id="1" mime-type="text/plain" xsi:type="provided-document" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
               <description>Text document</description>
               <data>VGFzayAx</data>
            </document>
            <task id="1" bundle="true">
               <document-action type="sign">
                  <document-ref>1</document-ref>
               </document-action>
               <signature responsive="true">
                  <method>nbid-sign</method>
               </signature>
            </task>
         </request>
      </create-request-request>
   </soap:Body>
</soap:Envelope>

Note

While this example uses a provided text document, signed statement signing orders also support signing of PDF documents from SDS (session data storage) and the like, just like with a regular signature request.

You can find more information about this in our guide for getting started with signing.

# Additions to the result document (LTV-SDO)

In addition to the SAML response containing the signature value for the signed statement, the original sign text in its unprocessed form is also included:

<ltv:Authentication>
    <ltv:SAMLResponse Format="urn:signicat:format:saml-1.1" MimeType="application/x-saml+xml" Version="1.0"> [REMOVED FOR BREVITY] </ltv:SAMLResponse>

    <!-- THIS IS THE NEW PART -->
    <ltv:SignedStatement>
        <ltv:VisibleSignText> [HERE GOES VISIBLE SIGN TEXT] </ltv:VisibleSignText>
        <ltv:NonVisibleSignText> [HERE GOES NON-VISIBLE SIGN TEXT] </ltv:NonVisibleSignText>
        <ltv:DocumentIndex> [HERE GOES REFERENCE TO NON-VISIBLE SIGN TEXT]</ltv:DocumentIndex>
    </ltv:SignedStatement>
    <!-- NEW PART ENDS HERE -->

</ltv:Authentication>

# The sign text

# Visible sign text

The visible part of the sign text is the statement presented to the end-user, expressing the end-user's consent for the documents to be signed. This text is automatically generated by Signicat.

# Non-visible sign text

The non-visible part of the sign text is a JSON data structure containing cryptographic message digests of each of the documents to be signed, together with a zero-based index and the document's description and MIME type.

# Example of non-visible sign text

{
  "attachments": [
    {
      "index": 0,
      "documentDescription": "document.pdf",
      "mimeType": "application\/pdf",
      "primaryDigestValue": "aren3Efg3BTksqd7Iht0GWccosAFDL5ZAk4qi+2ifNU=",
      "primaryDigestMethod": {
        "algorithm": "http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256"
      },
      "secondaryDigestValue": "mU7l\/lD\/HSWUzZY2yxNZ1ys34SNYm7vx2Jk8WBL51Vs=",
      "secondaryDigestMethod": {
        "algorithm": "http:\/\/www.w3.org\/2007\/05\/xmldsig-more#sha3-256"
      }
    }
  ]
}

# Document index

If multiple documents are signed, the same sign text will be included in each LTV-SDO (long-term validation signed data object). In other words, each separate LTV-SDO will contain a sign text referring to each and every one of the documents.

In order to make the connection between the LTV-SDO and the entry in the non-visible sign text clear and unambiguous, the zero-based index of the relevant entry in the non-visible sign text is included in each LTV-SDO.

# Supported ID methods

The methods that currently support signed statement signatures are as follows:

ID method Signature type
Norwegian BankID Simple signed statement
Norwegian BankID on mobile Simple signed statement
Swedish BankID Signed statement with non-visible properties
Danish NemID Signed statement with non-visible properties
Last updated: 28/03/2022 13:18 UTC