for e-Government
|
Open Interfaces for e-Government |
|
Standardised Viewer Format
| Designation |
Standardised viewer format for the Citizen Card Environment of the Austrian Citizen Card |
| Brief designation |
Standardised viewer format |
| Version |
1.2.1 |
| Date |
2005-03-01 |
| Document class |
Convention |
| Document status |
Recommendation |
| Short Name |
This document specifies the standardised viewer format for the Austrian Citizen Card, based on XHTML 1.1 and CSS 2. It must be possible for the standardised viewer format to be processed and displayed by all Citizen Card Environments. |
| Authors |
Arno Hollosi |
| Work group |
Federal Chancellery, Federal Staff Unit for ICT Strategy, Technology and Standards |
| © |
This specification is supplied by A-SIT and the Federal Chancellery. It may be used without modification provided that reference is made to this copyright notice. The specification may be expanded, however any additional material must be clearly identified and the expanded specification must be made freely available. |
To enable an application to use commands of the Security Layer interface without needing to know the specific underlying implementation (Citizen Card Environment), it is necessary that there should be at least one viewer format that can be processed and displayed by every Citizen Card Environment.
This document specifies this standardised viewer format. The basis for it is provided by the international standards [XHTML 1.1] and Cascading Style Sheets 2 [CSS 2]. Taking this as a starting point, restrictions are defined to ensure that the viewer format is suitable for secure display. For example, link information or dynamic elements such as scripts are not permitted.
Section 2 defines the profile of [XHTML 1.1]. This profile defines the fundamental structure of a document corresponding to the standardised viewer format.
Section
3 defines the profile of [CSS
2], which allows the layout information for a document
corresponding to the standardised viewer format to be defined. The CSS
information is incorporated in the XHTML structure of the document
exclusively by means of the <xhtml:style> element.
| Prefix | Name space | Explanation |
|---|---|---|
xhtml |
http://www.w3.org/1999/xhtml |
Elements from [XHTML 1.1] |
dsig |
http://www.w3.org/2000/09/xmldsig# |
Elements from [XMLDSIG] |
Particular attention is drawn at this point to the fundamentally different meaning of should (and its corresponding elements) as opposed to may (and its corresponding elements) (cf. [Keywords], sections 3 and 5).
This section describes the profile for the XML structure of the standardised viewer format. The structure of this section is based on the modules defined in [XHTML 1.1], section 5: The restrictions in relation to the elements and attributes permitted in the standardised viewer format are specified for each module.
The XML schemas referenced at the end of this section serve as a normative summary of the restrictions. They are based on the mechanism for creating an XHTML dialect suggested in [XHTML MOD]. Instance documents that do not correspond to this schema precisely must be rejected by a Citizen Card Environment.
Compare [XHTML 1.1], section 5.1.
The title attribute is omitted from the Core
attribute collection. The Events, Style and
I18N attribute collections are completely emptied. Thus,
the Common attribute collection is identical with Core.
Compare [XHTML 1.1], section 5.2.
The body
and title elements remain unchanged in terms of both the
content model and attributes.
The cite
attribute for the blockquote element is omitted.
This module is used without change.
This
means that the Block content set is expanded to include
the hr element.
The content model remains the same for all elements.
If an instance document
uses the img element to reference one or more images,
then, when creating a signature, the Citizen Card Environment must select one of the following options
for each image:
alt attribute. In this
case, the relevant image reference is not included in the signature. Note: The second variant can be selected by the Citizen Card Environment if it cannot resolve the referenced image (e.g. broken link) or if it makes no sense to display an image in this context (e.g. in the case of a Citizen Card Environment for the blind).
When a signature is verified, the Citizen Card Environment must proceed as follows for every image referenced in an instance document:
alt attribute for the img
element must not be displayed in
this case. alt attribute. The [JPEG]
image format must be supported by
the viewer component of a Citizen Card Environment. However, if
a [JPEG]
file contains a marker of the type TEM, JPG,
JPGn (n>=0), RSTn (n>=0) or APPn (n>0), then the
instance document must be rejected
by the Citizen Card Environment.
The [GIF]
image format must also be
supported by the viewer component of a Citizen Card Environment. However, if
a [GIF]
file contains several images (animated GIF)
or an application extension, then the
instance document must be rejected
by the Citizen Card Environment. A [GIF]
file may contain extensions of the
type Comment Extension and Plain Text Extension,
however the content of these extensions must
not be displayed.
Other image formats may be supported by the viewer component of a Citizen Card Environment. However, the Citizen Card Environment must prevent the display of dynamic content (e.g. animated images).
The content model for
the style element remains unchanged.
Note: For the
permitted content of the style element see section
3.
The main schema file can also be downloaded from the following address:
Comments are part of [XHTML 1.1] with a clearly defined meaning. This meaning indicates that the information in question is not intended for display. For this reason, an instance document may contain comments. The comments must not be supported by the viewer component of a Citizen Card Environment.
Parts of an instance document
that may be displayed according to [XHTML 1.1], but for which there
is no mandatory rendering on the canvas, must
not be displayed by the viewer component of a Citizen Card Environment. An example
of this is the content of the title element ([XHTML
1.1] suggests a display in the title bar of the secure viewer
window).
The profile of [CSS 2] specified in this section first defines the minimum amount of CSS2 syntax that every Citizen Card Environment must or should be able to process when displaying a document that conforms to this standardised viewer format.
In addition, every Citizen Card Environment may also process and display those parts of the CSS2 syntax not specified in this profile in the secure viewer, if this is not expressly forbidden in the sections below.
If a Citizen Card Environment is unable to interpret parts of the syntax defined as optional or recommended in this specification, then it must reject the relevant instance document.
Application developers who write instance documents that meet this standardised viewer format should only use those parts of the syntax defined in this profile as required or recommended.
[CSS
2] defines a number of options for integrating CSS formats in an
instance of an XHTML document. This profile limits these options to one
– integration by means of the style XHTML element. All
other options (definition using the XHTML attribute style,
and the integration of external CSS files via the XHTML element link
or via the CSS rule @import) must
not be processed by a Citizen Card Environment, i.e. the
relevant instance document must be
rejected.
The CSS formats to be used by the viewer component of the Citizen Card Environment are defined in two stages:
The CSS formats resulting from these two steps must be taken into account by the viewer component of the Citizen Card Environment when displaying the instance document.
The default CSS style sheet that is the starting point for determining the default CSS formats to be used by the Citizen Card Environment for display in the secure viewer is a normative component in this specification and can be downloaded from the following address:
Note: It is not necessary for the viewer component of the Citizen Card Environment to be able to interpret the default style sheet. Instead it must ensure that the displayed instance document looks as if it were created by interpreting the default style sheet. To this extent there is no contradiction in the fact that CSS properties and property values are used in the default style sheet that do not necessarily need to be supported according to this specification.
In respect of the At-rules defined in [CSS 2], the following rules apply for a Citizen Card Environment:
The @charset rule for
specifying the character encoding of an external style sheet must not be used in an instance document
because this specification only allows embedded style sheets to be used
(see section
3.1) and the @charset rule must not be used in such style sheets
(cf. [CSS
2], section 4.4). The viewer component of the Citizen Card Environment must reject an instance document
containing a @charset rule.
The
@import rule for incorporating external CSS files must not be used in an instance document
(cf. [CSS
2], section 6.3, and section
3.1 of this document). The viewer component of the Citizen Card Environment must reject an instance document
containing a @import rule.
The
@media rule for specifying style sheet information for
particular output media must not
be used in an instance document (cf. [CSS
2], section 7). The viewer component of the Citizen Card Environment must reject an instance document
containing a @media rule.
The
@page rule for defining the page properties for page-based
output media may be supported by a
Citizen Card Environment (cf. [CSS
2], section 13, and section
3.5.7 of this document).
The @font-face rule
for describing or referencing additional font families (cf. [CSS
2], section 15.3) must not be
used in an instance document. The viewer component of the Citizen Card Environment must reject an instance document
containing a @font-face rule.
[CSS 2] defines a series of rules for setting up selectors in section 5. This section defines which of these rules a Citizen Card Environment must be able to process; these are:
The following other selectors may be supported:
A Citizen Card Environment must support a length specification in
the units in, mm, cm, pc
and px and should
support a length specification in the relative units ex
and em for a CSS property, if this is possible for this
property according to [CSS
2].
A Citizen Card Environment must support the specification of a percentage value for a CSS property if such a specification is possible for this property according to [CSS 2].
A Citizen Card Environment must support all the options for specifying a colour listed in [CSS 2], section 4.3.6 for a CSS property, if such an option is available for this property according to [CSS 2].
The exceptions are the system colours (cf. [CSS 2], section 18.2); these must not be used in an instance document so as to prevent dependencies on the system environment. Otherwise the instance document must be rejected by the Citizen Card Environment.
For properties
that must or should be supported by a Citizen Card Environment according to
this specification, the respective property values inherit
or auto should also
be supported, if such values are possible for the property according to
[CSS
2].
The margin-top,
margin-bottom, margin-left and margin-right
properties must be supported by a Citizen Card Environment. Values
specified as percentages (cf. section
3.5.1.2) should be supported.
The margin property may
be supported by a Citizen Card Environment.
An instance document must not contain a negative value in the properties mentioned above. Otherwise it must be rejected by the Citizen Card Environment.
The padding-top,
padding-bottom, padding-left and padding-right
properties must be supported by a Citizen Card Environment. Values
specified as percentages (cf. section
3.5.1.2) should be supported.
The padding property may
be supported by a Citizen Card Environment.
An instance document must not contain a negative value in the properties mentioned above. Otherwise it must be rejected by the Citizen Card Environment.
The border-top-width,
border-bottom-width, border-left-width, border-right-width
and border-width properties should
be supported by a Citizen Card Environment. If the
properties are supported, the predefined values thin, medium
and thick should
also be supported (cf. [CSS
2], section 8.5.1).
The border-top-color,
border-bottom-color, border-left-color, border-right-color
and border-color properties should
be supported by a Citizen Card Environment. The
predefined value transparent for the border-color
property may be supported (cf. [CSS
2], section 8.5.2).
The border-top-style,
border-bottom-style, border-left-style, border-right-style
and border-style properties should
be supported by a Citizen Card Environment. If the
properties are supported, the predefined values none, dashed,
dotted, solid and double should also be supported; all other
values may be supported (cf. [CSS
2], section 8.5.3).
The
properties for the shorthand version of the border properties (border-top,
border-bottom, border-left, border-right
and border (cf. [CSS
2], section 8.5.4) should be
supported by a Citizen Card Environment. The recommended values result from the three
previous sections.
The property
for controlling the box type (display) may be supported by a Citizen Card Environment (cf. [CSS
2], section 9.2).
The property
for defining the positioning scheme for a box (position,
cf. [CSS
2], section 9.3) must not be
contained in an instance document to prevent content from overlapping.
Otherwise the instance document must
be rejected by the Citizen Card Environment.
The
property for defining the positioning scheme for a box (top,
bottom, left, right; cf. [CSS
2], section 9.3) must not be
contained in an instance document to prevent content from overlapping.
Otherwise the instance document must
be rejected by the Citizen Card Environment.
Note: It is not absolutely necessary to prohibit
these properties explicitly because they are only to be used for
elements that are positioned, in other words elements for which the position
property is set. However, it makes no sense for these properties to
appear like zombies in the instance document style sheet.
The
properties for defining the flow around boxes (float, clear)
may be supported by a Citizen Card Environment (cf. [CSS
2], section 9.5).
The
property for defining the positioning of boxes on the z-axis (z-index,
cf. [CSS
2], section 9.9) must not be
contained in an instance document to prevent content from overlapping.
Otherwise the instance document must
be rejected by the Citizen Card Environment.
Note: It is not absolutely necessary to prohibit this
property explicitly because it is only to be used for elements that are
positioned, in other words elements for which the position
property is set. However, it makes no sense for this property to appear
like a kind of zombie in the instance document style sheet.
The
properties for controlling the text direction (direction, unicode-bidi)
may be supported by a Citizen Card Environment (cf. [CSS
2], section 9.10).
The properties
for specifying the width and height of a box (width, height,
cf. [CSS
2], sections 10.2 and 10.5) must not
be supported by a Citizen Card Environment to prevent
content from overlapping. Otherwise the instance document must be rejected by the Citizen Card Environment.
The properties for specifying the minimum width and height of a box (min-width,
min-height) may be
supported by a Citizen Card Environment (cf. [CSS
2], sections 10.4 and 10.7).
The properties for specifying the maximum width and height of a box (max-width,
max-height, cf. [CSS
2], sections 10.4 and 10.7) must not
be supported by a Citizen Card Environment to prevent
content from overlapping. Otherwise the instance document must be rejected by the Citizen Card Environment.
The
properties for specifying the line height (line-height, vertical-align)
should be supported by a Citizen
Card (cf. [CSS
2], section 10.8). The only exception is the vertical-align
property: In this case a Citizen Card Environment must be able to interpret the values sub
and super.
The property for
specifying the visibility of a box (visibility) may be supported by a Citizen Card Environment (cf. [CSS
2], section 11).
The properties for controlling the visible area of a box (overflow,
clip; cf. [CSS
2], section 11) must not be
contained in an instance document to prevent hidden content. Otherwise
the instance document must be
rejected by the Citizen Card Environment.
The
property for generating content (content) may be supported by a Citizen Card Environment (cf. [CSS
2], section 12.2).
The
property for displaying quotation marks (quotes) may be supported by a Citizen Card Environment (cf. [CSS
2], section 12.3).
The
properties for automatic numbering (counter-reset, counter-increment)
may be supported by a Citizen Card Environment (cf. [CSS
2], section 12.5).
The
property for defining the space between a marker and the associated box
(marker-offset) may
be supported by a Citizen Card Environment (cf. [CSS
2], section 12.6.1).
For
the property for selecting the list symbol (list-style-type)
a Citizen Card Environment must support the values none,
disc, circle, square, decimal,
decimal-leading-zero, lower-roman, upper-roman,
lower-alpha, lower-latin, upper-alpha
and upper-latin. The other values may be supported (cf. [CSS
2], section 12.6.2).
The
property for positioning the list symbol in relation to the associated
box (list-style-position) should
be supported by a Citizen Card Environment (cf. [CSS
2], section 12.6.2).
The
property for selecting an image as a list symbol (list-style-image)
may be supported by a Citizen Card Environment (cf. [CSS
2], section 12.6.2). If the Citizen Card Environment supports this
property, then it must proceed in
respect of the integration of the image in the signature as described
in section
2.1.7.
The
property for the shorthand version of the list properties (list-style)
should be supported by a Citizen Card Environment. The recommended values result from the
explanations for the list-style-type, list-style-position
and list-style-image properties above (cf. [CSS
2], section 12.6.2).
The properties for
page-based media may be supported
by a Citizen Card Environment (size,
marks, page-break-before, page-break-inside,
page-break-after, page, orphans
and widows (cf. [CSS
2], section 13).
The property for defining
the foreground colour of the content of an element (color)
must be supported by a Citizen Card Environment (cf. [CSS
2], section 14.1).
The property for
defining the background colour of the content of an element (background-color)
must be supported by a Citizen Card Environment (cf. [CSS
2], section 14.2.1).
The properties for selecting and controlling an image as background (background-image,
background-repeat, background-position, background-attachment;
cf. [CSS
2], section 14.2.1) must not
be contained in an instance document to prevent content from
overlapping. Otherwise the instance document must be rejected by the Citizen Card Environment.
The property for the shorthand version of the background properties (background)
should be supported by a Citizen Card Environment. The recommended values result from the
explanations for the background-color property above (cf.
[CSS
2], section 14.2.1). If the property contains values for selecting
and controlling an image as background, the instance document must be rejected by the Citizen Card Environment.
For the
property for selecting a font family (font-family), a Citizen Card Environment must support the predefined values serif,
sans-serif and monospaced for the general
font families. All other values may
be supported by a Citizen Card Environment (cf. [CSS
2], section 15.2.2).
If a preferred font family is specified in the instance document
that cannot be displayed by the Citizen Card Environment, then the Citizen Card Environment may still display the instance document
if another displayable font family has been specified as an
alternative. For example, if the specification in the instance document
is font-family: "Times New Roman", serif, then the Citizen Card Environment may display the instance document in the
secure viewer even if it does not know the Times
New Roman font family (as it must always support serif).
The properties
for defining the font style (font-style) and font weight (font-weight)
must be supported by a Citizen Card Environment. The values normal
and italic must be
supported, while the value oblique should be supported.
The property for defining the font variant (font-variant) should be supported by a Citizen Card Environment, while the
property for defining the font stretch (font-stretch) may be supported by a Citizen Card Environment (cf. [CSS
2], section 15.2.3).
The property
for specifying the font size (font-size) must be supported by a Citizen Card Environment. The property
for specifying the stretch ratio (font-size-adjust) may be supported by a Citizen Card Environment (cf. [CSS
2], section 15.2.4).
The
property for the shorthand version of the font properties (font)
should be supported by a Citizen Card Environment (cf. [CSS
2], section 15.2.5). The recommended
values result from the explanations above for the font-style,
font-variant, font-weight, font-size
and font-family properties and the explanations for the line-height
property in section
3.5.4.2.
The additional, predefined values relating to the system fonts used (caption,
icon, etc.) must not
be contained in an instance document so as to prevent dependencies on
the system environment. Otherwise the instance document must be rejected by the Citizen Card Environment.
If the text of an instance document contains a character that cannot be displayed by the Citizen Card Environment, then the instance document must be rejected by the Citizen Card Environment. The character must not be represented by a placeholder.
The property for
indenting the first line of a text block (text-indent) should be supported by a Citizen Card Environment (cf. [CSS
2], section 16.1).
For the property for
aligning the content of a text block (text-align) a Citizen Card Environment must support the values left,
right and center. The value justified
should be supported, while the
specification of a string value may
be supported (cf. [CSS
2], section 16.2).
For the property for
decorating a text (text-decoration; cf. [CSS
2], section 16.3.1) a Citizen Card Environment must support the values none,
underline and line-through.
The value blink must not
be contained in an instance document. Otherwise the instance document must be rejected by the Citizen Card Environment.
The other values may be supported by a Citizen Card Environment.
The property for
specifying a text shadow (text-shadow) may be supported by a Citizen Card Environment (cf. [CSS
2], section 16.3.2).
The word-spacing
and letter-spacing should
be supported by a Citizen Card Environment (cf. [CSS
2], section 16.4).
An instance document must not contain negative values in order to prevent content from overlapping. Otherwise the instance document must be rejected by the Citizen Card Environment.
The property for
specifying the capitalisation of the text of an element (text-transform)
may be supported by a Citizen Card Environment (cf. [CSS
2], section 16.5).
The property for
the handling of white space within the text of an element (white-space)
should be supported by a Citizen Card Environment (cf. [CSS
2], section 16.6).
A Citizen Card Environment should support the top and
bottom properties for the property for specifying the
position when labelling a table (caption-side); the
properties left and right may be supported (cf. [CSS
2], section 17.4.1).
The property for
defining the layout algorithm for a table (table-layout) may be supported by a Citizen Card Environment (cf. [CSS
2], section 17.5.2).
However, the fixed value must
not be supported because the layout algorithm selected with it
can cause content to overlap.
In general, the viewer component of the Citizen Card Environment must use a layout algorithm for a table that does not generate an overflow, in other words with which the content of every table element can be rendered so that it does not extend beyond the confines of the table element. There is an example of such an algorithm in [CSS 2], section 17.5.2, subsection Automatic table layout.
The properties for
displaying borders in tables (border-collapse, border-spacing,
empty-cells) may be
supported by a Citizen Card Environment (cf. [CSS
2], section 17.6).
The property
for controlling the voice output of the column headers in a table (speak-header)
may be supported by a Citizen Card Environment (cf. [CSS
2], section 17.7.1).
The
property for controlling the cursor format (cursor; cf. [CSS
2], section 18.1) must not be
contained in an instance document. Otherwise the instance document must be rejected by the Citizen Card Environment.
Note: In principle it is not necessary to prohibit this property, although it makes no sense to use it because it does not relate to the canvas. In the interests of the leanest possible specification, this property is therefore prohibited.
The
properties for defining element contours (outline-width, outline-style,
outline-color and outline; cf. [CSS
2], section 18.4) must not be
contained in an instance document. Otherwise the instance document must be rejected by the Citizen Card Environment.
Note: In principle it is not necessary to prohibit these properties, although it makes no sense to use them because they relate to elements that are not allowed in an instance document. In the interests of the leanest possible specification, these properties are therefore prohibited.
The properties for the voice output of a document (cf. [CSS 2], section 19) may be supported by a Citizen Card Environment.
As is apparent from sections 2 and 3, the standardised viewer format specified in this document allows images to be integrated in two different ways:
<img> tag (cf. section
2.1.7); Because the images integrated in this way are not incorporated directly in the instance document, but are only referenced with a URI, the referenced image data must be included in the XML signature as additional data along with the actual instance document. The following sections specify this integration.
For every image
referenced and to be signed in an instance document in one of the two
ways mentioned above (cf. the alternatives in section
2.1.7), another dsig:Reference element must be added to the XML signature (in
addition to the dsig:Reference element for the instance
document). The following rules are to be obeyed:
URI attribute of the dsig:Reference
element must contain the URI used
to reference the corresponding image in the instance document. Type attribute of the dsig:Reference
element is to be used and must
have the following structure: http://www.buergerkarte.at/specifications/Security-Layer/20031031?Name=SignedImage&InstanceDocRef=xx in the last line is to be replaced with
the index of the dsig:Reference element used to integrate
the instance document in the signature. The first dsig:Reference
of the signature has the index 0. If the same image is
incorporated in several instance documents, the indices of the instance
document references are to be separated by commas. The following instance document is to be signed by the Citizen Card Environment:
<?xml version="1.0" encoding="UTF-8"?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Example</title>
<style type="text/css">
ul { list-style-image: url("http://example.com/list-style.gif") }
</style>
</head>
<body>
<p>
This image is also signed:
<img src="http://example.com/image.gif" alt="Example"/>
</p>
<ul>
<li>This is a bullet point represented by an image.</li>
</ul>
</body>
</html>
Here is an outline of the XML signature required for this purpose
(three dots ... indicate omissions for the sake of transparency):
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
<Reference URI="http://example.com/instanceDocument.xhtml">
...
</Reference>
<Reference URI=http://example.com/image.gif"
Type="...ayer/20031031?Name=SignedImage&InstanceDocRef=0">
</Reference>
<Reference URI="http://example.com/list-style.gif"
Type="...ayer/20031031?Name=SignedImage&InstanceDocRef=0">
</Reference>
</SignedInfo>
...
</Signature>
Note: The value of the URI attribute of
the first reference was chosen at random. The actual value to be used
depends on the signature creation request that was sent to the Citizen Card Environment.
The two sections that follow describe the process model to be used by a Citizen Card Environment when processing documents that comply with the standardised viewer format defined in this document within the framework of signature creation and verification.
dsig:Reference element for the
instance document in the XML signature. dsig:Reference in the XML
signature.
dsig:Reference
element to include the index of the dsig:Reference
element corresponding to the instance document if the index has not
already been taken into account. dsig:Reference
element for the image in the XML signature. dsig:Reference element in
the XML signature. dsig:Reference
element in the XML signature.| Date |
Version
|
Changes |
|---|---|---|
2005-03-01 |
1.2.1 |
|
|
2004-05-14
|
1.2.0
|
|
|
2003-12-18
|
1.0.1
|
|
|
2003-11-13
|
1.0
|
|
|
2003-10-22
|
0.9
|
|
|
2003-08-25
|
0.4
|
|
|
|
0.3
|
|