excludedmetadataAdded by IBM on October 10, 2012 | Version 1 (Original)
|Allows additional data about a signature to be included, but never signed. This makes it possible to store the notarization of signatures without interfering with other, overlapping signatures.
For example, if signer1 signs a form and then signer2 affixes an overlapping signature, you could not modify the first signature without breaking the second. In this case, you would not be able to notarize the first signature, since affixing the notarization would change the mimedata of that signature and break the second signature.
The excludedmetadata provides a place to store the notarization for the first signature without breaking the second signature. You can add information to this option at any time, since the excludedmetadata option is never signed.
Table 1. excludedmetadata parameters
|notarization||string||A compressed base64 encoded PKCS-7 signature that signs the hash of the mimedata option and the details of the signature that is being notarized.|
Example The following example shows an excludedmetadata option with two notarizing signatures. Note that the base64 blocks would be much larger in practice.
- Default: none