iwxxm icon indicating copy to clipboard operation
iwxxm copied to clipboard
verified publisher icon wmo-im

Digital signature of IWXXM reports

Open jkorosi opened this issue 9 months ago • 2 comments

Details

I would like to discuss an option to extend the iwxxm:ReportType/ by an optional digital signature. My colleague discussed this option at the MET3SG meeting in Brussels. We even know one case (DWD) when an IWXXM producer signs their IWXXM data sent over AMQP.

The proposal is to use https://www.w3.org/TR/xmldsig-core1/.

Requestor

Jan Korosi, @jkorosi

jkorosi avatar Mar 26 '25 14:03 jkorosi

iwxxm:ReportType is designed to carry such information. We may want to discuss if this is the thing we would like to add, and may be something else too? We may also want to discuss if we would like to do it in 2025-2 or thereafter.

The use of XMLDSig, however, may need further considerations, as we need standardized "XML canonicalization" algorithm to create the "signature". We tried this many years ago and found it works for a single organization but things can get complicated if it involves may different parties. May be there are new improvements since then? Let me know if you have any updates on this.

blchoy avatar May 14 '25 10:05 blchoy

https://github.com/wmo-im/iwxxm/wiki/TT-AvData-Discussion-2025-May-14 notes: Jan presented and mentioned that their customers have requested; Dirk noted that it verifies that the message has not been modified between creation and distribution; Choy noted that the XML can currently handle this as is and noted that the xmldsig is old; Not for this fast-track, because it needs more exploration

amilan17 avatar May 14 '25 12:05 amilan17