Previous Next
741
SECTION 8.7 Digital Signatures
8.7.3 Permissions
The Perms entry in the document catalog (see Table 3.25) specifies a permissions
dictionary (PDF 1.5). Each entry in this dictionary (see Table 8.107 for the cur-
rently defined entries) specifies the name of a permission handler that controls ac-
cess permissions for the document. These permissions are similar to those defined
by security handlers (see Table 3.20 on page 123) but do not require that the docu-
ment be encrypted. For a permission (for example, the ability to fill in form fields)
to be actually granted for a document, it must be allowed by each permission han-
dler that is present in the permissions dictionary as well as by the security handler.
TABLE 8.107 Entries in a permissions dictionary
KEY TYPE VALUE
DocMDP dictionary (Optional) An indirect reference to a signature dictionary (see Table 8.102). This
dictionary must contain a Reference entry that is a signature reference dictionary
(see Table 8.103) that has a DocMDP transform method (see “DocMDP” on page
731) and corresponding transform parameters.
If this entry is present, consumer applications should enforce the permissions spec-
ified by the P attribute in the DocMDP transform parameters dictionary and should
also validate the corresponding signature based on whether any of these permis-
sions have been violated.
UR dictionary (Optional) A signature dictionary that is used to specify and validate additional ca-
pabilities (usage rights) granted for this document; that is, the enabling of interac-
tive features of the viewer application that are not available by default.
For example, Adobe Reader does not permit saving documents by default, but Ado-
be Systems may grant permissions that enable saving in Adobe Reader for specific
documents. The signature is used to validate that the permissions have been granted
by Adobe Systems.
The signature dictionary must contain a Reference entry that is a signature refer-
ence dictionary that has a UR transform method (see “UR” on page 733). The trans-
form parameter dictionary for this method indicates which additional permissions
should be granted for the document. If the signature is valid, the Adobe Reader al-
lows the specified permissions for the document, in addition to the application’s de-
fault permissions.
The signature dictionary must not contain a ByteRange entry.
UR3 dictionary (Optional; PDF 1.6) A signature dictionary that specifies and validates usage rights.
The description of the UR entry above applies to UR3, except that the signature dic-
tionary must contain a ByteRange entry. See “UR” on page 733 for details.
Previous Next