Previous Next


                                                   741
         SECTION 8.7                                                            Digital Signatures



  8.7.3 Permissions

         The Perms entry in the document catalog (see Table 3.25) specifies a permissions
         dictionary (PDF 1.5). Each entry in this dictionary (see Table 8.107 for the cur-
         rently defined entries) specifies the name of a permission handler that controls ac-
         cess permissions for the document. These permissions are similar to those defined
         by security handlers (see Table 3.20 on page 123) but do not require that the docu-
         ment be encrypted. For a permission (for example, the ability to fill in form fields)
         to be actually granted for a document, it must be allowed by each permission han-
         dler that is present in the permissions dictionary as well as by the security handler.

                            TABLE 8.107 Entries in a permissions dictionary
KEY        TYPE          VALUE

DocMDP     dictionary    (Optional) An indirect reference to a signature dictionary (see Table 8.102). This
                         dictionary must contain a Reference entry that is a signature reference dictionary
                         (see Table 8.103) that has a DocMDP transform method (see “DocMDP” on page
                         731) and corresponding transform parameters.
                         If this entry is present, consumer applications should enforce the permissions spec-
                         ified by the P attribute in the DocMDP transform parameters dictionary and should
                         also validate the corresponding signature based on whether any of these permis-
                         sions have been violated.

UR         dictionary    (Optional) A signature dictionary that is used to specify and validate additional ca-
                         pabilities (usage rights) granted for this document; that is, the enabling of interac-
                         tive features of the viewer application that are not available by default.
                         For example, Adobe Reader does not permit saving documents by default, but Ado-
                         be Systems may grant permissions that enable saving in Adobe Reader for specific
                         documents. The signature is used to validate that the permissions have been granted
                         by Adobe Systems.
                         The signature dictionary must contain a Reference entry that is a signature refer-
                         ence dictionary that has a UR transform method (see “UR” on page 733). The trans-
                         form parameter dictionary for this method indicates which additional permissions
                         should be granted for the document. If the signature is valid, the Adobe Reader al-
                         lows the specified permissions for the document, in addition to the application’s de-
                         fault permissions.
                         The signature dictionary must not contain a ByteRange entry.

UR3        dictionary    (Optional; PDF 1.6) A signature dictionary that specifies and validates usage rights.
                         The description of the UR entry above applies to UR3, except that the signature dic-
                         tionary must contain a ByteRange entry. See “UR” on page 733 for details.

Previous Next