SIVA-653 Add T level signature filter configuration info to the deplo…

…yment guide
open-eid · May 2, 2024 · 3c5d0bb · 3c5d0bb
1 parent a1238c6
commit 3c5d0bb
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/docs/siva3/deployment_guide.md b/docs/siva3/deployment_guide.md
@@ -520,6 +520,26 @@ siva.europe.signaturePolicy.policies[1].constraintPath=generic_constraint_qes.xm
 
 !!! note
     Default policy configuration is lost when policy detail properties (name, description, url or constraintPath) are overridden or new custom policies added in custom configuration files (in this case, the existing default policies must be redefined in configuration files explicitly)
+
+* Configure SiVa to request revocation status for T level signatures
+
+By default, T level signatures do not contain revocation data.
+It is possible to configure SiVa to use OnlineOCSPSource in order to request revocation status during the validation process for T level signatures.
+
+An example of configuring SiVa to request an OCSP response only for certificates issued by Latvian and Lithuanian service providers:
+```text
+t-level-signature-filter.filter-type = ALLOWED_COUNTRIES
+t-level-signature-filter.countries[0] = LV
+t-level-signature-filter.countries[1] = LT
+```
+
+!!! note
+    If enabled, the revocation request is made for every signature level for given countries, not only T level signatures.
+
+| Property | Description |
+| -------- |-------------|
+|**t-level-signature-filter.filter-type**| A string value that determines, which filter is being used. There are two available options: ALLOWED_COUNTRIES or NOT_ALLOWED_COUNTRIES <ul><li>When set to **ALLOWED_COUNTRIES** SiVa uses OnlineOCSPSource to request revocation status for the list of provided countries. If the list of countries is left empty, no OCSP requests are made</li><li>When set to **NOT_ALLOWED_COUNTRIES** SiVa uses OnlineOCSPSource to request revocation status for all the countries that are not on the list. If the list of countries is left empty, it makes an OCSP request for every country</li><li>Default: **N/A**</li></ul> |
+|**t-level-signature-filter.countries**| A list of countries to be provided to the filter. For example: EE, LV, BE <ul><li>Default: **N/A**</li></ul>|
 
 ### Demo webapp parameters
 
@@ -533,4 +553,4 @@ siva.europe.signaturePolicy.policies[1].constraintPath=generic_constraint_qes.xm
 |**siva.service.jsonDataFilesServicePath**| Data file service path in Siva webapp to access the REST/JSON API<ul><li>Default: **/getDataFiles**</li></ul> |
 |**siva.service.soapDataFilesServicePath**| Data file service path in Siva webapp to access the SOAP API <ul><li>Default: **/soap/dataFilesWebService/getDocumentDataFiles**</li></ul> |
 |**siva.service.trustStore**| Path to Siva webapp truststore on classpath <ul><li>Default: **siva_server_truststore.p12**</li></ul> |
-|**siva.service.trustStorePassword**| Siva webapp truststore password <ul><li>Default: **password**</li></ul> |
+|**siva.service.trustStorePassword**| Siva webapp truststore password <ul><li>Default: **password**</li></ul> |