SECTION 8.7
741
Digital Signatures
8.7.3 Permissions
The
Perms
entry in the document catalog (see Table 3.25) specifies a
permissions
dictionary (PDF 1.5).
Each entry in this dictionary (see Table 8.107 for the cur-
rently defined entries) specifies the name of a permission handler that controls ac-
cess permissions for the document. These permissions are similar to those defined
by security handlers (see Table 3.20 on page 123) but do not require that the docu-
ment be encrypted. For a permission (for example, the ability to fill in form fields)
to be actually granted for a document, it must be allowed by each permission han-
dler that is present in the permissions dictionary as well as by the security handler.
TABLE 8.107 Entries in a permissions dictionary
KEY
TYPE
VALUE
DocMDP
dictionary
(Optional)
An indirect reference to a signature dictionary (see Table 8.102). This
dictionary must contain a
Reference
entry that is a signature reference dictionary
(see Table 8.103) that has a
DocMDP
transform method (see “DocMDP” on page
If this entry is present, consumer applications should enforce the permissions spec-
ified by the
P
attribute in the
DocMDP
transform parameters dictionary and should
also validate the corresponding signature based on whether any of these permis-
sions have been violated.
UR
dictionary
(Optional)
A signature dictionary that is used to specify and validate additional ca-
pabilities (usage rights) granted for this document; that is, the enabling of interac-
tive features of the viewer application that are not available by default.
For example, Adobe Reader does not permit saving documents by default, but Ado-
be Systems may grant permissions that enable saving in Adobe Reader for specific
documents. The signature is used to validate that the permissions have been granted
by Adobe Systems.
The signature dictionary must contain a
Reference
entry that is a signature refer-
ence dictionary that has a
UR
transform method (see “UR” on page 733). The trans-
form parameter dictionary for this method indicates which additional permissions
should be granted for the document. If the signature is valid, the Adobe Reader al-
lows the specified permissions for the document, in addition to the application’s de-
fault permissions.
The signature dictionary must not contain a
ByteRange
entry.
UR3
dictionary
(Optional; PDF 1.6)
A signature dictionary that specifies and validates usage rights.
The description of the
UR
entry above applies to
UR3
, except that the signature dic-
tionary must contain a
ByteRange
entry. See “UR” on page 733 for details.