Re: [dss] XML Time-sstamp and implied references. - related problems

[Juan Carlos Cruellas <cruellas@ac.upc.edu>]

Nick,

Nick Pope wrote:

>Juan Carlos and all,
>
>I agree with the comment.  I think that this can be deleted as this is
>already covered by 3.3.1 item 1d i:
>"i.	If the <Document> has a RefURI attribute, the <ds:Reference> element’s
>URI attribute is set to the value of the RefURI attribute, else this
>attribute is omitted.
>A signature MUST NOT be created if more than one RefURI is omitted in the
>set of input documents and the server MUST report a RequesterError."
>
>  
>
I think that we should try to find some text for section 5.1.1. As for 
the text you
mention, this would actually go against my proposal if applied for 
instance in the
timestamping profile: it would require to put all the RefURI but one.... 
which actually
is a good catch: taking into account what I have said in my prevous 
email, shouldn't we
delete the sentence:

"A signature MUST NOT be created if more than one RefURI is omitted in the
set of input documents and the server MUST report a RequesterError."

Why should we not allow to create ds:Signatures without URI attributes in more than one
ds:Reference?


>I note however that there a few related issues
>
>Related problem 1 - No refURI in <DocumentHash> and <TransformedData>
>
>There is a related in problem with handling <DocumentHash> (as well as
>transformed data) as 3.3.6 (and 3.3.5) reference 3.3.1 item 1d which
>includes the processing of RefURI in <Document>.  However, <DocumentHash>
>and <TransformedData> are both defined as an element of <InputDocument>
>instead of <Document>, and so does not have the attribute RefURI.
>
>Thus, I suggest that <DocumentHash> and <TransformedData> are both made
>elements of <Document>.
>
>  
>
Or maybe make them derived from DocumentBaseType....for instance so they 
would incorporate
the attributes you mention.

>Related problem 2 - 2.4.3 Definition of <TransformedData>
>
>This says name="DocumentHash" should be name="TransformedData"  (presumeably
>cut and past error).
>
>  
>
Agree

>Related problem 3 - 4.3.2.2 Item 11
>
>This does not cover all the different ways of passing the Input Document
>(including Hash).  I suggest that this references the general signature
>verification procedures in 4.3.
>
>  
>
I think that this will change as a result of the work on time-stamps 
following our skype call with Ed.

>Related Problem 4 - 4.3 Item 2.  This does not cover the case of implied
>reference.
>
>Suggest add "The RefURI MAY be omitted in at most one of the set of Input
>documents.  "
>
>Nick
>
>  
>
>>-----Original Message-----
>>From: Juan Carlos Cruellas [mailto:cruellas@ac.upc.edu]
>>Sent: 17 February 2006 13:26
>>To: DSS TC List
>>Subject: [dss] XML Time-sstamp and implied references.
>>
>>
>>Dear all,
>>
>>The core document, in its section 5.1.1 mandates that
>>
>>"For every input document being timestamped, there MUST be a single
>><ds:Reference> element whose URI attribute references the document".
>>
>>I think that we should not be so restrictive. XMLDSIG allows for
>>ds:Reference elements without URI attributes, leaving the applications
>>the task of actually retrieving the  documents. My opinion is that we
>>should also replicate this behaviour and allowing ds:Reference without
>>URI attributes for those situations (like XAdES signatures, for
>>instance) where applications making use of the time-stamps already know
>>how to get the time-stamped data objects and how to compute the
>>messageImprint.
>>
>>Regards
>>
>>Juan Carlos.
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe from this mail list, you must leave the OASIS TC that
>>generates this mail.  You may a link to this group and all your
>>TCs in OASIS
>>at:
>>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>>
>>
>>    
>>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe from this mail list, you must leave the OASIS TC that
>generates this mail.  You may a link to this group and all your TCs in OASIS
>at:
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>
>  
>