Re: [legalxml-enotary] Request to add agenda item to upcoming eNotaryTC meeting

[Arshad Noor <arshad.noor@strongauth.com>]

Does that mean you still need instructions for validating
the XML based on the XSD I've submitted, or not?  From later
e-mails in this thread, it sounds like you've already verified
the XML samples I've provided.  Please advise.

Arshad Noor
StrongAuth, Inc.

John Messing wrote:
> Agreed, although I later realized I may have (senior) momentarily
> confused cryptographic validation with schema validation.
> 
>> -------- Original Message --------
>> Subject: RE: [legalxml-enotary] Request to add agenda item to upcoming
>> eNotary TC meeting
>> From: "Mark Ladd" <mark.ladd@addison-one.com>
>> Date: Fri, April 11, 2008 6:50 pm
>> To: "'Arshad Noor'" <arshad.noor@strongauth.com>,
>> <legalxml-enotary@lists.oasis-open.org>
>>
>>
>> Arshad,
>>
>> Thank you for your prompt response.  I was away from the office for extended
>> periods today and you provided much better background information than I
>> would have anyway.
>>
>> I saw John's follow-up email and would encourage continuing discussion on
>> the list between now and the TC conference call.  
>>
>> I will be attending a conference this weekend and early next week so I will
>> likely be slow to respond, but look forward to the dialogue.
>>
>>
>> Mark Ladd
>> Addison/One, LLC
>> 262-498-0850
>>  
>> mark.ladd@addison-one.com
>>  
>> -----Original Message-----
>> From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
>> Sent: Friday, April 11, 2008 5:08 PM
>> To: legalxml-enotary@lists.oasis-open.org
>> Subject: Re: [legalxml-enotary] Request to add agenda item to upcoming
>> eNotary TC meeting
>>
>> Being the consultant that John refers to in his e-mail, I will
>> state this in my defense:
>>
>> While I did, indeed, choose to use the XML Signature (DSIG)
>> standard for defining the elements within the eNotary XML Schema
>> Definitions (XSD), there is nothing in DSIG that states you MUST
>> use asymmetric-key based digital signatures to conform to it.
>> Indeed, the DSIG standard allows for other cryptographic key-
>> based signatures within its schema, and that is exactly what I
>> took advantage of.
>>
>> The DSIG standard is a good one.  While it is traditionally
>> associated with PKI/Digital Signatures (in fact, John falls
>> into that same trap when he assumes that), it is not restricted
>> to just asymmetric-keys.  It can be used with symmetric keys too
>> (although there are security issues that must be taken into
>> consideration when looking at any symmetric key-based signature
>> standard).
>>
>> Since DSIG can use any cryptographic key scheme, it made sense
>> to use such a well-known and accepted standard for the eNotary
>> specification.  And it does work.  As evidence, the sample XML
>> files that are included in the zip file sent to the TC, include
>> two symmetric-key based eNotary documents that conform to the
>> XSD I've created and which can be validated correctly by XSD
>> verifiers.
>>
>> So, it is my contention that I have delivered within the spirit
>> and terms of the contract, albeit a little later than planned
>> due to unforeseen communication gaps and new requirements (see
>> below).  I have also indicated to the subcommittee that I plan
>> to complete this project well before the originally scheduled
>> completion date - September/October '08 instead of December '08.
>>
>> The deliverable has also gone above & beyond the original terms
>> and it has accommodated two new business requirements not
>> originally written into the contract:
>>
>> 1) The need to allow existing XML-aware applications to notarize
>>     documents by adding an element to their schema, rather than
>>     by wrapping it within an OASIS defined eNotary element.  The
>>     XSD I've created now allows for both, providing maximum
>>     flexibility to the industry for new & legacy applications;
>>
>> 2) The need to have multiple notaries notarize a single document
>>     at different times and places;
>>
>> It is my goal to ensure that the eNotary standard has the widest
>> acceptance by creating an XSD that is meaningful to everyone.  In
>> the spirit of that goal, I have already indicated to the leaders
>> of the subcommittee, that I will do what is necessary to achieve
>> that objective.  I will reiterate that sentiment here to the TC.
>>
>> I believe, discussion around the rest of John's e-mail is up to
>> the TC.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>>
>> John Messing wrote:
>>> Unfortunately, despite the contractual commitment the consultant changed
>>> his mind and decided he did not want to proceed that way. The TC
>>> leadership has not seen its way to following through on its initial
>>> vision, with the result that the project implementation dates are
>>> grossly overdue and a new proposal, based once again on digital
>>> signature technology, which will likely perpetuate the problems noted in
>>> a and b above notwithstanding the status of xml dsig as an open standard
>>> in non-notary settings, has been put forth in its place.
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  You may a link to this group and all your TCs in OASIS
>> at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  You may a link to this group and all your TCs in OASIS
>> at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>