RE: [legalxml-enotary] Request to add agenda item to upcoming eNotary TC meeting

[John Messing <jmessing@law-on-line.com>]

Might be helpful if not too much trouble, particularly if others are
interested.

> -------- Original Message --------
> Subject: Re: [legalxml-enotary] Request to add agenda item to upcoming
> eNotary TC meeting
> From: Arshad Noor <arshad.noor@strongauth.com>
> Date: Sat, April 12, 2008 10:57 am
> To: John Messing <jmessing@law-on-line.com>
> Cc: legalxml-enotary@lists.oasis-open.org
> 
> 
> Does that mean you still need instructions for validating
> the XML based on the XSD I've submitted, or not?  From later
> e-mails in this thread, it sounds like you've already verified
> the XML samples I've provided.  Please advise.
> 
> Arshad Noor
> StrongAuth, Inc.
> 
> John Messing wrote:
> > Agreed, although I later realized I may have (senior) momentarily
> > confused cryptographic validation with schema validation.
> > 
> >> -------- Original Message --------
> >> Subject: RE: [legalxml-enotary] Request to add agenda item to upcoming
> >> eNotary TC meeting
> >> From: "Mark Ladd" <mark.ladd@addison-one.com>
> >> Date: Fri, April 11, 2008 6:50 pm
> >> To: "'Arshad Noor'" <arshad.noor@strongauth.com>,
> >> <legalxml-enotary@lists.oasis-open.org>
> >>
> >>
> >> Arshad,
> >>
> >> Thank you for your prompt response.  I was away from the office for extended
> >> periods today and you provided much better background information than I
> >> would have anyway.
> >>
> >> I saw John's follow-up email and would encourage continuing discussion on
> >> the list between now and the TC conference call.  
> >>
> >> I will be attending a conference this weekend and early next week so I will
> >> likely be slow to respond, but look forward to the dialogue.
> >>
> >>
> >> Mark Ladd
> >> Addison/One, LLC
> >> 262-498-0850
> >>  
> >> mark.ladd@addison-one.com
> >>  
> >> -----Original Message-----
> >> From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
> >> Sent: Friday, April 11, 2008 5:08 PM
> >> To: legalxml-enotary@lists.oasis-open.org
> >> Subject: Re: [legalxml-enotary] Request to add agenda item to upcoming
> >> eNotary TC meeting
> >>
> >> Being the consultant that John refers to in his e-mail, I will
> >> state this in my defense:
> >>
> >> While I did, indeed, choose to use the XML Signature (DSIG)
> >> standard for defining the elements within the eNotary XML Schema
> >> Definitions (XSD), there is nothing in DSIG that states you MUST
> >> use asymmetric-key based digital signatures to conform to it.
> >> Indeed, the DSIG standard allows for other cryptographic key-
> >> based signatures within its schema, and that is exactly what I
> >> took advantage of.
> >>
> >> The DSIG standard is a good one.  While it is traditionally
> >> associated with PKI/Digital Signatures (in fact, John falls
> >> into that same trap when he assumes that), it is not restricted
> >> to just asymmetric-keys.  It can be used with symmetric keys too
> >> (although there are security issues that must be taken into
> >> consideration when looking at any symmetric key-based signature
> >> standard).
> >>
> >> Since DSIG can use any cryptographic key scheme, it made sense
> >> to use such a well-known and accepted standard for the eNotary
> >> specification.  And it does work.  As evidence, the sample XML
> >> files that are included in the zip file sent to the TC, include
> >> two symmetric-key based eNotary documents that conform to the
> >> XSD I've created and which can be validated correctly by XSD
> >> verifiers.
> >>
> >> So, it is my contention that I have delivered within the spirit
> >> and terms of the contract, albeit a little later than planned
> >> due to unforeseen communication gaps and new requirements (see
> >> below).  I have also indicated to the subcommittee that I plan
> >> to complete this project well before the originally scheduled
> >> completion date - September/October '08 instead of December '08.
> >>
> >> The deliverable has also gone above & beyond the original terms
> >> and it has accommodated two new business requirements not
> >> originally written into the contract:
> >>
> >> 1) The need to allow existing XML-aware applications to notarize
> >>     documents by adding an element to their schema, rather than
> >>     by wrapping it within an OASIS defined eNotary element.  The
> >>     XSD I've created now allows for both, providing maximum
> >>     flexibility to the industry for new & legacy applications;
> >>
> >> 2) The need to have multiple notaries notarize a single document
> >>     at different times and places;
> >>
> >> It is my goal to ensure that the eNotary standard has the widest
> >> acceptance by creating an XSD that is meaningful to everyone.  In
> >> the spirit of that goal, I have already indicated to the leaders
> >> of the subcommittee, that I will do what is necessary to achieve
> >> that objective.  I will reiterate that sentiment here to the TC.
> >>
> >> I believe, discussion around the rest of John's e-mail is up to
> >> the TC.
> >>
> >> Arshad Noor
> >> StrongAuth, Inc.
> >>
> >>
> >> John Messing wrote:
> >>> Unfortunately, despite the contractual commitment the consultant changed
> >>> his mind and decided he did not want to proceed that way. The TC
> >>> leadership has not seen its way to following through on its initial
> >>> vision, with the result that the project implementation dates are
> >>> grossly overdue and a new proposal, based once again on digital
> >>> signature technology, which will likely perpetuate the problems noted in
> >>> a and b above notwithstanding the status of xml dsig as an open standard
> >>> in non-notary settings, has been put forth in its place.
> >>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe from this mail list, you must leave the OASIS TC that
> >> generates this mail.  You may a link to this group and all your TCs in OASIS
> >> at:
> >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe from this mail list, you must leave the OASIS TC that
> >> generates this mail.  You may a link to this group and all your TCs in OASIS
> >> at:
> >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php