OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Digital Signature proposal

I am not sure exactly how one should define conformance in this context.  I don't think we are saying anywhere that an application has to *necessarily* be able to generate or validate signatures to be compliant.  I believe there are many odf applications out there which don't do either of these.   I guess this is a difference between formal compliance and semantic compliance.

As it is there are no applications out there which support all of the features of XMLDSig.  So including the XAdES extension - which mostly means including the XAdES namespace declaration - simply allows applications to make use of the extensions if they choose to, which is not that different to the status quo.

On interoperability issues, the XAdES extension makes use of the <Object> element in XMLDSig to add additional qualifying properties to the signature.  A XAdES signature should thus validate correctly with an XMLDSig processor.  Obviously it would ignore the important qualifying properties like <SigningTime>, but otherwise will interoperate just dandy.

Going the other way poses one small issue which is worth noting.  The XAdES specification requires that all of the XMLDSig elements are prefixed <ds:Signature> etc.  Currently, with XMLDSig the prefix is optional.  If interoperability is an issue (which of course it is) we should have a strong recommendation that producers of XMLDSig signatures make use of the prefix.

Regards
Bob

2008/7/31 Jomar Silva <jomar.silva@br.odfalliance.org>
I just would like to remember that an application that support XAdES will also support XMLDsig (XAdES is an extension of it).

I also believe that an application that support only XMLDsig, will be (or may be) able to validate just the XMLDsig portion of the XAdES signature.

There are diagrams here (http://www.w3.org/TR/XAdES/) that demonstrate the differences between XMLDsig and XAdES.

Best,

Jomar

Dave Pawson escreveu: 
2008/7/31 Ming Fei Jia <jiamingf@cn.ibm.com>:
  
Thanks explanation although that can not convince me completely. You said
"...if the application developer choose to only support XMLDsig, it will
still being compliant with ODF 1.2...". Is that true? XMLDsig and XAdES are
as different options in the proposal. If the application only implements
XMLDsig, could the application claim to be compliant with ODF standard? I
think at most it can claim partial compliant. This is the conformance issue.

Another is the interoperability issue. Assume one application only
implements XMLDsig, another application only implements XAdES. How does the
first application validate the signed document with XAdES format generated
by the second application? Seems no way,even both the two applications claim
to be compliant with the same ODF standard.
    
A conformance issue for ODF?
Seems the TC has to choose one or the other if interoperability is
to work for signed documents.


regards


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]