I was working on the same
subject but I’m afraid I didn’t have enough time until now.
In previous emails we
exchanged some point where we reached some consensus:
-
to recommend enveloped signature, respecting UBL syntax and XAdES syntax,
so that an UBL tool can validate a signed UBL, and a XAdES tool can verify an
UBL document
-
to avoid to prescribe any specific envelope. XAdES-BES is the minimum,
but we should avoid to give too much detalil because they depend on the kind of
document, national regulations, other standard body activities (i.e. CEN
eInvoicing2). Maybe we can raccomand to use XAdES-BES for signature generation
whenever possible to achieve the widest possible interoperability and suggest TS
102 904 as general best practice for implementations.
About signature policies,
do you think we need them? New Italian rules (due for publication very soon) explicitly
XAdES-EPES...
Regards,
Andrea
--------
This message is sent to one or more specific recipient. If you are not the
intended recipient, please notify the sender and delete this message.
--------
Questo messaggio è inviato a specifici destinatari. Se non siete i destinatari,
siete pregati di informare il mittente e cancellare questo Messaggio.
Da: Julián Inza
[mailto:julian.inza@albalia.com]
Inviato: martedì 9 giugno 2009
12.24
A: Jon Bosak
Cc:
ubl-security@lists.oasis-open.org
Oggetto: Re: [ubl-security]
Security SC schedule
Hello Jon,
Yes, I think we are behind schedule. So it would be wise to delay some
milestones.
I have been talking to Oriol to define the scope of the document and I have
some ideas to share with the group.
I hope I will have a pre-draft document by the end of this week, to
circulate for comments.
The idea is based on this Oriol post: http://www.invinet.org/index.php?option=com_content&task=view&id=14&Itemid=10
(sorry it is in spanish) and defining two levels of signature: XAdES BES and
XAdES X-L (this with full evidence of certificate validity at signature time),
acording standard TS 101 903.
We will need a stable OASIS URL for signature policy.
Best regards,
Julian Inza Aldaz
Presidente
Albalia Interactiva, S.L.
: www.albalia.com
: blog.inza.com
: julian.inza@albalia.com
: +34 91 388
0789 
: +34 902 365
612
Please update your address book. Our new postal address is: C/ Mentrida, 6 -
28043 - Madrid (Spain).
Este
mensaje de correo electrónico puede contener INFORMACIÓN CONFIDENCIAL propiedad
de Albalia Interactiva. Si lo ha recibido por error, por favor haga caso omiso,
elimínelo y notifíquelo al remitente. La información personal puede ser añadida
a un fichero de relaciones (que puede incluir información de marketing) en
Albalia Interactiva, donde usted puede ejercer sus derechos de acceso,
rectificación y cancelación de sus datos al amparo de la Ley Orgánica 15/1999.
Usted está autorizado a utilizar los datos personales del firmante de este
mensaje siempre que haya una manera de ejercer los mencionados derechos por el
remitente.
This e-mail message could contain CONFIDENTIAL INFORMATION property of Albalia
Interactiva. If received by mistake, please ignore it, delete it and notify the
sender. Your personal information can be added to a relationships file (that
can include marketing information) at Albalia Interactiva where you can
exercise your rights to access, rectify or cancel your data according spanish
15/1999 Organic Law. You are authorised to use personal data of the signer of
this message as long as there is a way to exercise the mentioned rights by the
sender.
Jon Bosak escribió:
Hello UBL Security Subcommittee,
Are we still on schedule to begin public review of the UBL XAdES
profile? If delivery has slipped, please advise so that I can
update the time line.
Best regards,
Jon
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php