ubl-security message

Subject: Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1

From: Oriol Bausà Peris <oriol@invinet.org>
To: G. Ken Holman <gkholman@CraneSoftwrights.com>
Date: Sat, 14 Aug 2010 09:14:56 +0200

The main problem we are addressing is that when trying to us cac:Signature we need to create them jointly with the stamping of the digital signature in the extension. This makes the signature and verification process very complex.

When facing the problem of really signing a UBL document we encountered that issue: We were not able to proceed to change the cac:Signature xml instance fragment and adding the signature easily. We were not able to use already existant software tools to place enveloped signatures due to the fact of this specific new functionality, 

Besides that, the existance of the UBL cac:Signature element does not add any value. It can only be a source of inconsistencies between the items stated in cac:Signature and the ones stated inside the digital signature. UBL already had the cac:Signature element, so we just kept it as optional for backwards compatibility. But the idea is not using it, as it is not required.

Regards, Oriol

El 13/08/2010, a las 18:50, G. Ken Holman escribió:

> At 2010-08-13 12:09 -0400, I wrote:
>> I've attached a ZIP file with a signed example reflecting the above (I hope!) and schema fragments that I will put into the release candidate later today ... and you can see that it validates by two W3C Schema processors:
>> 
>> ~/u/UBL/UBL2.1/sig $ w3cschema xsd/maindoc/UBL-Invoice-2.1.xsd sigtest.xml
>> Xerces...
>> Attempting validating, namespace-aware parse
>> Parse succeeded (0.877) with no errors and no warnings.
>> Saxon...
>> No validation errors
>> ~/u/UBL/UBL2.1/sig $
>> 
>> Oriol, are you in a position to remove from the example the faux-signature and replace it with a bona-fide signature and test it?
> 
> I've attached a ZIP with a repaired example, not affecting validation but I hadn't used the new URN that I had proposed and now I am.  And in the spirit of using "ext:" for the extension namespace prefix, I'm now using "sig:" for the signature namespace prefix (instead of "csc:").
> 
> . . . . . . . . . . . Ken <gkholman-sigtest-20100813-1740z.zip>
> --
> XSLT/XQuery training:   after http://XMLPrague.cz 2011-03-28/04-01
> Vote for your XML training:   http://www.CraneSoftwrights.com/o/i/
> Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/o/
> G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
> Male Cancer Awareness Nov'07  http://www.CraneSoftwrights.com/o/bc
> Legal business disclaimers:  http://www.CraneSoftwrights.com/legal

Follow-Ups:
- Re: [spam] Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1
  - From: "Roberto Cisternino" <roberto@javest.com>

References:
- Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1
  - From: "G. Ken Holman" <gkholman@CraneSoftwrights.com>
- Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1
  - From: "G. Ken Holman" <gkholman@CraneSoftwrights.com>
- Re: [spam] Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1
  - From: "Roberto Cisternino" <roberto@javest.com>
- Re: Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1
  - From: "G. Ken Holman" <gkholman@CraneSoftwrights.com>
- Re: Re: [ubl-security] UBL-XAdES-Profile 1.0-RC1
  - From: "G. Ken Holman" <gkholman@CraneSoftwrights.com>