OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-security] Re: Sample instances

At 2010-08-16 14:15 +0200, Oriol Bausą Peris wrote:
>I agree with Tim's point this is deriving to something too much complex.

I disagree ... I thought we have decided on a 
very simple structure.  Only three elements are defined in a new vocabulary.

>I'd also like not adding new structures to the 
>already existing UBL extension but the XML Dsig or XAdES ones.

There is no "already existing" UBL extension.  We 
are trying to create the first one.

ETSI has an OCF wrapper around its use of 
<ds:Signature> meeting its requirements.  It doesn't have any attributes.

OpenDocument has its own wrapper around its use 
of <ds:Signature> meeting its requirements.  It has a mandatory attribute.

We have our own wrapper, which in its simplest form is:

    <sig:SignatureInformation>
      <sig:SignatureGroup>
        <ds:Signature>
        </ds:Signature>
      </sig:SignatureGroup>
    </sig:SignatureInformation>

In its more complex form we accommodate the rare 
case in UBL when there is more than one signature 
business object (only one document, the COO) by adding an identifier:

    <sig:SignatureInformation>
      <sig:IdentifiedSignatureGroup>
        <cbc:ID></cbc:ID>
        <sig:SignatureGroup>
          <ds:Signature>
          </ds:Signature>
        </sig:SignatureGroup>
      </sig:IdentifiedSignatureGroup>
    </sig:SignatureInformation>

Optionally, one can use the identifier even if it 
is the only signature.  This becomes a guideline in the Security SC report.

In all cases, there is one parent of 
<ds:Signature> which will make the signing very easy as Andrea observed:

At 2010-08-15 15:34 +0200, Andrea Caccia wrote:
>I like the sig:SignatureGroup concept.
>The rule for XPath is that "everything inside 
>sig:SignatureGroup is unsigned".

Because of a delay in the production of the 
schemas for SGTG, I've attached a working 
schema-valid example of the above, shown here by 
two W3C Schema processors to validate without error:

~/u/UBL/UBL2.1/sig $ w3cschema xsd/maindoc/UBL-Invoice-2.1.xsd sigtest.xml
Xerces...
Attempting validating, namespace-aware parse
Parse succeeded (0.941) with no errors and no warnings.
Saxon...
No validation errors
~/u/UBL/UBL2.1/sig $

Please let me know how you would like to see the attached simplified.

I'd like to understand where the complexity is perceived to be.

. . . . . . . . . . . Ken

gkholman-sigtest-20100816-1230z.zip


--
XSLT/XQuery training:   after http://XMLPrague.cz 2011-03-28/04-01
Vote for your XML training:   http://www.CraneSoftwrights.com/o/i/
Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/o/
G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
Male Cancer Awareness Nov'07  http://www.CraneSoftwrights.com/o/bc
Legal business disclaimers:  http://www.CraneSoftwrights.com/legal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]