[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [spam] Re: [ubl-security] Questions regarding the XAdES Profile
El 26/08/2010, a las 23:06, G. Ken Holman escribió: > At 2010-08-26 16:49 -0400, Jon Bosak wrote: >> Sorry if this is something that should be obvious to me, but I'm >> not understanding the need for multiple signatures on UBL >> CertificateOfOrigin. > > This sample from Roberto illustrates the multiple signatures on the one form: > > http://www.export911.com/e911/export/docFormA.htm#docFormA I am sorry but I think the sample from Roberto shows that the CoO is signed by two different people. So it is a single group (using your terminology) of two signatures. They are signing the whole document, not parts of it, so there is not need for identifying which part of the document they are signing. > >> I thought our document was just the >> *application* for a COO. Did I get that wrong? > > Ah, that I don't know from the work done two years ago. But looking today at the definitions of the document-level ABIE children, I see: > > A document that describes the Certificate of Origin. > Unique Identifier of the Certificate Of Origin. > Date on which the Certificate Of Origin was issued. > Time at which the Certificate Of Origin was issued. > etc. > > The ASBIE child named CertificateOfOriginApplication appears to be describing the application that created the UBL CertificateOfOrigin instance ... I don't think that makes the CoO document itself the application ... it is just a record of the application details that were the genesis of the UBL document. > > The signature business objects in CoO are as follows: > > cac:CertificateOfOriginApplication/cac:Signature > cac:IssuerEndorsement/cac:Signature > cac:EmbassyEndorsement/cac:Signature > cac:InsuranceEndorsement/cac:Signature > > Roberto, which of the above signatures would correspond to the "Form A" signatures in the example cited above from the page you gave us today? Should we identify for the PRD1 feedback that there are missing signatures needed for CoO to be added for PRD2 based on this example? > > BTW, I just found that the signature business object is in cac:Certificate which is used in cac:Item which is used in exactly 50 of our 60 documents. So it isn't *only* the CoO which has the multiple signature group situation: we'll need a separate signature group in the extension for every item certificate. And they'll need to be able to be signed in an arbitrary order, which forces my hand regarding the digital signature transform expression. > > At least that is how I read it. > > . . . . . . . . . . . Ken > > -- > G. Ken Holman > OASIS Individual Member > Crane Softwrights Ltd. > http://www.oasis-open.org >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]