OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-security] A Simpler Solution [was: Questions regarding the XAdES Profile]

Dear all,

I understood we do not share a common line actually and I believe the
reason is we are worried about different requirements (business or
technical) and probably we are trying to force a solution that could be
simpler.

I try to provide an *alternative* solution that should fit all.
This do not means the actual proposals are not good, but I please you to
consider this new one to see if the read is shorter or cleaner.

Firstly, I want respect two conditions:
- UBL is meant for business
- XAdES is meant for electronic signatures

so I want keep isolated the two roles and this means I want keep the CoO
as is and cac:Signature metadata as is meant to be used.

Requirements:
a) - Add more signatures by different actors into different times,
possibly into different part of the document.
b) - Keep some specific metadata about the signer (see CoO) where required
c) - Ensure that subsequent signatures are not difficult to be applied and
are not invalidating the previous.
d) - Do not add complexity with additional scaffolding
e) - Preserve actual UBL documents

Solution steps:

1) Change the xpath filter to be used for signing an UBL document this way:
 - Remove from the signed data any cac:Signature metadata
 - Remove from the signed data all ext:UBLExtensions

This filter should solve a) c)

2) Continue using the cac:Signature as metadata where required

   This solves b) e)
3) Add a new extension for each new XAdES signature and optionally
reference the cac:Signature metadata (using one of the latest
methodologies we initially approved)

  This supports a) b) c) d) e)


If I am not wrong the idea is to keep signature metadata out of the
signature content this way we are free to add subsequent signatures
without invalidating nothing.

Hope this helps.

Roberto


-- 
* JAVEST by Roberto Cisternino
*
* Document Engineering Services Ltd. - Alliance Member
* UBL Italian Localization SubCommittee (ITLSC), co-Chair
* UBL Online Community editorial board member (ubl.xml.org)
* Italian UBL Advisor

  Roberto Cisternino

  mobile: +39 328 2148123 begin_of_the_skype_highlighting              +39
328 2148123      end_of_the_skype_highlighting
  skype:  roberto.cisternino.ubl-itlsc

[UBL Technical Committee]
    http://www.oasis-open.org/committees/ubl

[UBL Online Community]
    http://ubl.xml.org

[UBL International Conferences]
    http://www.ublconference.org

[UBL Italian Localization Subcommittee]
    http://www.oasis-open.org/committees/ubl-itlsc

[Iniziativa divulgativa UBL Italia]
    http://www.ubl-italia.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]