[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-security] A Simpler Solution [was: Questions regarding the XAdES Profile]
I agree with Roberto's point. Oriol El 27/08/2010, a las 11:25, Roberto Cisternino escribió: > Dear all, > > I understood we do not share a common line actually and I believe the > reason is we are worried about different requirements (business or > technical) and probably we are trying to force a solution that could be > simpler. > > I try to provide an *alternative* solution that should fit all. > This do not means the actual proposals are not good, but I please you to > consider this new one to see if the read is shorter or cleaner. > > Firstly, I want respect two conditions: > - UBL is meant for business > - XAdES is meant for electronic signatures > > so I want keep isolated the two roles and this means I want keep the CoO > as is and cac:Signature metadata as is meant to be used. > > Requirements: > a) - Add more signatures by different actors into different times, > possibly into different part of the document. > b) - Keep some specific metadata about the signer (see CoO) where required > c) - Ensure that subsequent signatures are not difficult to be applied and > are not invalidating the previous. > d) - Do not add complexity with additional scaffolding > e) - Preserve actual UBL documents > > Solution steps: > > 1) Change the xpath filter to be used for signing an UBL document this way: > - Remove from the signed data any cac:Signature metadata > - Remove from the signed data all ext:UBLExtensions > > This filter should solve a) c) > > 2) Continue using the cac:Signature as metadata where required > > This solves b) e) > 3) Add a new extension for each new XAdES signature and optionally > reference the cac:Signature metadata (using one of the latest > methodologies we initially approved) > > This supports a) b) c) d) e) > > > If I am not wrong the idea is to keep signature metadata out of the > signature content this way we are free to add subsequent signatures > without invalidating nothing. > > Hope this helps. > > Roberto > > > -- > * JAVEST by Roberto Cisternino > * > * Document Engineering Services Ltd. - Alliance Member > * UBL Italian Localization SubCommittee (ITLSC), co-Chair > * UBL Online Community editorial board member (ubl.xml.org) > * Italian UBL Advisor > > Roberto Cisternino > > mobile: +39 328 2148123 begin_of_the_skype_highlighting +39 > 328 2148123 end_of_the_skype_highlighting > skype: roberto.cisternino.ubl-itlsc > > [UBL Technical Committee] > http://www.oasis-open.org/committees/ubl > > [UBL Online Community] > http://ubl.xml.org > > [UBL International Conferences] > http://www.ublconference.org > > [UBL Italian Localization Subcommittee] > http://www.oasis-open.org/committees/ubl-itlsc > > [Iniziativa divulgativa UBL Italia] > http://www.ubl-italia.org > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]