OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-security] A Simpler Solution [was: Questions regarding the XAdES Profile]

I agree with Roberto's point.
Oriol

El 27/08/2010, a las 11:25, Roberto Cisternino escribió:

> Dear all,
> 
> I understood we do not share a common line actually and I believe the
> reason is we are worried about different requirements (business or
> technical) and probably we are trying to force a solution that could be
> simpler.
> 
> I try to provide an *alternative* solution that should fit all.
> This do not means the actual proposals are not good, but I please you to
> consider this new one to see if the read is shorter or cleaner.
> 
> Firstly, I want respect two conditions:
> - UBL is meant for business
> - XAdES is meant for electronic signatures
> 
> so I want keep isolated the two roles and this means I want keep the CoO
> as is and cac:Signature metadata as is meant to be used.
> 
> Requirements:
> a) - Add more signatures by different actors into different times,
> possibly into different part of the document.
> b) - Keep some specific metadata about the signer (see CoO) where required
> c) - Ensure that subsequent signatures are not difficult to be applied and
> are not invalidating the previous.
> d) - Do not add complexity with additional scaffolding
> e) - Preserve actual UBL documents
> 
> Solution steps:
> 
> 1) Change the xpath filter to be used for signing an UBL document this way:
> - Remove from the signed data any cac:Signature metadata
> - Remove from the signed data all ext:UBLExtensions
> 
> This filter should solve a) c)
> 
> 2) Continue using the cac:Signature as metadata where required
> 
>   This solves b) e)
> 3) Add a new extension for each new XAdES signature and optionally
> reference the cac:Signature metadata (using one of the latest
> methodologies we initially approved)
> 
>  This supports a) b) c) d) e)
> 
> 
> If I am not wrong the idea is to keep signature metadata out of the
> signature content this way we are free to add subsequent signatures
> without invalidating nothing.
> 
> Hope this helps.
> 
> Roberto
> 
> 
> -- 
> * JAVEST by Roberto Cisternino
> *
> * Document Engineering Services Ltd. - Alliance Member
> * UBL Italian Localization SubCommittee (ITLSC), co-Chair
> * UBL Online Community editorial board member (ubl.xml.org)
> * Italian UBL Advisor
> 
>  Roberto Cisternino
> 
>  mobile: +39 328 2148123 begin_of_the_skype_highlighting              +39
> 328 2148123      end_of_the_skype_highlighting
>  skype:  roberto.cisternino.ubl-itlsc
> 
> [UBL Technical Committee]
>    http://www.oasis-open.org/committees/ubl
> 
> [UBL Online Community]
>    http://ubl.xml.org
> 
> [UBL International Conferences]
>    http://www.ublconference.org
> 
> [UBL Italian Localization Subcommittee]
>    http://www.oasis-open.org/committees/ubl-itlsc
> 
> [Iniziativa divulgativa UBL Italia]
>    http://www.ubl-italia.org
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]