[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments regarding the UBL signature mechanism from the Spanish Ministryof Finance
Hello UBL Security SC, Below are some signature-related issues from the Spanish Ministry of Finance, forwarded in translation by Oriol. Please attend to these at your earliest opportunity so that changes (if any) are ready for implementation as soon as the initial UBL 2.1 review period ends. It is unfortunate that users like the Ministry of Finance persist in basing implementations on discussion drafts, but this should not influence your effort to develop the best possible support for XAdES in UBL documents. Please consider this as user input and make such changes as you consider appropriate within the context of providing a generally applicable solution. Jon ################################################################## Translation: Regarding the signature proposed in UBL 2.1, we have developed an implementation as proposed in the document "Andrea Caccia, Roberto Cisternino, Oriol Peris Baus, Julián Inza, UBL Electronic Signature Profile Version 1.0, OASIS Committee Draft 06-25 May 2010 "that does not match the diagrams published in UBL version 2.1. We do not consider it necessary to include a reference from the electronic signature included in the component UBLExtensions cac: Signature, since according to the information contained in the document, cac: Signature does not contain information of interest, so that the reference is useless. <cac:Signature> <cbc:ID>UBLDSIG</cbc:ID> [...] <cbc:SignatureMethod> http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xades-enveloped </cbc:SignatureMethod> <cac:SignatoryParty> <cac:PartyIdentification> <cbc:ID>SignatureDefined</cbc:ID> </cac:PartyIdentification> </cac:SignatoryParty> [...] </cac:Signature> If the item cac: Signature contains information concerning the undersigned, this would be redundant with information in the XML-dsig own signature, so it would not be necessary to include a reference. For this reason, we think it is no necessary to include a higher level in the UBL structure of extension <SignatureInformation> , so with the element should be as follows: <ext:UBLExtensions xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"> [...] <ext:UBLExtension> <cbc:ID>0000000001001</cbc:ID> <ext:ExtensionURI>http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xmldsig-enveloped </ext:ExtensionURI> <ext:ExtensionContent xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"> <odsig:document-signatures xmlns:odsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="signature-f1a5-9b1d-972b-d591"> [...] </ds:Signature> </odsig:document-signatures> </ext:ExtensionContent> </ext:UBLExtension> [...] </ext:UBLExtensions> ================================================================== Original: En cuanto a la firma que se propone en UBL 2.1, nosotros hemos desarrollado una implementación siguiendo la propuesta del documento Andrea Caccia, Roberto Cisternino, Oriol Bausà Peris, Julián Inza, /UBL Electronic Signature Profile Version 1.0/, OASIS Committee Draft 06 - 25 May 2010 que no coincide con los esquemas publicados en la versión UBL 2.1. No consideramos necesario incluir una referencia desde la firma electrónica incluida en el UBLExtensions al componente cac:Signature, ya que según la información contenida en el documento el cac:Signature no contiene información de interés, por lo que la referencia es inútil: <cac:Signature> <cbc:ID>UBLDSIG</cbc:ID> [...] <cbc:SignatureMethod> http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xades-enveloped </cbc:SignatureMethod> <cac:SignatoryParty> <cac:PartyIdentification> <cbc:ID>SignatureDefined</cbc:ID> </cac:PartyIdentification> </cac:SignatoryParty> [...] </cac:Signature> En caso de que el elemento cac:Signature contuviera información relativa al firmante, esta sería redundante con la propia información que aparece en la propia firma XML-Dsig, por lo que tampoco sería necesario incluir una referencia. Por este motivo, vemos innecesario incluir un nivel más en la estructura de la extensión UBL con el elemento <SignatureInformation> quedando la estructura de la firma como sigue: <ext:UBLExtensions xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"> [...] <ext:UBLExtension> <cbc:ID>0000000001001</cbc:ID> <ext:ExtensionURI>http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xmldsig-enveloped </ext:ExtensionURI> <ext:ExtensionContent xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"> <odsig:document-signatures xmlns:odsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="signature-f1a5-9b1d-972b-d591"> [...] </ds:Signature> </odsig:document-signatures> </ext:ExtensionContent> </ext:UBLExtension> [...] </ext:UBLExtensions>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]