OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comments regarding the UBL signature mechanism from the Spanish Ministryof Finance

Hello UBL Security SC,

Below are some signature-related issues from the Spanish Ministry
of Finance, forwarded in translation by Oriol.  Please attend to
these at your earliest opportunity so that changes (if any) are
ready for implementation as soon as the initial UBL 2.1 review
period ends.

It is unfortunate that users like the Ministry of Finance persist
in basing implementations on discussion drafts, but this should
not influence your effort to develop the best possible support for
XAdES in UBL documents.  Please consider this as user input and
make such changes as you consider appropriate within the context
of providing a generally applicable solution.

Jon

##################################################################

Translation:

Regarding the signature proposed in UBL 2.1, we have developed an
implementation as proposed in the document "Andrea Caccia, Roberto
Cisternino, Oriol Peris Baus, Julián Inza, UBL Electronic
Signature Profile Version 1.0, OASIS Committee Draft 06-25 May
2010 "that does not match the diagrams published in UBL version
2.1.

We do not consider it necessary to include a reference from the
electronic signature included in the component UBLExtensions cac:
Signature, since according to the information contained in the
document, cac: Signature does not contain information of interest,
so that the reference is useless.

<cac:Signature>
<cbc:ID>UBLDSIG</cbc:ID>
[...]
<cbc:SignatureMethod>
       http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xades-enveloped
</cbc:SignatureMethod>
<cac:SignatoryParty>
<cac:PartyIdentification>
       <cbc:ID>SignatureDefined</cbc:ID>
</cac:PartyIdentification>
</cac:SignatoryParty>
[...]
</cac:Signature>

If the item cac: Signature contains information concerning the
undersigned, this would be redundant with information in the
XML-dsig own signature, so it would not be necessary to include a
reference.

For this reason, we think it is no necessary to include a higher
level in the UBL structure of extension <SignatureInformation> ,
so with the element should be as follows:

<ext:UBLExtensions
xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2">
        [...]
<ext:UBLExtension>
<cbc:ID>0000000001001</cbc:ID>
<ext:ExtensionURI>http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xmldsig-enveloped
</ext:ExtensionURI>
<ext:ExtensionContent
xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2">
<odsig:document-signatures
xmlns:odsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="signature-f1a5-9b1d-972b-d591">
                            [...]
                            </ds:Signature>
</odsig:document-signatures>
</ext:ExtensionContent>
</ext:UBLExtension>
[...]
</ext:UBLExtensions>

==================================================================

Original:

En cuanto a la firma que se propone en UBL 2.1, nosotros hemos
desarrollado una implementación siguiendo la propuesta del
documento “Andrea Caccia, Roberto Cisternino, Oriol Bausà
Peris, Julián Inza, /UBL Electronic Signature Profile Version
1.0/, OASIS Committee Draft 06 - 25 May 2010” que no coincide
con los esquemas publicados en la versión UBL 2.1.

No consideramos necesario incluir una referencia desde la firma
electrónica incluida en el UBLExtensions al componente
cac:Signature, ya que según la información contenida en el
documento el cac:Signature no contiene información de interés, por
lo que la referencia es inútil:

<cac:Signature>
<cbc:ID>UBLDSIG</cbc:ID>
[...]
<cbc:SignatureMethod>
       http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xades-enveloped
</cbc:SignatureMethod>
<cac:SignatoryParty>
<cac:PartyIdentification>
       <cbc:ID>SignatureDefined</cbc:ID>
</cac:PartyIdentification>
</cac:SignatoryParty>
[...]
</cac:Signature>


En caso de que el elemento cac:Signature contuviera información
relativa al firmante, esta sería redundante con la propia
información que aparece en la propia firma XML-Dsig, por lo que
tampoco sería necesario incluir una referencia.

Por este motivo, vemos innecesario incluir un nivel más en la
estructura de la extensión UBL con el elemento
<SignatureInformation> quedando la estructura de la firma como
sigue:

<ext:UBLExtensions
xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2">
        [...]
<ext:UBLExtension>
<cbc:ID>0000000001001</cbc:ID>
<ext:ExtensionURI>http://docs.oasis-open.org/ubl/securitysc/cd-dsigp-1/xmldsig-enveloped
</ext:ExtensionURI>
<ext:ExtensionContent
xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2">
<odsig:document-signatures
xmlns:odsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="signature-f1a5-9b1d-972b-d591">
                            [...]
                            </ds:Signature>
</odsig:document-signatures>
</ext:ExtensionContent>
</ext:UBLExtension>
[...]
</ext:UBLExtensions>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]