OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Reminder: UBL-XAdES profile evolving towards an OASIS standard andXAdES plugtest approaching and

Dear UBL security TC members,

Some weeks ago I sent an email reporting that ETSI is organizing a 
remote XAdES / CAdES interoperability plugtest event, and I invited you 
to seriously consider the advantages of participating in such an event 
with major European implementers of XAdES and CAdES.

Since then, I have heard in several places that the XAdES profile 
specified in this committee would actually not fit into the plugtest 
event, as in past plugtests it had been mandated the usage of enveloping 
signatures, while the profile that has been defined in this TC madates 
dettached or enveloped signatures.

Let me to be clear: it is NOT TRUE that this plugtest does not deal with 
dettached and enveloping signatures. The portal contains a number of 
test cases specifying the properties that each XAdES signature to be 
generated and verified has to incorporate. It is true that in past 
plugtests it was suggested to use enveloping and dettached signatures 
signing text documents, specially in the first ones, for concentrating 
into the problems generated by XAdES specifications instead of problems 
generated by other issues like the type of documents, etc, BUT it is 
ALSO a TRUE FACT that in the last plugtests there were participants WHO 
GENERATED ENVELOPED signatures on REAL XML DOCUMENTS that they managed 
in their daily operations, and their signatures were successfully 
verified by all the participants.

Having made this point clear, I would not like to miss this occassion to 
re-state the benefits that for the members of this TC, specially those 
dealing with implementations (I have seen a number of messages exchanged 
on problems in some tests carried out by some of you), their 
participation in this plugtest would bring.

Finally, I would like to raise an additional issue: the rules for 
approving a document as an OASIS Standard require "three Statements of 
Use". I would say that the participation in the would be the perfect 
occassion for actually making use of such specification in generating 
UBL signed documents, and get them verified....

I copy below the original text of the notification of the plugtest, with 
any useful detail on it.

Should you have any question on the plugtest, do not hesitate in 
contacting the ETSI staff in charge.

Best regards

Juan Carlos.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]