[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl] MINUTES FROM EUROPE ASIA UBL WORKING SESSION WEDNESDAY6th JULY at 0800 UTC
CRAWFORD, Mark wrote: >>Two approaches have been identified: >>a. encapsulating the digital signature inside the document >>(the Crimson Logic approach) b. referencing the digital >>signature from the document and storing it externally (the >>DTTN and ebXML approach). >> >>Both have their strengths and weaknesses. >> >>Action Item: Peter will create a draft of how the Digital >>Signature could be referenced from a UBL document and pass to >>Thomas for his input. > > > B allows a wider use of UBL for those who may prohibit the encapsulating > of the digsig. My understanding is that the WS Security TC(s) in OASIS > are taking this approach (encapsulating the digsig hash in the SOAP > envelope rather that the individual document(s)). Given: |---part 1 <soap:Envelope> <soap:Header>..</soap:Header> <soap:Body>...payload(business doc?)...</soap:Body> <soap:Envelope> |---part 2..n Attachment.. WS Security TC places the signature in the header and the 'business document' in the payload, with possibility for attachments as mime parts. Now, you can decide what to sign, probably you want all of it hashed: the signature, the body and the attachments. The important thing I think you missed is that the signature holds reference to the signed parts, and not the parts to the signature. In the WS Security case, the signature exists as long as the SOAP message exists, after that the references might not make much sense (though you could go complex and use your custom URI resolver that would point to the right parts even without the SOAP message). In ebXML RegRep we use the WS Security approach now, with version 3.0. Before that we had the signature as an attachment - and 'non-standard' API to handle it. The trade off is that before we used to store the signature and the document, now we are happy with transport security only. Regards, Diego -- Diego Ballve Digital Artefacts Europe http://www.digital-artefacts.fi/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]