OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-x-comment] Questions about DSS-X Local Signature Computation Version 1.0

Dear Ernst,

thanks for your quick answer. Beyond XSD modification, could you also explain the Profile-issue? I mean, as I understand the described workflow, in two-step-approach case, the result of SECOND SignRequest (identified by Profile attribute) should be XAdES, PAdES, CAdES etc. structure into which the posted PKCS#1 encoded hash (e.g. SignatureValue element of XMLDSIG/XAdES) shall be embedded.

BR, Aron


Dear Aron,

Thank you very much for your comments.

A quick look at the XSD made it clear to me that the XSD was unfortunately not updated with the change regarding the use of RequestDocumentHash (which should be in the XSD).

We will discuss your remarks in our team and will provide a detailed response as soon as possible.

With kind regards

Ernst Jan van Nigtevecht

Szabó Áron wrote:
> Dear Members,
> I am writing in connection with Local Signature Computation Version 1.0 specification.
> I have seen the e-mail sent on 2015-08-25 about the announcement of publication the specification Version 1.0. I looked through the related descriptions and schemas and I found that somehow the "final" version of XML schema does not correspond to "final" version of specification. I could perform XML schema validations on sample XML files by using "csprd02". E.g. from "final" XML schema the "RequestDocumentHash" is missing, it contains "ReturnDocumentHash". Also there was a comment about this in "Appendix E" but it is not clear which version may be the last: 'Processed the comments on CSD 01; see "https://www.oasis-open.org/committees/document.php?document_id=53473&wg_abbrev=dss-x";. Renamed localsig:ReturnDocumentHash into localsig:RequestDocumentHash (in Section in the code).' So, shall I use "RequestDocumentHash" or "ReturnDocumentHash" in SignRequest messages?
> The other thing that was interesting that at Two-Step Approach operation mode (identified by: "http://docs.oasis-open.org/dss-x/ns/localsig/two-step-approach";), the "Profile" attribute at the SECOND SignRequest MUST also be "http://docs.oasis-open.org/dss-x/ns/localsig";. For the FIRST SignRequest, it is clear, that this identifies that returned value shall be just a simple hash, but at the SECOND SignRequest the client shall identify the finalized type of the result Signature structure which should be e.g. "urn:oasis:names:tc:dss:1.0:profiles:XAdES" in case of XAdES, isn't it?!
> Anyway, just in general, I can say, that I liked the descriptions of all uses cases in this document. They are all in conformance with NPAPI-free operation modes that are supported by recently used, eIDAS-conform eID systems such as German or Hungarian national eID cards.
> BR, Aron

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]