[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: XAdES signatures in ODF - request for comment]
-------- Mensaje original --------
Asunto: XAdES signatures in ODF - request for comment
Fecha: Thu, 14 Aug 2008 11:53:04 +0100
De: Bob Jolliffe <bobjolliffe@gmail.com>
Para: cruellas@ac.upc.edu, stefan@drees.name
CC: office TC <office@lists.oasis-open.org>
Hello Juan and Stefan,
I am writing on behalf of the OASIS Office TC. We have been discussing a
proposal regarding digital signatures in the upcoming ODF v1.2 and would
appreciate any expert input from the members of the DSS-X TC. If you
could circulate the following it would be appreciated.
The current proposal is here:
http://wiki.oasis-open.org/office/DSigProposal
The primary intent of the proposal is to to add XadES signature support
to ODF as well as provide explicit support for signatures on xml
fragments within a document.
Some of the discussion we have been having around the proposal is
archived here:
http://lists.oasis-open.org/archives/office/200808/msg00000.html
The following are open questions we have been discussing:
1.
compatibility between XMLDsig and XAdES signatures. ODF currently
has support for XMLDSig. Will an XMLDsig conformant application be
able to validate a XAdES signature and vice versa (albeit with
some loss of semantic interpretation)? Should we recommend the
usage of the <ds:..> prefix for XAdES compatibility?
2.
Given that XAdES is an extension of XMLDSig, is it necessary to
address the issue at all in ODF? By supporting XMLDSig signatures
can we argue that the format already supports XAdES? The
proposers would like to see explicit support – at least a clear
indication that XAdES signatures are valid in an odf document -
but not at the expense of raising significant compliance
difficulties.
3.
The proposal includes an attribute <signature-type> which
indicates the format of XAdES signature used. There has been some
discussion around the necessity, name and possible values of this
attribute. The purpose is merely to provide a reader with a "hint"
as to the signature format which follows. We note that in the
advanced signature profile for DSS there is a <SignatureForm>
element which indicates the format of signature requested. When
validating such signatures is it normal for validators to infer
the format implicitly and if so how is this typically done? If
there is value in maintaining the attribute we should probably
change it to be closer to the <SignatureForm> element in DSS and
make use of the same list of unique identifiers.
4.
Digital signature requirements are currently a moving target with
improving algorithms and a range of different national legislative
requirements. We note that in DSS you have adopted a basic core
framework with "profiles" describing concrete implementations.
There has been some discussion around the merits of adopting a
similar approach with ODF. Any comment or suggestion on this would
be appreciated.
5.
We have struggled a bit with correct normative references to ETSI
XAdES. Most of our initial work has been based on the earlier W3C
recommendations. I note that DSS makes reference to "Advanced
Electronic Signatures. ETSI TS 101 733. March 2006". I presume
this is the proper, most recent, normative reference. There have
been some concerns expressed around IPR's – presumably related to
the ETSI patent policy which is substantially more rights-inclined
than that of W3C. Have there been any concerns expressed within
the DSS group we should be aware of?
I would be very grateful for any thoughts on any or all of the above
which I can report back to the Office TC.
Kind regards
Bob Jolliffe
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]