In the past week it's come to my attention that the XML schema in the OASIS CAP 1.1 specification may not adequately support the use of digital signatures as provided in Section 3.3.2.1 of that same specification document.
Digital signatures are a well-established mechanism for ensuring the authenticity of XML messages in complex "system of systems" operating environments such as IPAWS. The original intent that support for digital signatures be mandatory is made clear in Section 3.3.2.1 of the OASIS CAP 1.1 specification, which reads in part "Processors MUST NOT reject a CAP Alert Message containing such a signature simply because they are not capable of verifying it; they MUST continue processing and MAY inform the user of their failure to validate the signature."
Ideally this oversight could be addressed in the next version of the CAP specification. However, in view of the stated intent of FEMA to proceed with IPAWS implementations based on the IPAWS Profile, this problem gains greater urgency.
Therefore I would respectfully suggest that the IPAWS Profile include a profile-specific version of the XML Schema that provides any needed support for inclusion of digital signatures as specified in the CAP 1.1 specification.
Art Botterell, Manager
Community Warning System
Contra Costa County Office of the Sheriff
50 Glacier Drive
Martinez, California 94553
(925) 313-9603
fax (925) 646-1120
--
This publicly archived list offers a means to provide input to the
OASIS Emergency Management TC.
In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.