[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Digital Signature proposal
The XAdES adoption was proposed on Brazilian government by a group of specialists that has analyzed several digital signatures standards and they decided to use ETSI XAdES. XAdES simply extends the XMLDsig standard, already used by BR Digital Signature infrastructure. If an application already supports XMLDsig, it will only need to recognize some aditional parameters to be compatible with XAdES, and if the application developer choose to only support XMLDsig, it will still being compliant with ODF 1.2. This specialist group works on a high level institution in Brazil called ITI, that is related to Brazilian Presidency of the Republic (www.iti.gov.br <http://www.iti.gov.br> ).
I've updated the proposal, to reference the ETSI XAdES document (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=21353). There is also an additional document at ETSI website, regarding the XAdES profiles (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=22942), that defines 3 profiles that can be implemented by applications developers, to assure interoperability (it seems to me that this is more application-specific than something that we need to take care on the file format).
I've also updated the proposed <dsig:document-signatures> attribute, to use the same terms that is used by ETSI to the basic signature types (XAdES-BES and XAdES-EPES).
To understand how Brazilian digital signature infrastructure is working, please check (the pictures) of this presentation: http://www.ciab.org.br/palestras/Wander%20Blanco%20Nunes.pdf (sorry... Brazilian Portuguese, but you may understand the diagrams). There, you may also see that BR infrastructure also use CADES/CMS, but its usage inside ODF spec would be more difficult than using XAdES, an extension of what is already defined on ODF (XMLDsig).
I've also checked the ETSI IPR page (http://webapp.etsi.org/IPR/home.asp) and there are no patents registered there regarding XAdES.
As I've wrote before, the Brazilian DigSig infrastructure (ICP-Brasil) is being adopted as reference for some Latin America countries. There is also a strong effort by Brazilian government to increase the usage of digital signatures, even by small companies. This will means that the Digital Signature capability will be presented on most companies in Brazil on the next few years, and an Office Application that may use it is really desired here.
Fell free to send me any other questions.
Bob Jolliffe escreveu:
Thanks for raising these issues. Taking you comments in reverse order:
2. I agree we need to understand the W3C/ETSI relationship better. The XAdES proposal was made as a result of requirements for use in Brazil. I think we need to ask Jomar to tell us what the current status of XAdES implementation is there.
1. Agreed. But there is a considerable scope for signing and validation tools outside of traditional "office products". For example, the current specification allows for the signing of document fragments using XMLDsig. There are no current office applications which do this, but it is still useful. We are working on one such implementation for validating signatures in our workflows in the document management system. Of course it would be great for office applications to support signing of a text section, but if they don't yet do this its not a disaster. As long as those existing applications don't trash the signatures they don't understand or care about.
2008/7/30 Ming Fei Jia <email@example.com>
I have 2 questions about this proposal:
1)As I know, currently no office products support XAdES. So I would like to know the maturity of this ETSI specification in the market place. ODF is a practical standard that many office products are following up. If ODF introduces and depends on an external immature or unstable specification, this will bring confusion or difficulty for current office product implementations. I only get some experimental results from this link http://www.etsi.org/Application/Search/?search=XAdES.
2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/), which was submitted on the year 2003, but now still is in status of NOTE made available for W3C discussion only, and the copyright is hold by ETSI. So I would like to know what relationship between ETSI and W3C, and whether this relationship will bring some IP issues for ODF.
IBM Lotus Symphony Development
IBM China Software Development LAB, Beijing
Tel: 86-10-82452493 Fax: 86-10-82452887
NOTES:Ming Fei Jia/China/IBM E-mail: firstname.lastname@example.org
Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC
Bob Jolliffe ---07/28/2008 04:41:55 AM---Greetings
Bob Jolliffe <email@example.com>
Jomar Silva <firstname.lastname@example.org>
office TC <email@example.com>
07/28/2008 04:41 AM
Re: [office] Digital Signature proposal
Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.
Can I suggest that
(1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list
(2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August
My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have some consensus by then.
There is an open question raised by Rob Weir around the status of XaDes. Jomar, can you tell us what is being referenced in Brazil?
----- Jomar Silva <firstname.lastname@example.org> wrote:
> I've published today at the wiki
> (http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding
> the Digital Signature support on ODF 1.2, basically expanding the
> existing XMLDSIG proposal to also support XAdES.
> This proposal was developed by me and Bob Joliffe, as he previously
> announced on the list
> I'm waiting your comments.
> Best Regards,
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at: