OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: XAdES signatures in ODF - request for comment


Hello Juan and Stefan,

I am writing on behalf of the OASIS Office TC. We have been discussing a proposal regarding digital signatures in the upcoming ODF v1.2 and would appreciate any expert input from the members of the DSS-X TC. If you could circulate the following it would be appreciated.

The current proposal is here:

http://wiki.oasis-open.org/office/DSigProposal

The primary intent of the proposal is to to add XadES signature support to ODF as well as provide explicit support for signatures on xml fragments within a document.

Some of the discussion we have been having around the proposal is archived here:

http://lists.oasis-open.org/archives/office/200808/msg00000.html

The following are open questions we have been discussing:

  1. compatibility between XMLDsig and XAdES signatures. ODF currently has support for XMLDSig. Will an XMLDsig conformant application be able to validate a XAdES signature and vice versa (albeit with some loss of semantic interpretation)? Should we recommend the usage of the <ds:..> prefix for XAdES compatibility?

  2. Given that XAdES is an extension of XMLDSig, is it necessary to address the issue at all in ODF? By supporting XMLDSig signatures can we argue that the format already supports XAdES?  The proposers would like to see explicit support – at least a clear indication that XAdES signatures are valid in an odf document - but not at the expense of raising significant compliance difficulties.

  3. The proposal includes an attribute <signature-type> which indicates the format of XAdES signature used. There has been some discussion around the necessity, name and possible values of this attribute. The purpose is merely to provide a reader with a "hint" as to the signature format which follows.  We note that in the advanced signature profile for DSS there is a <SignatureForm> element which indicates the format of signature requested.  When validating such signatures is it normal for validators to infer the format implicitly and if so how is this typically done? If there is value in maintaining the attribute we should probably change it to be closer to the <SignatureForm> element in DSS and make use of the same list of unique identifiers.

  4. Digital signature requirements are currently a moving target with improving algorithms and a range of different national legislative requirements. We note that in DSS you have adopted a basic core framework with "profiles" describing concrete implementations. There has been some discussion around the merits of adopting a similar approach with ODF. Any comment or suggestion on this would be appreciated.

  5. We have struggled a bit with correct normative references to ETSI XAdES. Most of our initial work has been based on the earlier W3C recommendations. I note that DSS makes reference to "Advanced Electronic Signatures. ETSI TS 101 733. March 2006". I presume this is the proper, most recent, normative reference. There have been some concerns expressed around IPR's – presumably related to the ETSI patent policy which is substantially more rights-inclined than that of W3C. Have there been any concerns expressed within the DSS group we should be aware of?

I would be very grateful for any thoughts on any or all of the above which I can report back to the Office TC.

Kind regards
Bob Jolliffe


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]