OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [ubl-comment] Digital Signatures and Error Response Suggestions

Title: [ubl-comment] Digital Signatures and Error Response Suggestions

I would like to make three suggestions for enhancing UBL.

Often the authenticity of a UBL document will need to be determined using cryptographic techniques. One way of doing this is to sign the document together with the envelope in which it is contained as, for example, ebXML Messaging provides [1]. However, this means that you HAVE to keep the message around in order to later prove authenticity when the message is being processed. This adds to complexity and only works if messaging protocols such as ebXML Messaging are being used.

A better alternative is to include an XML DSig digital signature [2] element as an *optional* element at the root level of every UBL document. I would also recommend that a guideline is provided that describes how XML digital signatures should be used inside a UBL document in order to improve interoperability.

My second suggestion, is to include a standard "error response" document, within UBL. It is inevitable, that some UBL documents will contain errors which prevent their successful processing. However there is currently no standard way by which the sender of the original message can be informed of this fact. The provision of a standard error response document that could be used to communicate this information would make implementation of interoperable solutions much easier to realize.

The final suggestion is to include a standard "application acknowledgement" document, within UBL. Note that this acknowledgement is generated by the *application* that is actually processing the UBL document and is independent of any "messaging" level acknowledgement that might be generated (as ebXML Messaging does). As an example, the nature of the acknowledgement can vary from:


David Burdett

[1] ebXML Messaging specifications, http://www.oasis-open.org/committees/ebxml-msg/#documents
[2] W3C XML Digital Signature Specification, http://www.w3.org/TR/xmldsig-core/

Director, Product Management, Web Services
Commerce One
4440 Rosewood Drive, Pleasanton, CA 94588, USA
Tel/VMail: +1 (925) 520 4422; Cell: +1 (925) 216 7704
mailto:david.burdett@commerceone.com; Web: http://www.commerceone.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC