ubl-comment message

Subject: [ubl-comment] Digital Signatures and Error Response Suggestions

From: "Burdett, David" <david.burdett@commerceone.com>
To: ubl-comment@lists.oasis-open.org
Date: Wed, 26 Feb 2003 03:47:04 -0800

Title: [ubl-comment] Digital Signatures and Error Response Suggestions

I would like to make three suggestions for enhancing UBL.

DIGITAL SIGNATURE SUPPORT
Often the authenticity of a UBL document will need to be determined using cryptographic techniques. One way of doing this is to sign the document together with the envelope in which it is contained as, for example, ebXML Messaging provides [1]. However, this means that you HAVE to keep the message around in order to later prove authenticity when the message is being processed. This adds to complexity and only works if messaging protocols such as ebXML Messaging are being used.

A better alternative is to include an XML DSig digital signature [2] element as an *optional* element at the root level of every UBL document. I would also recommend that a guideline is provided that describes how XML digital signatures should be used inside a UBL document in order to improve interoperability.

ERROR RESPONSE DOCUMENT
My second suggestion, is to include a standard "error response" document, within UBL. It is inevitable, that some UBL documents will contain errors which prevent their successful processing. However there is currently no standard way by which the sender of the original message can be informed of this fact. The provision of a standard error response document that could be used to communicate this information would make implementation of interoperable solutions much easier to realize.

APPLICATION ACKNOWLEDGMENT
The final suggestion is to include a standard "application acknowledgement" document, within UBL. Note that this acknowledgement is generated by the *application* that is actually processing the UBL document and is independent of any "messaging" level acknowledgement that might be generated (as ebXML Messaging does). As an example, the nature of the acknowledgement can vary from:

Document Received - i.e. the document was successfully extracted from the message envelope
Document Structure OK - i.e. it is a valid structure that conforms to its XML Schema, or
Document Checked OK - i.e. the content of the document is correct. This can include cross checking of one field against another as well as, for example, checking that identifiers of products or parties have been validated as correct against internal databases

Regards

David Burdett

[1] ebXML Messaging specifications, http://www.oasis-open.org/committees/ebxml-msg/#documents
[2] W3C XML Digital Signature Specification, http://www.w3.org/TR/xmldsig-core/

Director, Product Management, Web Services
Commerce One
4440 Rosewood Drive, Pleasanton, CA 94588, USA
Tel/VMail: +1 (925) 520 4422; Cell: +1 (925) 216 7704
mailto:david.burdett@commerceone.com; Web: http://www.commerceone.com