[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [QA-0p70] Digital Signature Comment
Eve,
One of the comments on 0p70 is from David Burdett
and goes into digital signatures. We (the QA Team) would like your
feedback on this one. Is this out of scope, should this be discussed at the Face
to Face?
Lisa
David's comment:
"UBL documents cannot be digitally signed
directly."
His proposed solutions:
"Add an optional XML Dsig element to the root of
each document and guidelines on how it should be used.
Often the authenticity of a UBL document will need to be determined using cryptographic techniques. One way of doing this is to sign the document together with the envelope in which it is contained as, for example, ebXML Messaging provides [1]. However, this means that you HAVE to keep the message around in order to later prove authenticity when the message is being processed. This adds to complexity and only works if messaging protocols such as ebXML Messaging are being used. A better alternative is to include an XML DSig digital signature [2] element as an *optional* element at the root level of every UBL document. I would also recommend that a guideline is provided that describes how XML digital signatures should be used inside a UBL document in order to improve interoperability. [1] ebXML Messaging specifications, http://www.oasis-open.org/committees/ebxml-msg/#documents [2] W3C XML Digital Signature Specification, http://www.w3.org/TR/xmldsig-core/ QA Team recognized importance of this area. Security was out of scope for 0p70, but will be taken up at F2F." ++++++++++++++++++++++++++++++++++++++++++++++++++++
Lisa Seaburg AEON LLC Website: http://www.aeon-llc.com/ Email: lseaburg@aeon-llc.com Alternative Email: xcblgeek@yahoo.com Phone: 662-562-7676 Cellphone: 662-501-7676 "Remember that great love and great achievements
involve great
risk."
++++++++++++++++++++++++++++++++++++++++++++++++++++ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]