Re: [ubl-lcsc] UBL NDR SC Minutes 4 June 2003

[Tim McGrath <tmcgrath@portcomm.com.au>]

At the London Face-to-Face, David presented his case the the LC team. 
 We recognised that there may be a useful business case (in some 
circumstances) for having a digital signature tied to the instance 
document.  We viewed this as a 'nice to have' and a 'value-added' 
feature on the understanding it would be a trivial and simple 
implementation issue requiring a few lines of schema code appended to 
each UBL document schema. (something akin to the way namespaces, schema 
headers, etc are added).  It would also be optional.  We did not think 
there was any down side to this idea.

Following this debate has confirmed my personal opinion that this issue 
is a distraction to the primary deliverable of UBL.  Personally, I will 
suggest to the LC team that if the NDR position paper is going to be 
complex and contentious then lets let it sleep for 1p00.  Meanwhile, we 
can assume implementations will rely on message handling systems (eg 
ebXML MS) to do this (as Mark reminds us) and their own gateways to link 
signatures to instances if necessary.

I will put my view to the LC team on our Friday call and then let the 
NDR know if we are still keen to pursue this.


CRAWFORD, Mark wrote:

>LCSC - Please note item 5b.
>
>The UBL NDR SC held a meeting at 11:30 EST 4 June 2003.  http://www.timeanddate.com/worldclock/fixedtime.html?year=2003&mon=06&day=04&hour=15&min=0&sec=0
>
>5. Discussion Items:
>
>	b. Digital Signatures
>
>	This issue was raised by Dave Burdett.  He has asked to be a participant in the discussions.  Jon believes that he has already added Dave as a member non-voting for the TC. Mark to take for action for the NDR list.  Paul believes that we may be able to avoid this whole issue by using external mechanism.  Mark talked about include and the W3C XML DSig spec.  Eduardo says you can do external.  Eve says that XML signature allows you to associate signatures with a document while having the signature separate.  Eve also said that Mark is right that you can allow for extending the schema through include.  Some other ways are to use channel security (transport security) ie ebMS.  There is also the OASIS WSS, which has some SOAP header extensions that allow you to associate the signature with the payload and goes a step further to be specific to the actual messaging system.  The reason for imbedding in the payload is if you want it to be really persistent and don't want to go out to the network to get it because if the signature is external to the payload then it gets stripped off.  EG - thinks that UBL should be agnostic on this issue and does not believe that it is something that UBL should do.  He thinks that users that may need persistence, then it should be handled as an allowable context specific extension.  Paul confirmed what Eve had said regarding persistence.  Anne indicated that LC has in fact made a decision to support DSig.  Mark express support for Eduardo's position.  Anne asked if someone would get back to LCSC.  Mark indicated he would try and join the next LCSC call, but we still did not have a NDR consensus. Eve says that what is proposed is feasible, but may not be desirable.   Bill believes that things like non-repudiation and tamper protection is handled by various transport mechanisms.  Anne says that LCSC may want the signature to stay with the document.  Bill believes that we may be on a very slippery slope with this issue and that there are many difficulties inherent in trying to bring this int
>signature is usually multiple fold 1) signing a particular portion or document ensures that the document has not been modified and 2) who the document came from.  The problem is that you have to maintain the canonical form of the document along with the decision.  Bill asserts that XML DSig recanonicalizes the original submission.  Paul says it depends on the approach.  Mark to send minutes to LCSC and be on next LC call. 
>
>  
>

-- 
regards
tim mcgrath
phone: +618 93352228  
postal: po box 1289   fremantle    western australia 6160