OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-ndrsc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-ndrsc] Re: [ubl-lcsc] UBL NDR SC Minutes 4 June 2003


I'm not sure the following is evident from the minutes (perhaps not) but
the sense of the meeting was that NDR was recommending that nothing
be done in this respect; in other words, most people present at the
meeting were also of the idea that it should not be done. There will be no
complex and contentious paper from NDR; not because it is a distraction
from the primary deliverable, but because it would led us to bind UBL to
a particular mechanism for signatures, perhaps even a particular transport
mechanism. I am sure that Mark will be able to articulate this much better
at the next LC meeting.

Tim McGrath wrote:
> At the London Face-to-Face, David presented his case the the LC team. We 
> recognised that there may be a useful business case (in some 
> circumstances) for having a digital signature tied to the instance 
> document.  We viewed this as a 'nice to have' and a 'value-added' 
> feature on the understanding it would be a trivial and simple 
> implementation issue requiring a few lines of schema code appended to 
> each UBL document schema. (something akin to the way namespaces, schema 
> headers, etc are added).  It would also be optional.  We did not think 
> there was any down side to this idea.
> Following this debate has confirmed my personal opinion that this issue 
> is a distraction to the primary deliverable of UBL.  Personally, I will 
> suggest to the LC team that if the NDR position paper is going to be 
> complex and contentious then lets let it sleep for 1p00.  Meanwhile, we 
> can assume implementations will rely on message handling systems (eg 
> ebXML MS) to do this (as Mark reminds us) and their own gateways to link 
> signatures to instances if necessary.
> I will put my view to the LC team on our Friday call and then let the 
> NDR know if we are still keen to pursue this.
> CRAWFORD, Mark wrote:
>> LCSC - Please note item 5b.
>> The UBL NDR SC held a meeting at 11:30 EST 4 June 2003.  
>> http://www.timeanddate.com/worldclock/fixedtime.html?year=2003&mon=06&day=04&hour=15&min=0&sec=0 
>> 5. Discussion Items:
>>     b. Digital Signatures
>>     This issue was raised by Dave Burdett.  He has asked to be a 
>> participant in the discussions.  Jon believes that he has already 
>> added Dave as a member non-voting for the TC. Mark to take for action 
>> for the NDR list.  Paul believes that we may be able to avoid this 
>> whole issue by using external mechanism.  Mark talked about include 
>> and the W3C XML DSig spec.  Eduardo says you can do external.  Eve 
>> says that XML signature allows you to associate signatures with a 
>> document while having the signature separate.  Eve also said that Mark 
>> is right that you can allow for extending the schema through include.  
>> Some other ways are to use channel security (transport security) ie 
>> ebMS.  There is also the OASIS WSS, which has some SOAP header 
>> extensions that allow you to associate the signature with the payload 
>> and goes a step further to be specific to the actual messaging 
>> system.  The reason for imbedding in the payload is if you want it to 
>> be really persistent and don't want to go out to the network to get it 
>> because if the signature is external to the payload then it gets 
>> stripped off.  EG - thinks that UBL should be agnostic on this issue 
>> and does not believe that it is something that UBL should do.  He 
>> thinks that users that may need persistence, then it should be handled 
>> as an allowable context specific extension.  Paul confirmed what Eve 
>> had said regarding persistence.  Anne indicated that LC has in fact 
>> made a decision to support DSig.  Mark express support for Eduardo's 
>> position.  Anne asked if someone would get back to LCSC.  Mark 
>> indicated he would try and join the next LCSC call, but we still did 
>> not have a NDR consensus. Eve says that what is proposed is feasible, 
>> but may not be desirable.   Bill believes that things like 
>> non-repudiation and tamper protection is handled by various transport 
>> mechanisms.  Anne says that LCSC may want the signature to stay with 
>> the document.  Bill believes that we may be on a very slippery slope 
>> with this issue and that there are many difficulties inherent in 
>> trying to bring this in
>> signature is usually multiple fold 1) signing a particular portion or 
>> document ensures that the document has not been modified and 2) who 
>> the document came from.  The problem is that you have to maintain the 
>> canonical form of the document along with the decision.  Bill asserts 
>> that XML DSig recanonicalizes the original submission.  Paul says it 
>> depends on the approach.  Mark to send minutes to LCSC and be on next 
>> LC call.

Eduardo Gutentag               |         e-mail: eduardo.gutentag@Sun.COM
Web Technologies and Standards |         Phone:  +1 510 550 4616 x31442
Sun Microsystems Inc.          |         1800 Harrison St. Oakland, CA 94612
W3C AC Rep / OASIS TAB Chair

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]