[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ubl-psc] RE: [ubl-tsc] [Fwd: [ubl-psc] Proposal for asignature refenrence]
Hi Stephen, Think you've misunderstood. COML is not a messaging protocol but a business document. What we mentioned is that in our solution, the COML approach is independent of the messaging layer. The digsig is embedded inside the COML document and is used by the application for multi-signer approval workflows. In ebXML case, the digsig done in the soap header is only used for the transport layer. Rgds kama -----Original Message----- From: Stephen Green [mailto:stephen_green@bristol-city.gov.uk] Sent: Thursday, September 29, 2005 6:51 PM To: Kama, Kamarudin Bin Tambi; plb@itst.dk; ubl-psc@lists.oasis-open.org Cc: Fu Wang, Thio; Grace Ng, Swee Lee (T&L); Jern Kuan, Leong Subject: [ubl-psc] RE: [ubl-tsc] [Fwd: [ubl-psc] Proposal for asignature refenrence] Kama Hi. Is there anywhere we can view the COML way of using XPath to view the signature? Is the signature in the message header? With ebMS 2, I gather that everything except the message header is an attachment and therefore, I gather, not available to XPath (anyone know better?). I also gather that ebMS 3 allows too for messages where the payload is in the body of the SOAP part (non-multipart messages) so in that case the payoad would be available to XPath. I don't have first hand knowledge of the following but from what I've heard said the problems with jsut supporting signatures in the SOAP envelope seem to be 1. that the signature has to apply to the whole of the message (incuding even the message header? - not sure about that) and maybe can't just apply to a part of the payload as it could if you had the signature in the payload itself and 2. if the message header gets discarded in the processing the signature is no longer available to business applications I've heard say that this may make expensive archiving software necessary to adequately store the signature along with the message header and make that available on request to the related payload. So I just wonder if the way COML uses signatures is different for the way ebMS 2 uses them and whether COML has an alternative to making the payload an attachment so that XPath can be used to point to something in the body, say, of a message envelope. However I remember a comment on ubl-dev that a technology, a proprietary one, expects, it seems, to put the signature in the payload and this way it is available to downstream applications and just part of the message can be signed or secured and the comment, as I remember it, was asking for support for this in UBL. I'd quite like to see some further information and some consideration of this approach too before a committment was made to one way of using digsig. All the best Stephen Green >>> "Kama, Kamarudin Bin Tambi" <kama@crimsonlogic.com> 29/09/05 08:01:32 >>> Hi Peter, Tim, Sorry for the late response. We have reviewed the proposal for signature reference. Below is our comment:- 1. The signature reference calls for the usage of detached signature. This would be useful in scenario where binary data is involved and where the referenced signature is always available and accessible via the specified URL 2. Both ebXML messaging service and COML however uses the enveloped approach, wherein the digital signature (digsig) is embedded inside the message itself. In the case of COML, XPath is being used to reference the appropriate section of the payload that needs the digsig. This is a preferred approach where we need to perform online verification of digsig. Hence, there will not be a need to make reference to an external resource, which may not be available at the time when the digsig verification is being performed. This reduces the possibility of digsig failure. We would urge that you study the COML approach in handling digsig for XML payload. Regards Kama UBL TSC Chair -----Original Message----- From: Tim McGrath [mailto:tmcgrath@portcomm.com.au] Sent: Tuesday, September 13, 2005 9:06 PM To: ubl-tsc@lists.oasis-open.org Subject: [ubl-tsc] [Fwd: [ubl-psc] Proposal for a signature refenrence] forwarded from Peter Borresen. this is a sample isnatcen of his propsoed digital signature approach. can we get some technical feedback on the suitability of this for our needs. -------- Original Message -------- Subject: [ubl-psc] Proposal for a signature refenrence Date: Tue, 13 Sep 2005 14:11:49 +0200 From: Peter Larsen Borresen <plb@itst.dk> <mailto:plb@itst.dk> To: ubl-psc@lists.oasis-open.org, "'ytlee@cecid.hku.hk'" <mailto:'ytlee@cecid.hku.hk'> <ytlee@cecid.hku.hk> <mailto:ytlee@cecid.hku.hk> CC: 'jon.bosak@sun.com' <jon.bosak@sun.com> <mailto:jon.bosak@sun.com> Hallo Thomas and Procurement subcommitee Please find my proposal for a signature reference in the xml-spy screen dump and xml example file. Best regards Peter L. Borresen <<SignatureReference.gif>> <<UBL-Order-1.0-Office-Example_with signatureReference.xml>> -- regards tim mcgrath phone: +618 93352228 postal: po box 1289 fremantle western australia 6160 DOCUMENT ENGINEERING: Analyzing and Designing Documents for Business Informatics and Web Services http://mitpress.mit.edu/catalog/item/default.asp?sid=632C40AB-4E94-4930- A94E-22FF8CA5641F&ttype=2&tid=10476
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]