OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-psc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ubl-psc] RE: [ubl-tsc] [Fwd: [ubl-psc] Proposal for asignature refenrence]

Hi Stephen,
Think you've misunderstood. COML is not a messaging protocol but a
business document. What we mentioned is that in our solution, the COML
approach is independent of the messaging layer. The digsig is embedded
inside the COML document and is used by the application for multi-signer
approval workflows. 

In ebXML case, the digsig done in the soap header is only used for the
transport layer.


-----Original Message-----
From: Stephen Green [mailto:stephen_green@bristol-city.gov.uk] 
Sent: Thursday, September 29, 2005 6:51 PM
To: Kama, Kamarudin Bin Tambi; plb@itst.dk; ubl-psc@lists.oasis-open.org
Cc: Fu Wang, Thio; Grace Ng, Swee Lee (T&L); Jern Kuan, Leong
Subject: [ubl-psc] RE: [ubl-tsc] [Fwd: [ubl-psc] Proposal for asignature


Hi. Is there anywhere we can view the COML way of using XPath to view
the signature? 

Is the signature in the message header? With ebMS 2, I gather that
everything except 
the message header is an attachment and therefore, I gather, not
available to XPath 
(anyone know better?). I also gather that ebMS 3 allows too for messages
where the
payload is in the body of the SOAP part (non-multipart messages) so in
that case the 
payoad would be available to XPath. I don't have first hand knowledge
of the following 
but from what I've heard said the problems with jsut supporting
signatures in the SOAP
envelope seem to be 

1. that the signature has to apply to the whole of the message (incuding
even the
message header? - not sure about that) and maybe can't just apply to a
part of the 
payload as it could if you had the signature in the payload itself and 

2. if the message header gets discarded in the processing the signature
is no longer 
available to business applications

I've heard say that this may make expensive archiving software necessary
to adequately
store the signature along with the message header and make that
available on request
to the related payload.

So I just wonder if the way COML uses signatures is different for the
way ebMS 2 uses
them and whether COML has an alternative to making the payload an
attachment so
that XPath can be used to point to something in the body, say, of a
message envelope. 

However I remember a comment on ubl-dev that a technology, a proprietary
expects, it seems, to put the signature in the payload and this way it
is available
to downstream applications and just part of the message can be signed or
secured and
the comment, as I remember it, was asking for support for this in UBL.
I'd quite like to
see some further information and some consideration of this approach too
before a
committment was made to one way of using digsig.

All the best

Stephen Green

>>> "Kama, Kamarudin Bin Tambi" <kama@crimsonlogic.com> 29/09/05
08:01:32 >>>
Hi Peter, Tim,

Sorry for the late response. We have reviewed the proposal for signature
reference. Below is our comment:-


1.	The signature reference calls for the usage of detached
signature. This would be useful in scenario where binary data is
involved and where the referenced signature is always available and
accessible via the specified URL
2.	Both ebXML messaging service and COML however uses the enveloped
approach, wherein the digital signature (digsig) is embedded inside the
message itself. In the case of COML, XPath is being used to reference
the appropriate section of the payload that needs the digsig. This is a
preferred approach where we need to perform online verification of
digsig. Hence, there will not be a need to make reference to an external
resource, which may not be available at the time when the digsig
verification is being performed. This reduces the possibility of digsig


We would urge that you study the COML approach in handling digsig for
XML payload.







-----Original Message-----
From: Tim McGrath [mailto:tmcgrath@portcomm.com.au] 
Sent: Tuesday, September 13, 2005 9:06 PM
To: ubl-tsc@lists.oasis-open.org 
Subject: [ubl-tsc] [Fwd: [ubl-psc] Proposal for a signature refenrence]


forwarded from Peter Borresen.  

this is a sample isnatcen of his propsoed digital signature approach.
can we get some technical feedback on the suitability of this for our

-------- Original Message -------- 


[ubl-psc] Proposal for a signature refenrence


Tue, 13 Sep 2005 14:11:49 +0200


Peter Larsen Borresen <plb@itst.dk> <mailto:plb@itst.dk> 


ubl-psc@lists.oasis-open.org, "'ytlee@cecid.hku.hk'"
<mailto:'ytlee@cecid.hku.hk'>  <ytlee@cecid.hku.hk>


'jon.bosak@sun.com' <jon.bosak@sun.com> <mailto:jon.bosak@sun.com> 


Hallo Thomas and Procurement subcommitee
Please find my proposal for a signature reference in the  xml-spy screen
dump and xml example file.
Best regards
Peter L. Borresen
 <<SignatureReference.gif>>  <<UBL-Order-1.0-Office-Example_with


tim mcgrath
phone: +618 93352228  
postal: po box 1289   fremantle    western australia 6160
DOCUMENT ENGINEERING: Analyzing and Designing Documents for Business
Informatics and Web Services


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]