[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ubl-tsc] [Fwd: [ubl-psc] Proposal for a signature refenrence]
Hi Peter, Pls see my response below.
Rgds kama
-----Original
Message-----
Hi Kama
Do I understand you correctly when that ebXML supports a solution where the xml-document and the signature are in the same envelope, but in different payloads? Kama>> Think you’ve misunderstood. COML is not a messaging protocol but a business document. What we mentioned is that in our solution, the COML approach is independent of the messaging layer. The digsig is embedded inside the COML document and is used by the application for multi-signer approval workflows. In ebXML case, the digsig done in the soap header is only used for the transport layer.
What I suggest is that the xml-document becomes able to refer to the signature, not only as a URL but also as a Mime reference. Kama>> OK, noted.
The problem with embeddign the siganture in the xml-document is 1) it becomes invalid if it is transformed to an other document. Kama>> How does this differ from your proposed approach? Whenever any XML document is being transformed, the digsig is no longer valid.
2) A digital signature on a xml document is not valid in legal terms. Only a transformation of a xml-document can be brought into a court room. Kama>> Think lets not get into the legal aspect of it. Each country will have its own Electronic Transaction Act. Interpretation might differ from country to country.
3) A digital signature with the purpose of ensuring that no one has tampered with the document has nothing to do in a procurement document. This is a matter for the transportation layer. Kama>> This depends on whether the entire procurement process requires the document to be signed or not.
What is needed at the business level is infomation about whether someone actual has aproved the document. On the other hand, to reference the signature gives you problem with consistency and persistency. This can be solved by adding two more fields in document reference: GaranteeStoragePeriode and Hashcode (perhaps hashmethod as well). Kama>> So, there’s a problem with detached signature?
I would like to here more about your requirements.
Kind regards
Peter L. Borresen
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]