RE: [ubl-security] UBL Profile for XML Digital Signatures and XAdES implementation V.01]

["Andrea Caccia" <andrea.caccia@innovery.it>]

Hi Julián,

Thanks for your draft, here follows some issues to fix:

·         Add http://uri.etsi.org/01903/v1.4.1# to “Declared XML Namespace(s)” (note that XAdES 1.4.1 declares this new namespace but keeps the old one (1.3.1) for compatibility with pevious versions

·         Change [[XAdES]Profiles] to [XAdESProfiles] in “Normative References”

·         Change [XAdES] to xades in “1.3 Namespaces”

·         Add the prefix xades141 for the namespace http://uri.etsi.org/01903/v1.4.1# in “1.3 Namespaces” and declare both in clause 4.2 text box

·         The last sentence in 2.2 should be something like: “By choosing the enveloped signature approach and an appropriate place for the signature, UBL format management…”. I think this way is more clear.

I there are no objections, I’d like to be mentioned as Editor instead of Contributor in fact I contributed massively both on the structure and the content of this profile.

 

I am in favor to cover also detached and possibly other form of signature. I mention PAdES (PDF signature) that is now an ETSI standard and there is a good chance that PAdES  become part of ISO32000 and 19005 (PDF/A).

I think we should proceed this way:

-          Have a first agreement on present document, possibly updating the table of content as Oriol suggested to take into account that this profile, as XAdES, covers also the detached signature form. We can also consider to support detached CAdES as it is almost the same thing.

-          Distribute the document to relevant stakeholders to get feedback

-          Complete the profile, considering also the feedback received.

-          If we agree, propose to develop a new PAdES profile to UBL TC. This can benefit from XAdES profile because it can be used inside a PAdES compliant document.

 

I’ll distribute shortly here current CEFACT TBG6 proposal (named DER, Digital Evidence Recommendation) to have from you some feedback, because I’d like to try to introduce there also our approach.

 

Regards,

Andrea

 

                                                                                                                                                                                                                                                        

--------
This message is sent to one or more specific recipient. If you are not the intended recipient, please notify the sender and delete this message.

--------
Questo messaggio č inviato a specifici destinatari. Se non siete i destinatari, siete pregati di informare il mittente e cancellare questo Messaggio.

 

From: JAVEST by Roberto Cisternino [mailto:roberto@javest.com]
Sent: Friday, October 02, 2009 9:45 AM
To: Julián Inza
Cc: ubl-security@lists.oasis-open.org
Subject: Re: [ubl-security] UBL Profile for XML Digital Signatures and XAdES implementation V.01]

 

Hello,
I reply about the use of IDs and URI to reference the signature.

Julián Inza ha scritto:

Dear friends,

I had the enclosed document ready from some time now but I could not find time to send it.

Now that I see the issue involves further discussions, I enclosed the merged document, so you can use it as a placeholder to include your suggestions...

In yellow colour are some points which I think should be further discussed.

Originally, reference to element <ds:Signature> in <cac:Signature> was done through  cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI using  Id (unique identifier) of <ds:Signature>.

the problem here is the URI is not an ID.   Technically there was no value here, but it was like a convention.

Now there are 2 references:

 

This makes more sense as we talk about IDs, but again it is more a convention.