[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ubl-security] UBL Profile for XML Digital Signatures and XAdES implementation V.01]
Hello, as we are providing the instructions to apply a digital signature to UBL, I am not sure we have to constrain UBL 2.x to a specific XAdES version. Can we mention XAdES 1.3.1 and later ? I think it is more important to inform implementers where the XAdES version must be specified into UBL. Regards, Roberto > Hi Julián, > > Thanks for your draft, here follows some issues to fix: > > · Add http://uri.etsi.org/01903/v1.4.1# > <http://uri.etsi.org/01903/v1.4.1> to “Declared XML Namespace(s)” (note > that XAdES 1.4.1 declares this new namespace but keeps the old one (1.3.1) > for compatibility with pevious versions > > · Change [[XAdES]Profiles] to [XAdESProfiles] in “Normative > References” > > · Change [XAdES] to xades in “1.3 Namespaces” > > · Add the prefix xades141 for the namespace > http://uri.etsi.org/01903/v1.4.1# <http://uri.etsi.org/01903/v1.4.2> in > “1.3 Namespaces” and declare both in clause 4.2 text box > > · The last sentence in 2.2 should be something like: “By choosing > the enveloped signature approach and an appropriate place for the > signature, > UBL format management…”. I think this way is more clear. > > I there are no objections, I’d like to be mentioned as Editor instead of > Contributor in fact I contributed massively both on the structure and the > content of this profile. > > > > I am in favor to cover also detached and possibly other form of signature. > I > mention PAdES (PDF signature) that is now an ETSI standard and there is a > good chance that PAdES become part of ISO32000 and 19005 (PDF/A). > > I think we should proceed this way: > > - Have a first agreement on present document, possibly updating > the > table of content as Oriol suggested to take into account that this > profile, > as XAdES, covers also the detached signature form. We can also consider to > support detached CAdES as it is almost the same thing. > > - Distribute the document to relevant stakeholders to get > feedback > > - Complete the profile, considering also the feedback received. > > - If we agree, propose to develop a new PAdES profile to UBL TC. > This can benefit from XAdES profile because it can be used inside a PAdES > compliant document. > > > > I’ll distribute shortly here current CEFACT TBG6 proposal (named DER, > Digital Evidence Recommendation) to have from you some feedback, because > I’d > like to try to introduce there also our approach. > > > > Regards, > > Andrea > > > > > > > -------- > This message is sent to one or more specific recipient. If you are not the > intended recipient, please notify the sender and delete this message. > > -------- > Questo messaggio č inviato a specifici destinatari. Se non siete i > destinatari, siete pregati di informare il mittente e cancellare questo > Messaggio. > > > > From: JAVEST by Roberto Cisternino [mailto:roberto@javest.com] > Sent: Friday, October 02, 2009 9:45 AM > To: Julián Inza > Cc: ubl-security@lists.oasis-open.org > Subject: Re: [ubl-security] UBL Profile for XML Digital Signatures and > XAdES > implementation V.01] > > > > Hello, > I reply about the use of IDs and URI to reference the signature. > > Julián Inza ha scritto: > > Dear friends, > > I had the enclosed document ready from some time now but I could not find > time to send it. > > Now that I see the issue involves further discussions, I enclosed the > merged > document, so you can use it as a placeholder to include your > suggestions... > > In yellow colour are some points which I think should be further > discussed. > > Originally, reference to element <ds:Signature> in <cac:Signature> was > done > through cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI > using > Id (unique identifier) of <ds:Signature>. > > the problem here is the URI is not an ID. Technically there was no value > here, but it was like a convention. > > > > Now there are 2 references: > > > > This makes more sense as we talk about IDs, but again it is more a > convention. > > > > -- * JAVEST by Roberto Cisternino * * Document Engineering Services Ltd. - Alliance Member * UBL Italian Localization SubCommittee (ITLSC), co-Chair * UBL Online Community editorial board member (ubl.xml.org) * Italian UBL Advisor Roberto Cisternino mobile: +39 328 2148123 skype: roberto.cisternino.ubl-itlsc [UBL Technical Committee] http://www.oasis-open.org/committees/ubl [UBL Online Community] http://ubl.xml.org [UBL International Conferences] http://www.ublconference.org [UBL Italian Localization Subcommittee] http://www.oasis-open.org/committees/ubl-itlsc [Iniziativa divulgativa UBL Italia] http://www.ubl-italia.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]