Re: [ubl-security] UBL Profile for XML Digital Signatures and XAdES implementation V.01]

[Juan Carlos Cruellas <cruellas@ac.upc.edu>]

Just one quick answer,

I would not recommend to use XAdES 1.3.1....this was an intermediate 
version that was immediatly superseded by XAdES 1.3.2. As for the latest 
version is XAdES 1.4.1

Regards

Juan Carlos.
Roberto Cisternino escribió:
> Hello,
> 
> as we are providing the instructions to apply a digital signature to UBL,
> I am not sure we have to constrain UBL 2.x to a specific XAdES version.
> 
> Can we mention XAdES 1.3.1 and later ?
> 
> I think it is more important to inform implementers where the XAdES
> version must be specified into UBL.
> 
> Regards,
> 
> Roberto
> 
>> Hi Julián,
>>
>> Thanks for your draft, here follows some issues to fix:
>>
>> ·         Add http://uri.etsi.org/01903/v1.4.1#
>> <http://uri.etsi.org/01903/v1.4.1>  to “Declared XML Namespace(s)” (note
>> that XAdES 1.4.1 declares this new namespace but keeps the old one (1.3.1)
>> for compatibility with pevious versions
>>
>> ·         Change [[XAdES]Profiles] to [XAdESProfiles] in “Normative
>> References”
>>
>> ·         Change [XAdES] to xades in “1.3 Namespaces”
>>
>> ·         Add the prefix xades141 for the namespace
>> http://uri.etsi.org/01903/v1.4.1# <http://uri.etsi.org/01903/v1.4.2>  in
>> “1.3 Namespaces” and declare both in clause 4.2 text box
>>
>> ·         The last sentence in 2.2 should be something like: “By choosing
>> the enveloped signature approach and an appropriate place for the
>> signature,
>> UBL format management…”. I think this way is more clear.
>>
>> I there are no objections, I’d like to be mentioned as Editor instead of
>> Contributor in fact I contributed massively both on the structure and the
>> content of this profile.
>>
>>
>>
>> I am in favor to cover also detached and possibly other form of signature.
>> I
>> mention PAdES (PDF signature) that is now an ETSI standard and there is a
>> good chance that PAdES  become part of ISO32000 and 19005 (PDF/A).
>>
>> I think we should proceed this way:
>>
>> -          Have a first agreement on present document, possibly updating
>> the
>> table of content as Oriol suggested to take into account that this
>> profile,
>> as XAdES, covers also the detached signature form. We can also consider to
>> support detached CAdES as it is almost the same thing.
>>
>> -          Distribute the document to relevant stakeholders to get
>> feedback
>>
>> -          Complete the profile, considering also the feedback received.
>>
>> -          If we agree, propose to develop a new PAdES profile to UBL TC.
>> This can benefit from XAdES profile because it can be used inside a PAdES
>> compliant document.
>>
>>
>>
>> I’ll distribute shortly here current CEFACT TBG6 proposal (named DER,
>> Digital Evidence Recommendation) to have from you some feedback, because
>> I’d
>> like to try to introduce there also our approach.
>>
>>
>>
>> Regards,
>>
>> Andrea
>>
>>
>>
>>
>>
>>
>> --------
>> This message is sent to one or more specific recipient. If you are not the
>> intended recipient, please notify the sender and delete this message.
>>
>> --------
>> Questo messaggio è inviato a specifici destinatari. Se non siete i
>> destinatari, siete pregati di informare il mittente e cancellare questo
>> Messaggio.
>>
>>
>>
>> From: JAVEST by Roberto Cisternino [mailto:roberto@javest.com]
>> Sent: Friday, October 02, 2009 9:45 AM
>> To: Julián Inza
>> Cc: ubl-security@lists.oasis-open.org
>> Subject: Re: [ubl-security] UBL Profile for XML Digital Signatures and
>> XAdES
>> implementation V.01]
>>
>>
>>
>> Hello,
>> I reply about the use of IDs and URI to reference the signature.
>>
>> Julián Inza ha scritto:
>>
>> Dear friends,
>>
>> I had the enclosed document ready from some time now but I could not find
>> time to send it.
>>
>> Now that I see the issue involves further discussions, I enclosed the
>> merged
>> document, so you can use it as a placeholder to include your
>> suggestions...
>>
>> In yellow colour are some points which I think should be further
>> discussed.
>>
>> Originally, reference to element <ds:Signature> in <cac:Signature> was
>> done
>> through  cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI
>> using
>> Id (unique identifier) of <ds:Signature>.
>>
>> the problem here is the URI is not an ID.   Technically there was no value
>> here, but it was like a convention.
>>
>>
>>
>> Now there are 2 references:
>>
>>
>>
>> This makes more sense as we talk about IDs, but again it is more a
>> convention.
>>
>>
>>
>>
> 
>