Hello
Julián,
please find attached my previous mail I erroneously sent offlist, sorry
for that.
On December the National Centre for Informatics of the Italian
Public Administration (CNIPA) is going to issue a new set of
regulations and a guide for the use of the Digital Signature with main
electronic document formats like UBL.
The UBL profile for applying enveloped digital signatures using the
UBLExtension methodology is seen as a "key" specification that can be
used as a normative reference by the Public Administrations.
XAdES is of course the Digital Signature Standard to be used, but the
specific XAdES implementation profile will be dictaded by local
requirements or Communities like the Europe, I mean that UBL has an
International scope and we cannot constraint too much the use of this
or that signature standards.
These are the two specification issued on the same time due to our
difficult communications during the summer time:
UBL Profile for XML Digital Signatures and XAdES implementation
V.01
http://lists.oasis-open.org/archives/ubl-security/200909/msg00000.html
Electronic Signature in UBL - first draft
http://lists.oasis-open.org/archives/ubl-security/200908/msg00001.html
Julián I please ask you to tell us if you need any support for the
merging activity of the above draft specifications.
Ken Holman is in CC and I please ask him to possibly review the two
documents to comment the way we reference the enveloped signature in
the UBLExtensions using the cac:Signature.
Into the specification at
http://lists.oasis-open.org/archives/ubl-security/200909/msg00000.html
(the 1st in the above list)
there is intentionally indicated a double reference:
a) an implicit reference using IDs (this way a software needs to be
aware of this reference methodology)
b) an explicit reference using XPointer (only the xpointer() part of
the spec.) where we can specify the Xpath to the precise UBLExtension
containing the enveloped signature. This way a software can extract
the xpath from the xpointer() string and discover the enveloped
signature.
I thank you very much for any help on this effort,
Roberto Cisternino
-------- Messaggio Originale --------
Hello Juliàn,
we do not have any news from you for a while,
and the Security Subcommittee should be able at least to provide a
unique draft to be evaluated by the UBL TC.
I think the way we could reference the signature with IDs, URI or
XPointer could be verified by other XML experts we have in UBL TC.
I think Ken Holman could be a valuable source to ensure we are using a
valid approach.
If you share this step we could just forward a copy of the draft
specification to him and we will speed up the result.
If you are involved into other projects and you think you are not able
to complete the merge task in a short time, please contact us asap and
we will provide the required support.
Best regards
Roberto Cisternino