OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: UBL Profile for XML Digital Signatures and XAdES implementation

Hello Julián,

Julián Inza ha scritto:

Dear friends,


Here is the last iteration of the document.


In yellow is marked what I think needs further discussion.


Originally the reference  to the element <ds:Signature> in  <cac:Signature> was done through  cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI  using Id (unique identifier) from  <ds:Signature>.

We just need to verify this is a correct way as the above reference is made between an URI element and an attribute ID, also this is requiring a specific awarness into software.


Now there are two references

-          cac:Signature/cbc:ID using Id (unique identifier) from  <ds:Signature>.

-          cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI  using a  #xpointer to  ds:Signature

These are alternatives, and I proposed the 1st as it is comparing an ID with another ID (not an URI).

However the 2nd, based on xpointer, is not complex and is using XML notations that can be better supported by software and reference implementations of XML technologies.
The xpointer(...) syntax contains exactly the XPath to unambiguously identify the location of the enveloped signature.

I would choose the 2nd, and the 1st, if used, should be consistent by using the same ID.

I think UBL TC members could better help on deciding xml related issues.


I think this adds complexity and I don´t understand why could be useful.

It is just to play XML in the right way, or however to avoid requiring too specific coding by adopters.


I have made a small change in the specification of SignatoryParty


Originally it was stated that, being optional, if exists PartyIdentification, its  cbc:ID must be signer  subjectDN . This is not bad. But other identifiers can exists, as an example, the issuer VAT number.  

So, in this versión, if there are elements  PartyIdentification, one must contain attribute  schemaID=”X509SubjectName” in  cbc:ID, y (signer cert).

I leave this to other experts


I foresee your comments.


Sorry for the delay.


Best regards,


Julián Inza


Roberto Cisternino


Nessun virus nel messaggio in arrivo. Controllato da AVG - www.avg.com Versione: 8.5.425 / Database dei virus: 270.14.79/2522 - Data di rilascio: 11/23/09 19:45:00


JAVEST by Roberto Cisternino

* Document Engineering Services Ltd. - Alliance Member * UBL Italian Localization SubCommittee (ITLSC), co-Chair * UBL Online Community editorial board member (ubl.xml.org) * Italian UBL Advisor

Roberto Cisternino

mobile: +39 328 2148123
skype: roberto.cisternino.ubl-itlsc
[UBL Technical Committee] http://www.oasis-open.org/committees/ubl
[UBL Online Community] http://ubl.xml.org
[UBL International Conferences] http://www.ublconference.org
[UBL Italian Localization Subcommittee] http://www.oasis-open.org/committees/ubl-itlsc
[Iniziativa divulgativa UBL Italia] http://www.ubl-italia.org
PPlease consider the environment before printing this email.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]