OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: UBL Profile for XML Digital Signatures and XAdES implementation

Dear Julián,
Thanks for your answer. I see no difference between this this version of the document and the previous one you already sent. Here follows my comments on the issue you identified.

About identification of the signature: ds:Signature has an ID so it must be unique in the XML document;  if I'm not wrong,  cac:Signature/cbc:ID is mandatory when cac:Signature is present. Taking this into account, if we put in cbc:ID the ID associated with ds:Signature the link is unique and unambiguous, so we can avoid to have cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI with the #xpointer as it is redundant and, I agree with you, does not add any additional information.

About SignatoryParty I think the important information is to identify what is the party that is signing: the seller, the buyer or a third party. This is specially important if the signed document is an invoice. I'm not an UBL expert but as SignatoryParty it's better to have an identifier that is meaningful from the business point of view: in this sense we can also avoid to use the Subject DN (it is likely that it is a parameter you get from the signature verification process as part of the result). So my idea is to let the implementor the freedom to insert here what could be relevant as identification of the signing entity at the business/legal processing level.
I propose to use the optional cbc:Note field available inside cac:Signature to bring the mandatory note you have to mention if the invoice is not signed by the seller (i.e. "issued on behalf of the seller" or whatever the regulation of the seller country mandates).

As this document is derived from an original idea (and document) provided by Oriol and as I wrote a good part of the document I think that both of us should be mentioned as Editors, as correctly reported in the document sent by Roberto.

Best regards,
Andrea Caccia

Ing. Andrea Caccia - Studio Caccia
Via Bellingera 3 - 21052 Busto Arsizio - Italy
T. (+39) 0331 633523 - F. (+39) 02 700426959
M. (+39) 392 1890070 - SkypeID: a.caccia

Il giorno 24/nov/2009, alle ore 10.23, Julián Inza ha scritto:

> Dear friends,
> Here is the last iteration of the document.
> In yellow is marked what I think needs further discussion.
> Originally the reference  to the element <ds:Signature> in  <cac:Signature> was done through  cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI  using Id (unique identifier) from  <ds:Signature>.
> Now there are two references
> -          cac:Signature/cbc:ID using Id (unique identifier) from  <ds:Signature>.
> -          cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI  using a  #xpointer to  ds:Signature
> I think this adds complexity and I don´t understand why could be useful.
> I have made a small change in the specification of SignatoryParty
> Originally it was stated that, being optional, if exists PartyIdentification, its  cbc:ID must be signer  subjectDN . This is not bad. But other identifiers can exists, as an example, the issuer VAT number.  
> So, in this versión, if there are elements  PartyIdentification, one must contain attribute  schemaID=”X509SubjectName” in  cbc:ID, y (signer cert).
> I foresee your comments.
> Sorry for the delay.
> Best regards,
> Julián Inza
> <UBL-XAdES-Profile 1.0.doc>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]