[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-security] Re: [ubl] Re: Making references
At 2009-12-02 11:36 +0100, Andrea Caccia wrote:
>Having thought more, it make sense to consider
>the enveloped form only with XAdES (or the basic XMLDSIG).
>Fot detached forms the cac:Signature should be
>enough, we should consider to update later the
>document or to prepare a new one if UBL TC ask us to do so.
Is there an opportunity (i.e. enough time) for
the one document to guide UBL users in both
embedded and detached signatures so that they can
make an informed decision regarding which way to
go with their own work? I hope this is the case
as (1) users unfamiliar with the options (like
me!) would learn more of what is available and
(2) the review/approval/publication process for
committee documents is onerous enough to give
weight to doing this once instead of twice.
>4) avoid to reuse "Signature" as tag name for
>the wrapping structure, as it can be confusing;
>a generic structure can be defined instead
This has been a common question in SGML and XML
vocabulary development over the years and the
confusion you anticipate may in fact not come to
be. Moreover, using generic names may create
even more confusion than using similar names as
the generic names need then to be documented and
can possibly be misinterpreted. The choice of
labels is *so* very important. BUT!! A light
bulb has just turned on for me and I have some comments below.
>Point 1 alone justify to wrap the signature, so I propose to:
>a) Have a single cac:Signature with a cac:ID
>pointing to wrap:Envelope/cbc:ID, contained in
>an UBL extension, containing one or more
>signatures that applies to the whole document
>(excluding the signature itself of course, using
>already defined XAdES/XMLDSIG rules).
Interesting! I didn't realize there was a
one-to-many relationship here. In my naďveté I
thought it was always one-to-one.
>The content could be:
Looks good!
>b) Have a generic wrapping structure that can be
>reused in similar cases, be part of UBL 2.1,
I think we still need to have this as a
standalone Security SC specification of an
extension, and then include the use of that
extension in the delivered UBL 2.1 schemas. I
don't think it should be part of the UBL 2.1
specification (other than the inclusion in the schemas).
>and could be something like:
><wrap:Envelope>
> <cbc:ID>”AnySignatureID”</cbc:ID> [mandatory
> and unique among all extensions in the document]
> <wrap:Item> [at least one present]
> <cbc:ID>”AnyItemID”</cbc:ID> [optional; absent for this profile]
> <wrap:MimeType> mime type of the
> signatures</wrap:MimeType>[optional, it's the mime type of Value]
> <wrap:Encoding> encoding of the
> signatures</wrap:Encoding>[optional, if not
> present Value contains well formed XML, must be
> present for binary content and specify the base64 filter]
> <wrap:Value>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> xmlns:xades="http://uri.etsi.org/01903/v1.4.1#";>
> [...]
> </ds:Signature>
> </wrap:Value>
> </wrap:Item>
> <wrap:Item>
>...same as above...
> </wrap:Item>
></wrap:Envelope>
>
>Does it makes sense?
Looks great! I like the <wrap:Value> concept,
but didn't realize that this specification was
flexible enough to allow different signature
expressions to be used. Not "flexible enough
from a technical perspective" but "flexible
enough from a policy perspective": I thought
this guideline was a "what to do" specification,
not simply a "how to do" specification.
Is it your intention in the published
specification to cite <ds:Signature> as *the* way
sign a UBL document or *one* way to sign a UBL document?
Note that <wrap:Encoding> won't be needed, as it
is not possible in XML to have a portion of the
tree using a different character encoding than
the rest of the tree. You state "must be present
for binary content and specify base64" which
while it makes sense from a programming data
perspective cannot be expressed using UBL's naming and design rules.
Which leads me to assume that was the only reason
for <wrap:MimeType> and therefore that is no longer needed.
Following the NDR for structuring (which doesn't
allow for alternation), then, the structure would be using a pseudo notation:
wrap:Envelope
cbc:ID
wrap:Item+
cbc:ID
wrap:XMLValue?
wrap:Base64Value?
... with the business rule that one or the other
of XMLValue and Base64Value must be specified but
not both. This is not uncommon in UBL because of
the prohibition of alternation in the NDR modeling.
Now, back to the labels: I was "cheating" when I
arbitrarily picked the names <sig:Signatures> and
<sig:Signature> out of thin air. Though I still
like these names (I do not see them as
potentially confusing as I noted above), these
names should rather be derived from properly developed ISO/IEC 11179 names.
When the Security SC ends up deciding on the
structure to use, we should go through the
appropriate naming exercise to determine the
names to use for the elements. I don't have the
time right now, and I would be worried of wasting
the time if the committee does not agree with the
proposal you've put forward and my comments above.
. . . . . . . . . . . Ken
--
Vote for your XML training: http://www.CraneSoftwrights.com/o/i/
Crane Softwrights Ltd. http://www.CraneSoftwrights.com/o/
Training tools: Comprehensive interactive XSLT/XPath 1.0/2.0 video
Video lesson: http://www.youtube.com/watch?v=PrNjJCh7Ppg&fmt=18
Video overview: http://www.youtube.com/watch?v=VTiodiij6gE&fmt=18
G. Ken Holman mailto:gkholman@CraneSoftwrights.com
Male Cancer Awareness Nov'07 http://www.CraneSoftwrights.com/o/bc
Legal business disclaimers: http://www.CraneSoftwrights.com/legal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]