OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-security] Re: [ubl] Re: Making references


El 23/12/2009, a las 14:57, G. Ken Holman escribió:

My only comment has to do with the identifiers for extensions.  I strongly feel we cannot impose any constraints on extension identifiers.  Their interpretation is solely for the management of extensions amongst other extensions.  I firmly believe ext:UBLExtension/cbc:ID values should not have any reflection on business objects of any kind, including signature objects.  It is scaffolding information, it is not business information.


Hi Ken,

In the actual document there is no use nor reference to an extension identifier, so your concern about the identifiers for extensions does not apply at all.

The methods of linkage between the cac:Signature component and the extension is two ways (release 0.1 of the document):

cac:Signature/cbc:ID element  to <ds:Signature id="   "> id attribute
XPointer from DigitalSignatureAttachment/cac:ExternalReference/cbc:URI to the extension

The following <cac:Signature> elements values are defined:

·       <cbc:ID> MUST be present and its value MUST be equal to the <ds:Signature> Id attribute above mentioned. This ID provides a simple way to associate the cac:Signature metadata to the effective digital signature details (see “AnySignatureID” in the above sample).

·       <cbc:SignatureMethod> MUST be present and MUST contain the URI identifying this profile and its major version (http://docs.oasis-open.org/ubl/securitysc/wd-dsigp-1).

·       <cac:PartyIdentification> is optional but, if present, it MUST contain the element <cbc:ID> containing the Distinguished Name (DN) as present in the subject of the signer certificate, as present in <ds:X509SubjectName> and specified in [RFC4514].

cac:DigitalSignatureAttachment/cac:ExternalReference/cbc:URI MUST be present to specify an URI reference pointing to the enveloped signature.  As the signature is placed into an <ext:UBLExtension> the URI is expressed using a fragment identifier [RFC3986] that locates the digital signature in the extension content.  The URI reference fragment identifier syntax MUST be based on [XPointer], this way a precise [XPath] can be specified to precisely locate the signature.


Best wishes 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]