ubl-security message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: E-archiving UBL documents with external attachments
- From: "Pim van der Eijk" <pvde@sonnenglanz.net>
- To: <ubl-security@lists.oasis-open.org>
- Date: Mon, 18 Oct 2010 18:08:32 +0200
Hello,
I'm in a project
where we are exchanging XML documents that use a structure for externally
referenced attachments that is similar to the UBL ExternalReference element (see
below). The XML documents and attachments are exchanged as MIME parts in a
MIME envelope (an ebMS 2.0 envelope in fact, but I think the principle applies
to SOAP-with-attachments generally and similar protocols like MTOM). The
XML document references the attachments using the MIME content id
reference. The attachments are large binary documents,
we do not want to include them as Base64 encoded parts as the MIME structure
facilitates combinations of XML and non-XML payloads so well.
The
protocol supports digitally signing the envelope including all
payloads/attachments. The message service handler (MSH), when receiving a
message, verifies the signature, decrypts any (message-level encrypted)
payloads and unpacks the message envelope. The parts that are passed to
the business application are submitted as a collection of related parts, but the
only proof that these parts were submitted and delivered as a unit is in
the logs and message store of the MSH. Typically, these MSH logs and
backups are purged periodically, and only the delivered payloads are stored, by
the business application.
One of the partners
in my project now argues that, even if the XML is signed, and even if the
signed XML document has a document hash, unique part identifier (like a CID) and
a hash algorithm method, there is a loss of information: in the
archive, the fact that the XML document and the externally referenced
attachments were in the same envelope is not recorded and cannot be
proven. The message store of the MSH supports this, but we do
not want to have to back-up and archive the MIME messages in addition to
the XML document and its payloads.
How do UBL projects handle this, as many UBL documents need to
be archived for years for legal reasons? From an e-archiving point of view, is
it really important, or even legally required, that a UBL document and any
externally referenced payloads were sent as a single
message? I would think that being able to send attachments with documents in a
single MIME envelope is mainly convenience, and that in theory
it should
be possible to send attachments separately, or just reference them,
as long as
they are and remain retrievable, have the referenced content-id (or other
external reference type), the document hash is valid, and the document
containing the hash is signed or sealed. Can external references be used
with documents and attachments that that need to be archived in compliance
with relevant laws?
Pim
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]