OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Conflicting conformance statements in UBL-XAdES-Profile-1.0-RC2.doc

Fellow UBL Security SC members,

Per my earlier announcement I have created a basic library for adding 
the necessary UBL scaffolding for a digital signature, and the basic 
XML digital signature itself.

Based on a *lot* of education this morning about XAdES, I will soon 
design the onion-skin wrappers for this environment so that a user 
can add their required form of XAdES (or other specification) to a 
UBL document using my basic library.

The ETSI document at:


... eloquently summarizes the implementation of XAdES with this paragraph:

    "The XML advanced electronic signatures defined in the present
     document will be built by incorporating to the XML signatures
     as defined in [3] XMLDSIG one new ds:Object XML element
     containing the additional qualifying information."

So ... the point of my message today ... while reviewing our 
UBL-XAdES-Profile-1.0-RC2.doc document, I noted a conflicting pair of 
statements regarding conformance:

  - line 292 - "A conformant implementation of this profile MUST support XAdES"

  - line 353 - "It is RECCOMENDED that XAdES extensions are implemented"

The title of our document is "UBL Electronic Signature Profile 
Version 1.0" which doesn't make reference to XAdES, and the 
scaffolding and use of XML digital signatures alone will be useful to 
communities who choose alternatives other than XAdES.

Section 2.3 underscores that no single XAdES form can be mandated by 
our specification, and so I think this supports limiting the 
conformance of our specification solely to scaffolding plus XML 
digital signatures.  Lines 273 through 293 can then be moved to the 
start of section 2.3 for those readers who need to know about the 
context of XAdES within the UBL Profile.

Of course other edits will be required in order to separate the base 
specification from that of XAdES.

I wondered if we could have "profiles of conformance", but I think it 
doesn't make sense to have a "conformance to XAdES" when our users 
have to decide *which* form of XAdES to use.  Since XAdES is added to 
XML digital signatures using mechanisms of XML digital signatures 
outside of our purview (per the paragraph cited above), we (as a UBL 
committee) really have nothing to say about XAdES in UBL.

By enabling XML digital signatures in UBL as we have done, we have 
said it all:  we have *implicitly* enabled XAdES in UBL.  We should 
explain this in our specification, but I don't think our 
specification can simultaneously mandate it and make it 
optional.  And I don't think our specification should mandate XAdES 
because others who use XML digital signatures can use our 
specification without using XAdES.

I hope this is considered helpful.  I'd like to offer my assistance 
in the editing of the text to reflect the above if we agree.

. . . . . . . . . Ken

XSLT/XQuery training:   after http://XMLPrague.cz 2011-03-28/04-01
Vote for your XML training:   http://www.CraneSoftwrights.com/o/i/
Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/o/
G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
Male Cancer Awareness Nov'07  http://www.CraneSoftwrights.com/o/bc
Legal business disclaimers:  http://www.CraneSoftwrights.com/legal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]