[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-security] Draft 08 of UBL security profiles, schemas and examples
Jon, Ken, I'm providing here some additional comment, just small refinements. I suggest we add to the document a short text highlighting that the UBL signature profile can conform to UN/CEFACT recommendation 37 available here: http://www.unece.org/cefact/cf_plenary/plenary10/ECE_TRADE_C_CEFACT_2010_14E.pdf This recommendation is not yet officially endorsed by CEFACT, we can put a temporary note that the reference will be removed if the CEFACT Recommendation will not be finally approved and published at the time of final publication of UBL 2.1. In §3, there is a problem reading the following sentence: "The enveloped signature profile supports a final signature, i.e. a UBL document once signed with a final signature cannot be have any other signature added without invalidating the final signature." --> removing "be" should fix it. The reference to ETSI Associated Signature is fine, but the ETSI document will be published probably within 1-2 months: if this happens in time can we change this reference to the published document (I think this is just an editorial change). As the document has been available for comment for quite a long time, in case no major issue is raised by other members within this week, we can consider the specification approved by the Security SC. Andrea Il giorno 06/gen/2011, alle ore 19.31, Jon Bosak ha scritto: > Hello UBL Security SC, > > We're still waiting for input on Draft 08 of the UBL Security > profiles, schemas, and examples. If you are all satisfied with > the latest draft, it would be good to know that; and if not, we > need to know that, too! > > Ken needs to have your feedback in time to revise and deliver the > description we include in the UBL 2.1 documentation for PRD2, the > assembly process for which we hope to begin at the end of January, > so please attend to this as soon as you can. Thanks! > > Jon > > G. Ken Holman wrote: >> At 2010-11-28 21:33 +0100, Andrea Caccia wrote: >>> Thanks again Ken for your work. >>> Please find attached my comments to the profile: it is in open document with comments and revision marks enabled, derived form the html version. >>> Ad there are not a lot of modification, they can be applied to the original if agreed. >>> As you can see there, I think it's better to keep XAdES normative, even if not mandatory, because the implementor chooses if add XAdES extended properties to the signature(s) but, if yes, the document specify how to do it in a normative way. >>> Let me know what you think. >> I think these changes are excellent ... thank you for taking the time. And it was a good idea to pull the HTML into OpenOffice to do change tracking. >> I hope I've caught everything, including some things I found on my own: >> - removed stage number from "latest version" URIs >> - rearranged editors in alphabetical order >> - reference to XAdES in abstract >> - made XAdES a normative reference >> - 1 - removed charter details >> - 2.3 - removed normative language from informative section (though quoted from a normative specification, the use of normative language may leave the impression the language applies to this specification) >> - 3.1 added a new reserved URI with ":xades" extension >> - 3.1.1 gave equal weight to multiple extension elements or one extension element with multiple signatures >> - 3.1.1 added a new reserved URI with ":xades" extension >> - 3.1.1 Notes 2 and 3 - included <ds:SignatureValue> as well as <ds:Signature> >> - 3.2 added a new reserved URI with :xades" extension >> - various edits in wording and phraseology identified by Andrea and from a review of the text >> - ZIP file has >> - cd08 text in HTML and PDF >> - sample instances (one with a repaired reference) >> - updated schema fragments that include the XAdES support >> Jon, before I make changes to the draft text of the UBL 2.1 Annexes, I would like to have these changes reviewed first by the Security SC. I'll then retrofit the corresponding fixes into the Annexes. That way I'm only reviewing the Annex one more time and not over and over again. >> The ZIP file for CD08 is here: >> http://www.oasis-open.org/committees/document.php?document_id=40440 >> I look forward to the feedback from you, Andrea, and other Security SC members. It shouldn't take long to make sure I've not messed up. >> . . . . . . . . . . Ken >> -- >> Contact us for world-wide XML consulting & instructor-led training >> Crane Softwrights Ltd. http://www.CraneSoftwrights.com/o/ >> G. Ken Holman mailto:gkholman@CraneSoftwrights.com >> Legal business disclaimers: http://www.CraneSoftwrights.com/legal >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]