Items to fix in the ebCPPA 2.1 spec - Sacha Schlegel - org.oasis-open.lists.ebxml-cppa

1 message in org.oasis-open.lists.ebxml-cppaItems to fix in the ebCPPA 2.1 spec

From	Sent On	Attachments
Sacha Schlegel	Mar 29, 2006 10:34 am

Subject:	Items to fix in the ebCPPA 2.1 spec
From:	Sacha Schlegel (ssch...@cyclonecommerce.com)
Date:	Mar 29, 2006 10:34:32 am
List:	org.oasis-open.lists.ebxml-cppa

All,

Looking at the signing of ebXML CPA's we came across two issues we think need to be fixed in the next ebXML CPPA spec.

Section 9.9.1.1 Signature Generation

There is a list with 4 items. The last item (line 3144) tells to add the Signature following the last PartyInfo. That is not correct. The CPPA XML Schema defines to add Signatures after the Packaging and before the Comment.

Samples in the ebCPPA spefication version 2.0 that show elements from the Digital Signature namespace have prefixes for the attributes. XML Schema validating [1] a CPA that is signed and has attributes of the digital signature namespace being prefixed fails. The Digital Signature XML Schema does not include a "attributeFormDefault" attribute which implies that the attributes must not be prefixed. So we think all the samples in the CPA that show ds:Reference elements etc are not valid.

wrong:

<ds:Reference ds:URI="abc"> ... </ds:Reference>

correct:

<ds:Reference URI="abc"> ... </ds:Reference>

Digitally signed ebXML Messages also do not have the prefixes for the Digital Signature namespaced elements attributes.

Kind regards

[1] using Java 1.5 and xerces-j

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets