|Jomar Silva||Jul 11, 2008 9:59 am|
|Bob Jolliffe||Jul 12, 2008 7:09 am|
|robe...@us.ibm.com||Jul 13, 2008 12:12 pm|
|Duane Nickull||Jul 13, 2008 12:35 pm|
|Bob Jolliffe||Jul 27, 2008 1:27 pm|
|Ming Fei Jia||Jul 30, 2008 4:02 am||.gif, .gif, .gif, 8 more|
|Bob Jolliffe||Jul 30, 2008 4:52 am|
|Jomar Silva||Jul 30, 2008 9:01 am|
|Duane Nickull||Jul 30, 2008 9:13 am|
|Dave Pawson||Jul 30, 2008 9:40 am|
|Duane Nickull||Jul 30, 2008 9:51 am|
|Dave Pawson||Jul 30, 2008 10:28 am|
|Duane Nickull||Jul 30, 2008 10:49 am|
|Ming Fei Jia||Jul 31, 2008 9:17 am||.gif, .gif, .gif, 13 more|
|Dave Pawson||Jul 31, 2008 9:56 am|
|Jomar Silva||Jul 31, 2008 10:32 am|
|Bob Jolliffe||Jul 31, 2008 10:42 am|
|Dave Pawson||Jul 31, 2008 11:41 am|
|Duane Nickull||Jul 31, 2008 11:47 am|
|robe...@us.ibm.com||Jul 31, 2008 2:43 pm|
|Duane Nickull||Jul 31, 2008 2:54 pm|
|Jomar Silva||Jul 31, 2008 3:15 pm|
|Duane Nickull||Jul 31, 2008 3:32 pm|
|Ming Fei Jia||Jul 31, 2008 10:53 pm||.gif, .gif, .gif, 6 more|
|Dee Schur||Aug 1, 2008 7:05 am|
|Michael Brauer - Sun Germany - ham02 - Hamburg||Aug 8, 2008 5:57 am|
|Michael Brauer - Sun Germany - ham02 - Hamburg||Aug 8, 2008 6:06 am|
|Dave Pawson||Aug 8, 2008 6:11 am|
|Bob Jolliffe||Aug 8, 2008 7:06 am|
|Michael Brauer - Sun Germany - ham02 - Hamburg||Aug 11, 2008 4:49 am|
|Bob Jolliffe||Aug 12, 2008 12:57 am|
|Subject:||Re: [office] Digital Signature proposal|
|From:||Ming Fei Jia (jiam...@cn.ibm.com)|
|Date:||Jul 31, 2008 9:17:15 am|
Thanks explanation although that can not convince me completely. You said "...if the application developer choose to only support XMLDsig, it will still being compliant with ODF 1.2...". Is that true? XMLDsig and XAdES are as different options in the proposal. If the application only implements XMLDsig, could the application claim to be compliant with ODF standard? I think at most it can claim partial compliant. This is the conformance issue.
Another is the interoperability issue. Assume one application only implements XMLDsig, another application only implements XAdES. How does the first application validate the signed document with XAdES format generated by the second application? Seems no way,even both the two applications claim to be compliant with the same ODF standard.
Mingfei Jia(¼ÖÃ÷·É) IBM Lotus Symphony Development IBM China Software Development LAB, Beijing Tel: 86-10-82452493 Fax: 86-10-82452887 NOTES:Ming Fei Jia/China/IBM E-mail: jiam...@cn.ibm.com Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC
Inactive hide details for Jomar Silva ---07/31/2008 12:16:14 AM---Hi Bob,Jomar Silva ---07/31/2008 12:16:14 AM---Hi Bob,
From: Jomar Silva <joma...@br.odfalliance.org> To: Bob Jolliffe <bobj...@gmail.com> Cc: Ming Fei Jia/China/IBM@IBMCN, office TC <off...@lists.oasis-open.org> Date: 07/31/2008 12:16 AM Subject: Re: [office] Digital Signature proposal
The XAdES adoption was proposed on Brazilian government by a group of specialists that has analyzed several digital signatures standards and they decided to use ETSI XAdES. XAdES simply extends the XMLDsig standard, already used by BR Digital Signature infrastructure. If an application already supports XMLDsig, it will only need to recognize some aditional parameters to be compatible with XAdES, and if the application developer choose to only support XMLDsig, it will still being compliant with ODF 1.2. This specialist group works on a high level institution in Brazil called ITI, that is related to Brazilian Presidency of the Republic (www.iti.gov.br).
I've updated the proposal, to reference the ETSI XAdES document (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=22942), that defines 3 profiles that can be implemented by applications developers, to assure interoperability (it seems to me that this is more application-specific than something that we need to take care on the file format).
I've also updated the proposed <dsig:document-signatures> attribute, to use the same terms that is used by ETSI to the basic signature types (XAdES-BES and XAdES-EPES).
To understand how Brazilian digital signature infrastructure is working, please check (the pictures) of this presentation: http://www.ciab.org.br/palestras/Wander%20Blanco%20Nunes.pdf (sorry... Brazilian Portuguese, but you may understand the diagrams). There, you may also see that BR infrastructure also use CADES/CMS, but its usage inside ODF spec would be more difficult than using XAdES, an extension of what is already defined on ODF (XMLDsig).
I've also checked the ETSI IPR page (http://webapp.etsi.org/IPR/home.asp) and there are no patents registered there regarding XAdES.
As I've wrote before, the Brazilian DigSig infrastructure (ICP-Brasil) is being adopted as reference for some Latin America countries. There is also a strong effort by Brazilian government to increase the usage of digital signatures, even by small companies. This will means that the Digital Signature capability will be presented on most companies in Brazil on the next few years, and an Office Application that may use it is really desired here.
Fell free to send me any other questions.
Bob Jolliffe escreveu:
Thanks for raising these issues. Taking you comments in reverse order:
2. I agree we need to understand the W3C/ETSI relationship better. The XAdES proposal was made as a result of requirements for use in Brazil. I think we need to ask Jomar to tell us what the current status of XAdES implementation is there.
1. Agreed. But there is a considerable scope for signing and validation tools outside of traditional "office products". For example, the current specification allows for the signing of document fragments using XMLDsig. There are no current office applications which do this, but it is still useful. We are working on one such implementation for validating signatures in our workflows in the document management system. Of course it would be great for office applications to support signing of a text section, but if they don't yet do this its not a disaster. As long as those existing applications don't trash the signatures they don't understand or care about.
Regards Bob 2008/7/30 Ming Fei Jia <jiam...@cn.ibm.com>
I have 2 questions about this proposal:
1)As I know, currently no office products support XAdES. So I would like to know the maturity of this ETSI specification in the market place. ODF is a practical standard that many office products are following up. If ODF introduces and depends on an external immature or unstable specification, this will bring confusion or difficulty for current office product implementations. I only get some experimental results from this link http://www.etsi.org/Application/Search/?search=XAdES.
2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/), which was submitted on the year 2003, but now still is in status of NOTE made available for W3C discussion only, and the copyright is hold by ETSI. So I would like to know what relationship between ETSI and W3C, and whether this relationship will bring some IP issues for ODF.
Mingfei Jia(¼ÖÃ÷·É) IBM Lotus Symphony Development IBM China Software Development LAB, Beijing Tel: 86-10-82452493 Fax: 86-10-82452887 jiam...@cn.ibm.com Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC
Bob Jolliffe ---07/28/2008 04:41:55 AM---Greetings
From: Bob Jolliffe <bo...@dst.gov.za> To: Jomar Silva <joma...@br.odfalliance.org> Cc: office TC <off...@lists.oasis-open.org> Date: 07/28/2008 04:41 AM Subject: Re: [office] Digital Signature proposal
Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.
Can I suggest that (1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list (2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August
My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have some consensus by then.
There is an open question raised by Rob Weir around the status of XaDes. Jomar, can you tell us what is being referenced in Brazil?
Kind regards Bob
----- Jomar Silva <joma...@br.odfalliance.org> wrote: > Greetings. > > I've published today at the wiki > (http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding > the Digital Signature support on ODF 1.2, basically expanding the > existing XMLDSIG proposal to also support XAdES. > > This proposal was developed by me and Bob Joliffe, as he previously > announced on the list > (http://lists.oasis-open.org/archives/office/200804/msg00216.html). > > I'm waiting your comments. > > Best Regards, > > Jomar > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that