OASIS Open Document Format for Office Applications (OpenDocument) TC

Expand all | Collapse all

Digital Signature proposal

  • 1.  Digital Signature proposal

    Posted 07-11-2008 16:59
    Greetings.
    
    I've published today at the wiki 
    (http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding 
    the Digital Signature support on ODF 1.2, basically expanding the 
    existing XMLDSIG proposal to also support XAdES.
    
    This proposal was developed by me and Bob Joliffe, as he previously 
    announced on the list 
    (http://lists.oasis-open.org/archives/office/200804/msg00216.html).
    
    I'm waiting your comments.
    
    Best Regards,
    
    Jomar
    


  • 2.  Re: [office] Digital Signature proposal

    Posted 07-12-2008 14:10
    Hi Jomar
    
    I've made a slight fix to the section on fragment signatures.  I think you lost some text copying and pasting to the wiki.
    
    Regards
    Bob
    
    ----- Jomar Silva 


  • 3.  Re: [office] Digital Signature proposal

    Posted 07-13-2008 19:12

    Thanks for putting this proposal together.  I'm very much interested in seeing strong signature support (and encryption support) in ODF 1.2

    I'm not familiar with XAdES.  I see that in the W3C it was left as a Note, and not pursued as a Recommendation.  Do we know why?  And why is the status of XAdES in ETSI?  Do they now own and maintain it?  If so, should we reference their latest version, and not the W3C's?

    -Rob


    Jomar Silva <jomar.silva@br.odfalliance.org> wrote on 07/11/2008 01:00:11 PM:


    > Greetings.
    >
    > I've published today at the wiki
    > (
    http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding
    > the Digital Signature support on ODF 1.2, basically expanding the
    > existing XMLDSIG proposal to also support XAdES.
    >
    > This proposal was developed by me and Bob Joliffe, as he previously
    > announced on the list
    > (
    http://lists.oasis-open.org/archives/office/200804/msg00216.html).
    >
    > I'm waiting your comments.
    >
    > Best Regards,
    >
    > Jomar
    >


  • 4.  Re: [office] Digital Signature proposal

    Posted 07-27-2008 20:28
    Greetings
    
    Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.
    
    Can I suggest that 
    (1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list
    (2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August
    
    My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have some consensus by then.
    
    There is an open question raised by Rob Weir around the status of XaDes.  Jomar, can you tell us what is being referenced in Brazil?
    
    Kind regards
    Bob
    
    ----- Jomar Silva 


  • 5.  Re: [office] Digital Signature proposal

    Posted 07-30-2008 11:03

    I have 2 questions about this proposal:

    1)As I know, currently no office products support XAdES. So I would like to know the maturity of this ETSI specification in the market place. ODF is a practical standard that many office products are following up. If ODF introduces and depends on an external immature or unstable specification, this will bring confusion or difficulty for current office product implementations. I only get some experimental results from this link http://www.etsi.org/Application/Search/?search=XAdES.

    2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/), which was submitted on the year 2003, but now still is in status of NOTE made available for W3C discussion only, and the copyright is hold by ETSI. So I would like to know what relationship between ETSI and W3C, and whether this relationship will bring some IP issues for ODF.


    Best Regards,

    Mingfei Jia(贾明飞)
    IBM Lotus Symphony Development
    IBM China Software Development LAB, Beijing
    Tel: 86-10-82452493 Fax: 86-10-82452887
    NOTES:Ming Fei Jia/China/IBM E-mail: jiamingf@cn.ibm.com
    Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC

    Bob Jolliffe ---07/28/2008 04:41:55 AM---Greetings


    From:

    Bob Jolliffe <bobj@dst.gov.za>

    To:

    Jomar Silva <jomar.silva@br.odfalliance.org>

    Cc:

    office TC <office@lists.oasis-open.org>

    Date:

    07/28/2008 04:41 AM

    Subject:

    Re: [office] Digital Signature proposal




    Greetings

    Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.

    Can I suggest that
    (1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list
    (2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August

    My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have some consensus by then.

    There is an open question raised by Rob Weir around the status of XaDes.  Jomar, can you tell us what is being referenced in Brazil?

    Kind regards
    Bob

    ----- Jomar Silva <jomar.silva@br.odfalliance.org> wrote:
    > Greetings.
    >
    > I've published today at the wiki
    > (
    http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding
    > the Digital Signature support on ODF 1.2, basically expanding the
    > existing XMLDSIG proposal to also support XAdES.
    >
    > This proposal was developed by me and Bob Joliffe, as he previously
    > announced on the list
    > (
    http://lists.oasis-open.org/archives/office/200804/msg00216.html).
    >
    > I'm waiting your comments.
    >
    > Best Regards,
    >
    > Jomar
    >
    > ---------------------------------------------------------------------
    > To unsubscribe from this mail list, you must leave the OASIS TC that
    > generates this mail.  Follow this link to all your TCs in OASIS at:
    >
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
    >
    >


    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that
    generates this mail.  Follow this link to all your TCs in OASIS at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 




  • 6.  Re: [office] Digital Signature proposal

    Posted 07-30-2008 11:53
    Hi Ming

    Thanks for raising these issues.  Taking you comments in reverse order:

    2.  I agree we need to understand the W3C/ETSI relationship better.  The XAdES proposal was made as a result of requirements for use in Brazil.  I think we need to ask Jomar to tell us what the current status of XAdES implementation is there.  

    1.  Agreed.  But there is a considerable scope for signing and validation tools outside of traditional "office products".  For example, the current specification allows for the signing of document fragments using XMLDsig.  There are no current office applications which do this, but it is still useful.  We are working on one such implementation for validating signatures in our workflows in the document management system.  Of course it would be great for office applications to support signing of a text section, but if they don't yet do this its not a disaster.  As long as those existing applications don't trash the signatures they don't understand or care about.

    Regards
    Bob

    2008/7/30 Ming Fei Jia <jiamingf@cn.ibm.com>

    I have 2 questions about this proposal:

    1)As I know, currently no office products support XAdES. So I would like to know the maturity of this ETSI specification in the market place. ODF is a practical standard that many office products are following up. If ODF introduces and depends on an external immature or unstable specification, this will bring confusion or difficulty for current office product implementations. I only get some experimental results from this link http://www.etsi.org/Application/Search/?search=XAdES.

    2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/), which was submitted on the year 2003, but now still is in status of NOTE made available for W3C discussion only, and the copyright is hold by ETSI. So I would like to know what relationship between ETSI and W3C, and whether this relationship will bring some IP issues for ODF.


    Best Regards,

    Mingfei Jia(贾明飞)
    IBM Lotus Symphony Development
    IBM China Software Development LAB, Beijing
    Tel: 86-10-82452493 Fax: 86-10-82452887
    NOTES:Ming Fei Jia/China/IBM E-mail: jiamingf@cn.ibm.com
    Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC

    Bob Jolliffe ---07/28/2008 04:41:55 AM---Greetings


    From:

    Bob Jolliffe <bobj@dst.gov.za>

    To:

    Jomar Silva <jomar.silva@br.odfalliance.org>

    Cc:

    office TC <office@lists.oasis-open.org>

    Date:

    07/28/2008 04:41 AM

    Subject:

    Re: [office] Digital Signature proposal




    Greetings

    Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.

    Can I suggest that
    (1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list
    (2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August

    My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have some consensus by then.

    There is an open question raised by Rob Weir around the status of XaDes.  Jomar, can you tell us what is being referenced in Brazil?

    Kind regards
    Bob

    ----- Jomar Silva <jomar.silva@br.odfalliance.org> wrote:
    > Greetings.
    >
    > I've published today at the wiki
    > (
    http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding
    > the Digital Signature support on ODF 1.2, basically expanding the
    > existing XMLDSIG proposal to also support XAdES.
    >
    > This proposal was developed by me and Bob Joliffe, as he previously
    > announced on the list
    > (
    http://lists.oasis-open.org/archives/office/200804/msg00216.html).
    >
    > I'm waiting your comments.
    >
    > Best Regards,
    >
    > Jomar
    >
    > ---------------------------------------------------------------------
    > To unsubscribe from this mail list, you must leave the OASIS TC that
    > generates this mail.  Follow this link to all your TCs in OASIS at:
    >
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
    >
    >


    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that
    generates this mail.  Follow this link to all your TCs in OASIS at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 





  • 7.  Re: [office] Digital Signature proposal

    Posted 07-30-2008 16:02
    
    
      
    
    
    Hi Bob,

    The XAdES adoption was proposed on Brazilian government by a group of specialists that has analyzed several digital signatures standards and they decided to use ETSI XAdES. XAdES simply extends the XMLDsig standard, already used by BR Digital Signature infrastructure. If an application already supports XMLDsig, it will only need to recognize some aditional parameters to be compatible with XAdES, and if the application developer choose to only support XMLDsig, it will still being compliant with ODF 1.2. This specialist group works on a high level institution in Brazil called ITI, that is related to Brazilian Presidency of the Republic (www.iti.gov.br).

    I've updated the proposal, to reference the ETSI XAdES document (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=21353). There is also an additional document at ETSI website, regarding the XAdES profiles (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=22942), that defines 3 profiles that can be implemented by applications developers, to assure interoperability (it seems to me that this is more application-specific than something that we need to take care on the file format).

    I've also updated the proposed <dsig:document-signatures> attribute, to use the same terms that is used by ETSI to the basic signature types (XAdES-BES and XAdES-EPES).

    To understand how Brazilian digital signature infrastructure is working, please check (the pictures) of this presentation: http://www.ciab.org.br/palestras/Wander%20Blanco%20Nunes.pdf (sorry... Brazilian Portuguese, but you may understand the diagrams). There, you may also see that BR infrastructure also use CADES/CMS, but its usage inside ODF spec would be more difficult than using XAdES, an extension of what is already defined on ODF (XMLDsig).

    I've also checked the ETSI IPR page (http://webapp.etsi.org/IPR/home.asp) and there are no patents registered there regarding XAdES.

    As I've wrote before, the Brazilian DigSig infrastructure (ICP-Brasil) is being adopted as reference for some Latin America countries. There is also a strong effort by Brazilian government to increase the usage of digital signatures, even by small companies. This will means that the Digital Signature capability will be presented on most companies in Brazil on the next few years, and an Office Application that may use it is really desired here.

    Fell free to send me any other questions.

    Best Regards,

    Jomar


    Bob Jolliffe escreveu:
    a1820cc70807300452r71ab99daw803dc795c04a9066@mail.gmail.com" type="cite">
    Hi Ming

    Thanks for raising these issues.  Taking you comments in reverse order:

    2.  I agree we need to understand the W3C/ETSI relationship better.  The XAdES proposal was made as a result of requirements for use in Brazil.  I think we need to ask Jomar to tell us what the current status of XAdES implementation is there.  

    1.  Agreed.  But there is a considerable scope for signing and validation tools outside of traditional "office products".  For example, the current specification allows for the signing of document fragments using XMLDsig.  There are no current office applications which do this, but it is still useful.  We are working on one such implementation for validating signatures in our workflows in the document management system.  Of course it would be great for office applications to support signing of a text section, but if they don't yet do this its not a disaster.  As long as those existing applications don't trash the signatures they don't understand or care about.

    Regards
    Bob

    2008/7/30 Ming Fei Jia <jiamingf@cn.ibm.com>

    I have 2 questions about this proposal:

    1)As I know, currently no office products support XAdES. So I would like to know the maturity of this ETSI specification in the market place. ODF is a practical standard that many office products are following up. If ODF introduces and depends on an external immature or unstable specification, this will bring confusion or difficulty for current office product implementations. I only get some experimental results from this link http://www.etsi.org/Application/Search/?search=XAdES.

    2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/), which was submitted on the year 2003, but now still is in status of NOTE made available for W3C discussion only, and the copyright is hold by ETSI. So I would like to know what relationship between ETSI and W3C, and whether this relationship will bring some IP issues for ODF.


    Best Regards,

    Mingfei Jia(贾明飞)
    IBM Lotus Symphony Development
    IBM China Software Development LAB, Beijing
    Tel: 86-10-82452493 Fax: 86-10-82452887
    NOTES:Ming Fei Jia/China/IBM E-mail: jiamingf@cn.ibm.com
    Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC

    Bob Jolliffe ---07/28/2008 04:41:55 AM---Greetings


    From:

    Bob Jolliffe <bobj@dst.gov.za>

    To:


    Jomar Silva <jomar.silva@br.odfalliance.org>

    Cc:

    office TC <office@lists.oasis-open.org>

    Date:

    07/28/2008 04:41 AM

    Subject:

    Re: [office] Digital Signature proposal




    Greetings

    Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.

    Can I suggest that
    (1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list
    (2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August

    My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have some consensus by then.

    There is an open question raised by Rob Weir around the status of XaDes.  Jomar, can you tell us what is being referenced in Brazil?

    Kind regards
    Bob

    ----- Jomar Silva <jomar.silva@br.odfalliance.org> wrote:
    > Greetings.
    >
    > I've published today at the wiki
    > (
    http://wiki.oasis-open.org/office/DSigProposal) a proposal regarding
    > the Digital Signature support on ODF 1.2, basically expanding the
    > existing XMLDSIG proposal to also support XAdES.
    >
    > This proposal was developed by me and Bob Joliffe, as he previously
    > announced on the list
    > (
    http://lists.oasis-open.org/archives/office/200804/msg00216.html).
    >
    > I'm waiting your comments.
    >
    > Best Regards,
    >
    > Jomar
    >
    > ---------------------------------------------------------------------
    > To unsubscribe from this mail list, you must leave the OASIS TC that
    > generates this mail.  Follow this link to all your TCs in OASIS at:
    >
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
    >
    >


    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that
    generates this mail.  Follow this link to all your TCs in OASIS at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 






  • 8.  Re: [office] Digital Signature proposal

    Posted 07-30-2008 16:14
    
    
    
    
    On this topic, has anyone on this TC covered cross-standard workflows to determine requirements?  A typical request is to take an ODF doc and archive it in PDF format.  Ensuring the dSig info can be archived in a format that it will still be capable of being authenticated 50 years from now is a hot topic with lots of governments.  We might want to look at the ISO PDF and ISO PDF-A specs to see what users need so we don’t forget about these workflows.

    Dune


    On 30/07/08 9:03 AM, "Jomar Silva" <jomar.silva@br.odfalliance.org> wrote:

    Hi Bob,

    The XAdES adoption was proposed on Brazilian government by a group of specialists that has analyzed several digital signatures standards and they decided to use ETSI XAdES. XAdES simply extends the XMLDsig standard, already used by BR Digital Signature infrastructure. If an application already supports XMLDsig, it will only need to recognize some aditional parameters to be compatible with XAdES, and if the application developer choose to only support XMLDsig, it will still being compliant with ODF 1.2. This specialist group works on a high level institution in Brazil called ITI, that is related to Brazilian Presidency of the Republic (www.iti.gov.br <http://www.iti.gov.br> ).

    I've updated the proposal, to reference the ETSI XAdES document (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=21353). There is also an additional document at ETSI website, regarding the XAdES profiles (http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=22942), that defines 3 profiles that can be implemented by applications developers, to assure interoperability (it seems to me that this is more application-specific than something that we need to take care on the file format).

    I've also updated the proposed <dsig:document-signatures> attribute, to use the same terms that is used by ETSI to the basic signature types (XAdES-BES and XAdES-EPES).

    To understand how Brazilian digital signature infrastructure is working, please check (the pictures) of this presentation: http://www.ciab.org.br/palestras/Wander%20Blanco%20Nunes.pdf (sorry... Brazilian Portuguese, but you may understand the diagrams). There, you may also see that BR infrastructure also use CADES/CMS, but its usage inside ODF spec would be more difficult than using XAdES, an extension of what is already defined on ODF (XMLDsig).

    I've also checked the ETSI IPR page (http://webapp.etsi.org/IPR/home.asp) and there are no patents registered there regarding XAdES.

    As I've wrote before, the Brazilian DigSig infrastructure (ICP-Brasil) is being adopted as reference for some Latin America countries. There is also a strong effort by Brazilian government to increase the usage of digital signatures, even by small companies. This will means that the Digital Signature capability will be presented on most companies in Brazil on the next few years, and an Office Application that may use it is really desired here.

    Fell free to send me any other questions.

    Best Regards,

    Jomar


    Bob Jolliffe escreveu:

    Hi Ming
     
    Thanks for raising these issues.  Taking you comments in reverse order:
     
    2.  I agree we need to understand the W3C/ETSI relationship better. The XAdES proposal was made as a result of requirements for use in Brazil.  I think we need to ask Jomar to tell us what the current status of XAdES implementation is there.   
     
    1.  Agreed.  But there is a considerable scope for signing and validation tools outside of traditional "office products".  For example, the current specification allows for the signing of document fragments using XMLDsig.  There are no current office applications which do this, but it is still useful.  We are working on one such implementation for validating signatures in our workflows in the document management system.  Of course it would be great for office applications to support signing of a text section, but if they don't yet do this its not a disaster.  As long as those existing applications don't trash the signatures they don't understand or care about.
     
    Regards
    Bob
     
     
    2008/7/30 Ming Fei Jia <jiamingf@cn.ibm.com>
     

     

    I have 2 questions about this proposal:
     
    1)As I know, currently no office products support XAdES. So I would like to know the maturity of this ETSI specification in the market place. ODF is a practical standard that many office products are following up. If ODF introduces and depends on an external immature or unstable specification, this will bring confusion or difficulty for current office product implementations. I only get some experimental results from this link http://www.etsi.org/Application/Search/?search=XAdES.
     
    2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/), which was submitted on the year 2003, but now still is in status of NOTE made available for W3C discussion only, and the copyright is hold by ETSI. So I would like to know what relationship between ETSI and W3C, and whether this relationship will bring some IP issues for ODF.
     
     
    Best Regards,
     
    Mingfei Jia(贾明飞)
    IBM Lotus Symphony Development
    IBM China Software Development LAB, Beijing
    Tel: 86-10-82452493 Fax: 86-10-82452887
     NOTES:Ming Fei Jia/China/IBM E-mail: jiamingf@cn.ibm.com
    Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian District, Beijing 100085, PRC
     
     Bob Jolliffe ---07/28/2008 04:41:55 AM---Greetings

     
       
     
     From:
     Bob Jolliffe <bobj@dst.gov.za>  
     
     To:
      
     Jomar Silva <jomar.silva@br.odfalliance.org>  
     
     Cc:
     office TC <office@lists.oasis-open.org>  
     
     Date:
     07/28/2008 04:41 AM  
     
     Subject:
     Re: [office] Digital Signature proposal    


     

     
     
     
    Greetings
     
    Given the recent discussions and consensus around workflow of proposals on the TC I would like to try and propose some kind of reasonable timeline for this one.
     
    Can I suggest that
    (1) those who are interested try, during the course of this week ahead, to take a look at what is being proposed and return comments to the mailing list
    (2) on the basis of the above, we schedule an agenda item for discussion in two weeks - ie 11 August
     
    My understanding is that what is being proposed should not be too controversial or disruptive so it is my hope that we do have s