Hi Bob,
The XAdES adoption was proposed on Brazilian government by a group of
specialists that has analyzed several digital signatures standards and
they decided to use ETSI XAdES. XAdES simply extends the XMLDsig
standard, already used by BR Digital Signature infrastructure. If an
application already supports XMLDsig, it will only need to recognize
some aditional parameters to be compatible with XAdES, and if the
application developer choose to only support XMLDsig, it will still
being compliant with ODF 1.2. This specialist group works on a high
level institution in Brazil called ITI, that is related to Brazilian
Presidency of the Republic (www.iti.gov.br).
I've updated the proposal, to reference the ETSI XAdES document
(http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=21353).
There is also an additional document at ETSI website, regarding the
XAdES profiles
(http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=22942),
that defines 3 profiles that can be implemented by applications
developers, to assure interoperability (it seems to me that this is
more application-specific than something that we need to take care on
the file format).
I've also updated the proposed <dsig:document-signatures>
attribute, to use the same terms that is used by ETSI to the basic
signature types (XAdES-BES and XAdES-EPES).
To understand how Brazilian digital signature infrastructure is
working, please check (the pictures) of this presentation:
http://www.ciab.org.br/palestras/Wander%20Blanco%20Nunes.pdf (sorry...
Brazilian Portuguese, but you may understand the diagrams). There, you
may also see that BR infrastructure also use CADES/CMS, but its usage
inside ODF spec would be more difficult than using XAdES, an extension
of what is already defined on ODF (XMLDsig).
I've also checked the ETSI IPR page
(http://webapp.etsi.org/IPR/home.asp) and there are no patents
registered there regarding XAdES.
As I've wrote before, the Brazilian DigSig infrastructure (ICP-Brasil)
is being adopted as reference for some Latin America countries. There
is also a strong effort by Brazilian government to increase the usage
of digital signatures, even by small companies. This will means that
the Digital Signature capability will be presented on most companies in
Brazil on the next few years, and an Office Application that may use it
is really desired here.
Fell free to send me any other questions.
Best Regards,
Jomar
Bob Jolliffe escreveu:
a1820cc70807300452r71ab99daw803dc795c04a9066@mail.gmail.com" type="cite">
Hi Ming
Thanks for raising these issues. Taking you comments in reverse order:
2. I agree we need to understand the W3C/ETSI relationship better.
The XAdES proposal was made as a result of requirements for use in
Brazil. I think we need to ask Jomar to tell us what the current
status of XAdES implementation is there.
1. Agreed. But there is a considerable scope for signing and
validation tools outside of traditional "office products". For
example, the current specification allows for the signing of document
fragments using XMLDsig. There are no current office applications
which do this, but it is still useful. We are working on one such
implementation for validating signatures in our workflows in the
document management system. Of course it would be great for office
applications to support signing of a text section, but if they don't
yet do this its not a disaster. As long as those existing applications
don't trash the signatures they don't understand or care about.
Regards
Bob
2008/7/30 Ming Fei Jia
<jiamingf@cn.ibm.com>
I have 2 questions about this proposal:
1)As I know, currently no office products support XAdES. So I would
like to know the maturity of this ETSI specification in the market
place. ODF is a practical standard that many office products are
following up. If ODF introduces and depends on an external immature or
unstable specification, this will bring confusion or difficulty for
current office product implementations. I only get some experimental
results from this link http://www.etsi.org/Application/Search/?search=XAdES.
2)This proposal adopts the XAdES version on W3C(http://www.w3.org/TR/2003/NOTE-XAdES-20030220/),
which was submitted on the year 2003, but now still is in status of
NOTE made available for W3C discussion only, and the copyright is hold
by ETSI. So I would like to know what relationship between ETSI and
W3C, and whether this relationship will bring some IP issues for ODF.
Best Regards,
Mingfei Jia(贾明飞)
IBM Lotus Symphony Development
IBM China Software Development LAB, Beijing
Tel: 86-10-82452493 Fax: 86-10-82452887
NOTES:Ming
Fei Jia/China/IBM E-mail: jiamingf@cn.ibm.com
Address: 4/F, DeShi Building No.9, East Road, ShangDi, Haidian
District, Beijing 100085, PRC
Bob Jolliffe
---07/28/2008 04:41:55 AM---Greetings
Greetings
Given the recent discussions and consensus around workflow of proposals
on the TC I would like to try and propose some kind of reasonable
timeline for this one.
Can I suggest that
(1) those who are interested try, during the course of this week ahead,
to take a look at what is being proposed and return comments to the
mailing list
(2) on the basis of the above, we schedule an agenda item for
discussion in two weeks - ie 11 August
My understanding is that what is being proposed should not be too
controversial or disruptive so it is my hope that we do have some
consensus by then.
There is an open question raised by Rob Weir around the status of
XaDes. Jomar, can you tell us what is being referenced in Brazil?
Kind regards
Bob
----- Jomar Silva <jomar.silva@br.odfalliance.org>
wrote:
> Greetings.
>
> I've published today at the wiki
> (http://wiki.oasis-open.org/office/DSigProposal)
a proposal regarding
> the Digital Signature support on ODF 1.2, basically expanding the
> existing XMLDSIG proposal to also support XAdES.
>
> This proposal was developed by me and Bob Joliffe, as he
previously
> announced on the list
> (http://lists.oasis-open.org/archives/office/200804/msg00216.html).
>
> I'm waiting your comments.
>
> Best Regards,
>
> Jomar
>
>
---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC
that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php