OASIS Digital Signature Services eXtended (DSS-X) TC

Hi, Below follow some comments related to the visible signature profile. They are on Committee Specification v01 of 8 May 2010 Line 57: "is related to the binary digital signature". I would propose to get rid of "binary" and leave "digital signature" only (this may be a CMS or a XML or even a PDF signature).... Line 63: This is the first place where the term "visible Signatures" appears, without any definition. Befor that line other terms have been used "visible information" (of the signature), "displayed information"...I am not sure about the usage of this term...in fact, the Part 6 of PAdES, which I would say could be strongly related to our profile has as title: "Visual Representations of Electronic Signatures". In its scope it defines: . Signature appearance: visual representation of the human act of signing placed within a PDF document at signing time and linked to an advanced electronic signature . Signature verification representation: visual representation of the verification of an advanced electronic signature. Link to part 6 of PAdES: http://etsi.org/deliver/etsi_ts/102700_102799/10277806/01.01.01_60/ts_10277806v010101p.pdf I would propose to consider the possibility of changing of hte term "visible signatures" for a term more accurate to what we mean, i.e., a visual representation of the signature... . Line 92: apparently another term "visible content" . Lines 96 to 98: In the first line I read: "..the document already contain visible signature placeholders (named "signature fields")...", so this to me means that signature fields are fields for the visual representation of a signature....Then lines 97 to 98 read: "As part of the digital signature operation, the client will need to specify which signature field should be signed"...this to me means that some of the fields where the visual information will appear will actually be signed, and others no...but the key issue is that the term "signature field" is not a field where the digital signature goes, but the field where a visual representation of a digital signature appears....am I correct? and if so, wouldn't a change in the naming be worth? . Line 266 to 276. FieldName...I copy the wording of the two first lines: "This optional input will define the identitiy of a signature field to be signed. This parameter will be sent when it is required to incorporate a visible signature into the given field." So the text seems to indicate that this field first identify the field to be signed (?) and second the field where the visual representation of the signature will be included... so, this seems to indicate that the visual representation has to be included in the field, and that this field must be signed....am I right? Line 579. FieldName for optional input for verification. The spec reads that it "willd efine the identitiy of a signature field to be verified"...what exactly validating only one field means?...and what is its relationship with the validation of a signgature? Regards Juan Carlos.

Hi Juan Carlos, see my comments itermixed: > Below follow some comments related to the visible signature profile. > They are on Committee Specification v01 of 8 May 2010 > > Line 57: "is related to the binary digital signature". I would > propose to get rid of "binary" and leave "digital signature" only > (this may be a CMS or a XML or even a PDF signature).... > I would guess the attribute 'binary' refers to the fact that we're dealing with both, a 'binary' and a 'visible' aspect of a signature. > Line 63: This is the first place where the term "visible Signatures" > appears, without any definition. Befor that line other terms have > been used "visible information" (of the signature), "displayed > information"...I am not sure about the usage of this term...in fact, > the Part 6 of PAdES, which I would say could be strongly related to > our profile has as title: "Visual Representations of Electronic > Signatures". In its scope it defines: > > . Signature appearance: visual representation of the human act of > signing placed within a PDF document at signing time and linked to an > advanced electronic signature > > . Signature verification representation: visual representation of the > verification of an advanced electronic signature. > > Link to part 6 of PAdES: > http://etsi.org/deliver/etsi_ts/102700_102799/10277806/01.01.01_60/ts_10277806v010101p.pdf > > > I would propose to consider the possibility of changing of hte term > "visible signatures" for a term more accurate to what we mean, i.e., a > visual representation of the signature... Yes, like PAdES we are dealing with with both, a special type of digital signature on a PDF. On the other hand we work with a visible representation of a signature. Right from the start I was a bit unhappy with this mixture of concerns. Probably we should separate and clearify things here ... > > . Line 92: apparently another term "visible content" > > . Lines 96 to 98: In the first line I read: "..the document already > contain visible signature placeholders (named "signature fields")...", > so this to me means that signature fields are fields for the visual > representation of a signature....Then lines 97 to 98 read: "As part of > the digital signature operation, the client will need to specify which > signature field should be signed"...this to me means that some of the > fields where the visual information will appear will actually be > signed, and others no...but the key issue is that the term "signature > field" is not a field where the digital signature goes, but the field > where a visual representation of a digital signature appears....am I > correct? and if so, wouldn't a change in the naming be worth? I don't think so. Afaik the signature elements within the PDF structure have names, even if it is just a empty placeholder. There may be a visual representation of a signature, may there is none. > > . Line 266 to 276. FieldName...I copy the wording of the two first lines: > "This optional input will define the identitiy of a signature field to > be signed. This parameter will be sent when it is required to > incorporate a visible signature into the given field." > > So the text seems to indicate that this field first identify the field > to be signed (?) and second the field where the visual representation > of the signature will be included... so, this seems to indicate that > the visual representation has to be included in the field, and that > this field must be signed....am I right? > Again, narrowed down to PDF that's true. A signature filed is identified by its name. And it _may_ have a visual representation ... What's true for PDF maybe completely different for office document signatures and the austrian 2D signature. Again, I was unhappy with the outline of this profile. I see the need for a group of related profiles. But anyway, we have to get along with this profile, somehow! > > Line 579. FieldName for optional input for verification. The spec > reads that it "willd efine the identitiy of a signature field to be > verified"...what exactly validating only one field means?...and what > is its relationship with the validation of a signgature? > A PDF document may contain many signatures. Each of them can be identified by the FieldName. If you supply a FieldName for verification you care just for the addressed signature, not the possible other ones. Greetings, Andreas -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales

Feedback inline.. On 25-6-2012 19:00, Juan Carlos Cruellas wrote: Hi, Below follow some comments related to the visible signature profile. They are on Committee Specification v01 of 8 May 2010 Line 57: "is related to the binary digital signature". I would propose to get rid of "binary" and leave "digital signature" only (this may be a CMS or a XML or even a PDF signature).... I agree, the words binary and digital are so closely related... and both are about (format) representation not visualization ... Another proposal, if we reconsider "to view displayed information" (can we view non-displayed information?) as well: " (..) there is a need to visualize the (characteristics of the) digital signature." Line 59, include " , the validity of the digital signature, " because usually this is one of the main items to consider. Line 63: the phrase "the important element" does not add any useful information, and can be left out: Proposal: " (..) information replace the digital signature." or: " (..) information replace the digital signature, it only visualizes the most relevant characteristics of the digital signature." Line 63: This is the first place where the term "visible Signatures" appears, without any definition. Befor that line other terms have been used "visible information" (of the signature), "displayed information"...I am not sure about the usage of this term...in fact, the Part 6 of PAdES, which I would say could be strongly related to our profile has as title: "Visual Representations of Electronic Signatures". In its scope it defines: . Signature appearance: visual representation of the human act of signing placed within a PDF document at signing time and linked to an advanced electronic signature . Signature verification representation: visual representation of the verification of an advanced electronic signature. Link to part 6 of PAdES: http://etsi.org/deliver/etsi_ts/102700_102799/10277806/01.01.01_60/ts_10277806v010101p.pdf I would propose to consider the possibility of changing of hte term "visible signatures" for a term more accurate to what we mean, i.e., a visual representation of the signature... Agree, ... because in PDF (as an example) you can visualize a non-visible signature... (to make things worse). The term 'visual representation of a digital signature' sounds good. We also need a short term...: 'visualized digital signature'? . Line 92: apparently another term "visible content" . Lines 96 to 98: In the first line I read: "..the document already contain visible signature placeholders (named "signature fields")...", so this to me means that signature fields are fields for the visual representation of a signature....Then lines 97 to 98 read: "As part of the digital signature operation, the client will need to specify which signature field should be signed"...this to me means that some of the fields where the visual information will appear will actually be signed, and others no...but the key issue is that the term "signature field" is not a field where the digital signature goes, but the field where a visual representation of a digital signature appears....am I correct? That's right. The signature field only visualizes some characteristics of a digital signature. (The field is actually not 'signed', it's the document that is signed... and some characteristics are visualized and put into that field; it also incorporates some 'behaviour': whenever the user clicks on that field more information of the corresponding digital signature is visualized. ) Line 98: "which signature field should be signed." --> proposal: "which signature field should be used to hold (contain) the visualized digital signature." and if so, wouldn't a change in the naming be worth? I think so :-) because the term 'signature field' is very PDF related... (we don't have signature fields in XML documents... ) Proposal: 'signature field' --> 'signature visualization field'. . Line 266 to 276. FieldName...I copy the wording of the two first lines: "This optional input will define the identitiy of a signature field to be signed. This parameter will be sent when it is required to incorporate a visible signature into the given field." So the text seems to indicate that this field first identify the field to be signed (?) and second the field where the visual representation of the signature will be included... so, this seems to indicate that the visual representation has to be included in the field, and that this field must be signed....am I right? Agree. Note that the document is signed, not the field. The field is just a way to point to the location where the visualized digital signature has to be put. Line 579. FieldName for optional input for verification. The spec reads that it "willd efine the identitiy of a signature field to be verified"...what exactly validating only one field means?...and what is its relationship with the validation of a signgature? Formally, a signature field cannot be verified. It is just a field. I would say: "This optional output will define the identity of a signature visualization field that corresponds to a (verified) digital signature." Line 591: as part of the profile for the VerifyRequest: "This optional input will define whether the verification service should embed into the visible signature an (..)" this sounds a bit strange to me because the document will be changed: some new information is embedded into an existing field. Unless the visualization field is not part of the signed data.. such as newly created data. Maybe it was the idea to extend the document with new information (similar to PAdES-LTV)...??? Line 617: regarding Optional Output <FieldName>: "This optional output will define the identity of a signature field that is verified. This parameter will be replied for every signature field that is validated in the document as part of the signature validation service." Note the ".. will be replied for every signature field .. ". How do you know to which digital signature it belongs? There is no reference... just a 'name' of a field. Maybe it is just a way to get all the fieldnames, and do a VerifyRequest for each of them..?? see line 580: Line 580: "This optional input will define the identity of a signature field to be verified. This parameter will be sent in a scenario where it is required to validate only a certain field." (... a certain digital signature referenced by the field...) From the text, it's purpose is not clear to me... Regards Juan Carlos. --------------------------------------------------------------------- To unsubscribe, e-mail: dss-x-unsubscribe@lists.oasis-open.org For additional commands, e-mail: dss-x-help@lists.oasis-open.org