OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-tp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: A third POC question for CPP-CPA possibly for Vienna agenda

Hi Marty,

Here is a third issue stemming from Vienna POC preparations.
This one pertains to packaging representations used for
xmldsig and was brought to my attention from an example
CPA authored by Himagiri Mukkamala.

For S/MIME or OpenPGP IETF style security packaging,
MIME parts can be encapsulated, and we have identified
packaging by indicating what MIME entities previously
enumerated are encapsulated. But when we come to XMLDsig
the manner of "composition" changes significantly.
Dsig signatures are normally distinguished as enveloping,
enveloped, and detached according to whether the Reference
points to a contained Object (enveloping), points to a node
set containing itself (enveloped), or detached (uses some
URI that is resolved to obtain the plaintext). For ebXML,
when signing is over both header and payload,
two of these modes are blended: enveloped and detached.
The detached mode is referenced through a CID: style URI
to a subsequent body part. The CID: URI can involve
a forward reference to a not yet enumerated MIME entity,
and the packaging is not by MIME composition or encapsulation,
but instead by URI Reference. 

The packaging notation at present does not have enough
expressive power to indicate this mode of "composition".
We could overload "encapsulation" but that might lead
to confusion. At the moment, we simply indicate that
xmldsig is used in a body part (by mentioning it
in a NamespaceSupported element), but we do not indicate
details of usage. During POC we discovered that a potential
interoperability difficulty could arise from not marking
differences in capabilities pertaining to XMLDsig referencing
(and the associated URIResolver classes needed to handle
these references). So the question I have is how/whether
to mark differences in xmldsig "packaging" capabilities
within a CPP.

I would like to add this topic to the joint TA security/TPA
discussion session in Vienna if you think it is appropriate.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC