Which XAdES profile?
MURATA Makoto
eb2m-mrt at asahi-net.or.jp
Fri Apr 25 03:14:09 CEST 2014
Thanks, John and Jirka.
I have created RELAX NG schemas for XAdES, available at
http://www.asahi-net.or.jp/~eb2m-mrt/XAdES.zip
Here is the README.txt. I hope that OPC will provide different
schema drivers for different XAdES profiles.
----------------------------------------------
XAdES schemas in RELAX NG.
MURATA Makoto
These schema files are created from XAdES.xsd and XAdESv141.xsd
in ETSI TS 101 903 V1.4.2.
Unlike the XSD version, this set of RELAX NG schemas allows validation
against each profile of XAdES. For example, XAdES-BES is captured by
XAdES-BES.rnc. XAdES-EPES is captured by XAdES-EPES.rnc, which
references XAdES-BES.rnc XAdES-T is captured by XAdES-T.rnc, which
references XAdES-EPES.rnc. And so forth.
Driver schemas are provided as inputs to RELAX NG validators. For
example, for the validation against XAdES-T, use driver-T.rnc as a
command line parameter of RELAX NG validators such as Jing.
These driver schemas only use shemas for XML Signature 1.0. If 1.1 or
other extensions are needed, download schemas listed in XML Security
RELAX NG Schemas (W3C Working Group Note 11 April 2013), available at
http://www.w3.org/TR/xmlsec-rngschema/ and create driver schemas
accordingly.
2014-04-24 3:04 GMT+09:00 John Haug <johnhaug at exchange.microsoft.com>:
> Agree. Further, my understanding is that, from a format perspective, any
> XAdES profile may be used if a file supports use of XML-DSig. It's up to
> an implementation to support various profiles. I believe Microsoft Office
> supports up through -X-L but not -A, which is why MS-OFFCRYPTO discusses
> it. I'd think that ODF the format would allow an implementation to use -A
> even without specifically discussing additional requirements to place on
> use of XAdES in ODF files. I'd assume the same for OOXML. Again, since
> OOXML supports XML-DSig and XAdES uses built-in extensibility, OOXML should
> automatically allow for the use of all profiles of XAdES. Whether we want
> to apply specific requirements on its use to guarantee a certain level of
> information in a signed file is open to discussion.
>
> John
>
> -----Original Message-----
> From: Jirka Kosek [mailto:jirka at kosek.cz]
> Sent: Wednesday, April 23, 2014 12:31 AM
> To: MURATA Makoto
> Cc: SC34
> Subject: Re: Which XAdES profile?
>
> On 23.4.2014 6:47, MURATA Makoto wrote:
> > XAdES has quite a few profiles. Which one should
> > 29500-2 support?
> >
> > Both ODF 1.2 Part 3 and [MS-OFFCRYPTO] appear
> > to use the XAdES-X-L profile. This is because neither
> > mention ArchiveTimeStamp (which is specific to the
> > biggest profile XAdES-A) but both mention
> > CertificateValues (which is specific to XAdES-X-L).
> >
> > Regards,
> > Makoto
>
> Ideally anything up to XAdES-A should be supported, so user can choose
> level of signature security and longevity. In some countries for some use
> specific level of XAdES is prescribed.
>
> Jirka
>
> --
> ------------------------------------------------------------------
> Jirka Kosek e-mail: jirka at kosek.cz http://xmlguru.cz
> ------------------------------------------------------------------
> Professional XML consulting and training services
> DocBook customization, custom XSLT/XSL-FO document processing
> ------------------------------------------------------------------
> OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 rep.
> ------------------------------------------------------------------
> Bringing you XML Prague conference http://xmlprague.cz
> ------------------------------------------------------------------
>
>
--
Praying for the victims of the Japan Tohoku earthquake
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20140425/4dd92574/attachment.html>
More information about the sc34wg4
mailing list