[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss-x] Groups - Potential Requirements for ebXML / DSS Profile (EbXML-dss-requirements.doc) uploaded
Hello Juan Carlos, As the document is partly based on a discussion between Nick and me, please allow me to contribute to this discussion. First of all, you are right that the document describes two different scenarios, which could be two separate profiles. The first is an alternative transport protocol to transport DSS messages using ebXML Messaging. The profile would standardize names and use of ebXML SOAP header extension elements corresponding to the DSS operations, the packaging of DSS documents and provide a Collaboration Protocol Agreement (CPA) template. I can contribute some input to this. The second scenario is more speculative. It came up during a requirements study for ebXML intermediaries and is similar to the functionality of the "inspector component" in the in-line deployment model of the signature gateway. Suppose company A wants to send a Universal Business Language (UBL) order or invoice document to a business partner B that requires an enveloped digital signature. Company A could use the DSS SignRequest/SignResponse with a DSS server to obtain a signed UBL document, then send the UBL document in an ebXML (or other SOAP-based) message to partner B. The proposed variant would instead combine the signing operation and the sending to the business partner as follows: company A sends an ebXML message containing an unsigned UBL document and a SignRequest to a DSS intermediary D, which forwards a modified version of the ebXML message that contains the updated signed UBL document. D could also validate any signatures on documents in incoming messages, and attach verification confirmation to the forwarded message. Kind regards, Pim P.S. This is my first post as a member for this TC. I have been unable to attend the TC meetings due to a schedule conflict, but intend to participate more actively over time. -----Original Message----- From: Juan Carlos Cruellas [mailto:cruellas@ac.upc.edu] Sent: 15 October 2007 17:55 To: nick.pope@thales-esecurity.com Cc: dss-x@lists.oasis-open.org Subject: Re: [dss-x] Groups - Potential Requirements for ebXML / DSS Profile (EbXML-dss-requirements.doc) uploaded Nick, Looking at the document it looks like it is talking of two different profiles, one that could actually profile ebxml protocol for transporting dss messages (and please correct me if you think that I missinterpreted the content), and another one on a gateway function. Is that correct? If so, I am not completely sure to understand the second one. The text reads: "This proposal is for the application of DSS based signatures to ebXML messages as they pass out through a company gateway /service provider...". What I understand is that the text is proposing a profile for requesting signatures for ebXML messages...is that correct? and in the same way, the profile should also include messages for requesting verificaiton of signatures present in ebXML messages... But then I read that "this is not the same as conventional DSS requset /response messaging.." and I am not sure of having understood what should this profile be about. Regards Juan Carlos.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]