W3C home > Mailing lists > Public > uri@w3.org > December 2000

Question on OIDs and URIs

From: Juan Carlos Cruellas <cruellas@ac.upc.es>
Date: Wed, 06 Dec 2000 15:18:31 +0000
Message-Id: <3.0.1.32.20001206151831.0136d9f0@popserver.ac.upc.es>
To: asn1mtg@oss.com, urn-ietf@lists.netsol.com, uri@w3.org
Cc: SEC_ESI@LIST.ETSI.FR
Dear all,

My name is Juan Carlos Cruellas and I am involved in a work dealing with
electronic signature formats. ETSI has issued its standard
TS 101 733 "Electronic Signature Format" which defines a format for electronic
signatures valid in the long term (by usage of timestamping techniques).
The core format is based on the CMS  structure defined in the RFC 2630,
with the adition of a number of  what in CMS document are known as signed
and unsigned attributes (additional  information qualifying the digital
signature
for people familiar with XML terminology).
At the same time, ETSI, being aware of the growing importance of XML syntax
and of the
works dealing with digital signature in XML, expressed its interest in
having something
similar to its electronic signature but in XML syntax.
ETSI launched a work whose final objective is to define new XML types able
to contain
identical information (semantically speaking)  to the information
contained in the new ASN.1 structures defined in the ETSI document. 
The results of this work will be then, new XML types whose data can be
incorporated to the
XML digital signature structure defined by the W3c/IETF digital signature
group.

We, at the UPC, are in charge of the editorial work of this specification,
and there have been produced
a number of drafts.

The reason for send you this e-mail is related with the following problem:

In ASN.1 the usual way for identifying, let's say a Policy for signature,
is an OID.
In XML, identification and reference of objects is made using URIs.
So the problem appears when one treats of incorporating information of an 
OID in an XML document by converting it in a special form of an URI.

ETSI thinks that this is a very generic topic where both sides, ASN.1
people and 
XML people will likely have something to say.

The alternatives raised up to now are:

1. The draft being produced by Michael Melling (draft-mealling-oid-urn-...)
where the proposal is made of representing OIDs as URNs, leading to something
like:
	urn:oid:1.3.6.1

2. A URL with a fixed a base and appended the OID in an human readable format:
e.g.,
http://www.etsi.org/oid/itu-t(0)/identified-organization(4)/etsi(0)/electron
ic-signature-standard(1733)/part1(1)/idupMechanism(4)/etsiESv1(1)

3. As an URN but with the human readable text included:

urn:oid:itu-t(0)/identified-organization(4)/etsi(0)/electronic-signature-sta
ndard(1733)/part1(1)/idupMechanism(4)/etsiESv1(1)

These three proposals have been discussed among several people 
in the XML digital signature group, ETSI group, and the group that
works in the production of the RFC draft and different views have
been expressed.

Concerns on possible mismatching between numbers and text in the
representation
with text, have been raised. In the same direction, it has 
been said that automatic processing is facilitated if only numbers
appear....
But human readibility have been argued as a critery supporting
the incorporation of the text.

Besides the former, the issue raised by approaches 2 and 3 is
the identification of the organization "in charge" of the OID,
which is repeated. Arguments against these repetitions have
also been raised...

It is our intention, by sending this e-mail to ask your opinion on this 
issue, in order to get a major number of views and take, in the
end, a better decision.

Thank you in advance for your time and interest.

Best regards.

Juan Carlos Cruellas
Received on Wednesday, 6 December 2000 09:17:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 January 2011 12:15:28 GMT