W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

ebXML/EDIFACT, layer of "trust", URI vs. OID

From: Szabó Áron <baron@interware.hu>
Date: Fri, 28 Feb 2003 10:23:35 +0100
Message-ID: <007701c2df0b$11f999c0$0100a8c0@Server>
To: <w3c-ietf-xmldsig@w3.org>
-----BEGIN PGP SIGNED MESSAGE-----

I'm the student of Technical University of Budapest, my speciality is
electronic signature and Public Key Infrastructures. Now I've been
involved in a project in connection with semantic web (especially the
layer of "trust" and XML signature). I don't know which mailing list
should I add to the "To" field, but perhaps you can help me...

I have read that the syntax of EDIFACT messages would be
implemented in XML to have a general standard and then I have
found the homepage of ebXML. I have already got the ISO 20625
standard (exact syntax of XML scheme files (XSD) based on
EDIFACT) but somewhere it was written that this ISO standard
would be expired if the ebXML project finished.

My question: Which document (standard, recommendation etc.)
should I download, buy etc. to be able to create (exact syntax
and list of tags) - standardized - XSD files for a web shop
(ebXML/EDIFACT (?) message with XML digital signature)?

I've found the expression of "web of trust" in many documents, but it
would seem - if I understand well - that it needs a direct contact
between entities and is based on personal acquaintance (such as at
Pretty Good Privacy - PGP), so it's good for mailing with friends,
but not in a "trusted" worldwide usage. And on the other hand there
is the model of Trusted Third Party (such as PKIs including CAs and
RAs) where the main goal is for entities to be able to communicate in
a "trusted" way worldwidely.

My question: Will "web of trust" be based on Trusted Third Party
model (PKI technology)?

My other problem is the question of URI. In XML environment we
identify objects by Uniform Resource Identifiers (URIs) but in the
world of ASN.1 (ITU and ISO) in a long-standing system we use Object
Identifiers (OIDs) based on ITU-T X.690 and ITU-T X.660
recommendations. So, now we use two identifiers to the same object.
In the standard of XML signature (ETSI TS 101 903 - XAdES) I've
noticed that this problem was solved by a new type of value:
"OIDasURI" (and OID is used as the identifier). In the world of PKIs
OIDs are used to identify objects (such as documents like CPS and
CP)...

My question: Will there be a translation between OIDs and URIs? Which
will be preferred?

Thanks for your answers!

Aron Szabo

Pretty Good Privacy - PGP

user ID: Aron SZABO
key ID: 0xAF06DC0B
key type: RSA
key size: 2048
e-mail address: baron@interware.hu

You can download my public key from the following key servers:

ldap://europe.keys.pgp.com:11370
http://pgpkeys.mit.edu:11371
ldap://keyserver.pgp.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBPl8qkzURd2evBtwLAQGjAgf/Z7luOJQnVFnC/4H08wEnuAGuOqk18ST/
goB4/EeK/uI45HPQeGh35Nquxq3geL1MaRLtJz0qYazUR+8D4Z8mT7YGK4dkUVfI
tDSREKaVOumHxWc6VUh8p5msT0d+pohiOMz1/DpI+/n6Lz7I/nRSTsdPvMi378UA
hK+cAEqbZnAH18Ld4OASc203NkEW2ciLTBfntmrFrfefIg9JFIbX2sT2IbyaDY5C
KoS/5+KS5gVQj9j8ASPcemedD2JirXUHPe9ORQsab2lyHBdpMwbv592IF6ATXtpr
tWyE8q64X8sql8V6L+jQuhir0baXuHVpTHqBsO+y3hMfVc4c0ej3DQ==
=WUl+
-----END PGP SIGNATURE-----
Received on Friday, 28 February 2003 04:23:57 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT