W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

ebXML/EDIFACT, layer of "trust", URI vs. OID

From: Szabó Áron <baron@interware.hu>
Date: Fri, 28 Feb 2003 10:23:35 +0100
Message-ID: <007701c2df0b$11f999c0$0100a8c0@Server>
To: <w3c-ietf-xmldsig@w3.org>

I'm the student of Technical University of Budapest, my speciality is
electronic signature and Public Key Infrastructures. Now I've been
involved in a project in connection with semantic web (especially the
layer of "trust" and XML signature). I don't know which mailing list
should I add to the "To" field, but perhaps you can help me...

I have read that the syntax of EDIFACT messages would be
implemented in XML to have a general standard and then I have
found the homepage of ebXML. I have already got the ISO 20625
standard (exact syntax of XML scheme files (XSD) based on
EDIFACT) but somewhere it was written that this ISO standard
would be expired if the ebXML project finished.

My question: Which document (standard, recommendation etc.)
should I download, buy etc. to be able to create (exact syntax
and list of tags) - standardized - XSD files for a web shop
(ebXML/EDIFACT (?) message with XML digital signature)?

I've found the expression of "web of trust" in many documents, but it
would seem - if I understand well - that it needs a direct contact
between entities and is based on personal acquaintance (such as at
Pretty Good Privacy - PGP), so it's good for mailing with friends,
but not in a "trusted" worldwide usage. And on the other hand there
is the model of Trusted Third Party (such as PKIs including CAs and
RAs) where the main goal is for entities to be able to communicate in
a "trusted" way worldwidely.

My question: Will "web of trust" be based on Trusted Third Party
model (PKI technology)?

My other problem is the question of URI. In XML environment we
identify objects by Uniform Resource Identifiers (URIs) but in the
world of ASN.1 (ITU and ISO) in a long-standing system we use Object
Identifiers (OIDs) based on ITU-T X.690 and ITU-T X.660
recommendations. So, now we use two identifiers to the same object.
In the standard of XML signature (ETSI TS 101 903 - XAdES) I've
noticed that this problem was solved by a new type of value:
"OIDasURI" (and OID is used as the identifier). In the world of PKIs
OIDs are used to identify objects (such as documents like CPS and

My question: Will there be a translation between OIDs and URIs? Which
will be preferred?

Thanks for your answers!

Aron Szabo

Pretty Good Privacy - PGP

user ID: Aron SZABO
key ID: 0xAF06DC0B
key type: RSA
key size: 2048
e-mail address: baron@interware.hu

You can download my public key from the following key servers:


Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

Received on Friday, 28 February 2003 04:23:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:38 UTC