- From: Juan Carlos Cruellas <cruellas@ac.upc.es>
- Date: Wed, 06 Dec 2000 15:18:31 +0000
- To: asn1mtg@oss.com, urn-ietf@lists.netsol.com, uri@w3.org
- Cc: SEC_ESI@LIST.ETSI.FR
Dear all, My name is Juan Carlos Cruellas and I am involved in a work dealing with electronic signature formats. ETSI has issued its standard TS 101 733 "Electronic Signature Format" which defines a format for electronic signatures valid in the long term (by usage of timestamping techniques). The core format is based on the CMS structure defined in the RFC 2630, with the adition of a number of what in CMS document are known as signed and unsigned attributes (additional information qualifying the digital signature for people familiar with XML terminology). At the same time, ETSI, being aware of the growing importance of XML syntax and of the works dealing with digital signature in XML, expressed its interest in having something similar to its electronic signature but in XML syntax. ETSI launched a work whose final objective is to define new XML types able to contain identical information (semantically speaking) to the information contained in the new ASN.1 structures defined in the ETSI document. The results of this work will be then, new XML types whose data can be incorporated to the XML digital signature structure defined by the W3c/IETF digital signature group. We, at the UPC, are in charge of the editorial work of this specification, and there have been produced a number of drafts. The reason for send you this e-mail is related with the following problem: In ASN.1 the usual way for identifying, let's say a Policy for signature, is an OID. In XML, identification and reference of objects is made using URIs. So the problem appears when one treats of incorporating information of an OID in an XML document by converting it in a special form of an URI. ETSI thinks that this is a very generic topic where both sides, ASN.1 people and XML people will likely have something to say. The alternatives raised up to now are: 1. The draft being produced by Michael Melling (draft-mealling-oid-urn-...) where the proposal is made of representing OIDs as URNs, leading to something like: urn:oid:1.3.6.1 2. A URL with a fixed a base and appended the OID in an human readable format: e.g., http://www.etsi.org/oid/itu-t(0)/identified-organization(4)/etsi(0)/electron ic-signature-standard(1733)/part1(1)/idupMechanism(4)/etsiESv1(1) 3. As an URN but with the human readable text included: urn:oid:itu-t(0)/identified-organization(4)/etsi(0)/electronic-signature-sta ndard(1733)/part1(1)/idupMechanism(4)/etsiESv1(1) These three proposals have been discussed among several people in the XML digital signature group, ETSI group, and the group that works in the production of the RFC draft and different views have been expressed. Concerns on possible mismatching between numbers and text in the representation with text, have been raised. In the same direction, it has been said that automatic processing is facilitated if only numbers appear.... But human readibility have been argued as a critery supporting the incorporation of the text. Besides the former, the issue raised by approaches 2 and 3 is the identification of the organization "in charge" of the OID, which is repeated. Arguments against these repetitions have also been raised... It is our intention, by sending this e-mail to ask your opinion on this issue, in order to get a major number of views and take, in the end, a better decision. Thank you in advance for your time and interest. Best regards. Juan Carlos Cruellas
Received on Wednesday, 6 December 2000 09:17:03 UTC