scope:

The present document defines four profiles that together profile the usage of XAdES [1] signatures, as defined in TS 101 903 [1], for signing XML content within the PDF containers. The scope of the present document is limited to the following cases:

1) One XML document (compliant with an arbitrary XML language, like UBL for e-Invoicing) that is completely or partially signed with at least one enveloped XAdES signature and that is incorporated within a PDF container as a so-called "embedded" document. In this situation, both the XML document and the XAdES signature(s) are created independently of the PDF container and after their creation, embedded within this container.

NOTE 1: Implementers should be aware that any subsequent approval signature (see ISO 32000-1 [4] clause 12.8.1) as specified in TS 102 778-2 [i.7], TS 102 778-3 [i.8] or TS 102 778-4 [i.9] also signs the embedded signed XML document. Any upgrade of the XAdES signature of the present document to support validation long after the expiration of the signing certificate or other extended features such a countersignatures (e.g. using XAdES-C or XAdES-X or XAdES-A) would invalidate the aforementioned approval signatures. Implementers should also be aware that certification signatures (see ISO 32000-1 [4] clause 12.8.1) as specified in TS 102 778-2 [i.7], TS 102 778-3 [i.8] or TS 102 778-4 [i.9] signing the embedded signed XML document, may be used in conjunction with the DocMDP dictionary, allowing changes in the embedded signed XML document (by upgrading the XAdES signatures, for example) without invalidating such signatures.

2) Signed (with XML Sig or XAdES signature) dynamic XFA [2] forms. The present document specifies profiles that apply to two different scenarios, namely: signing only the XML data of the XFA form, or signing any part of the XFA form that may be signed with a XML Sig signature.

NOTE 2: XFA forms build up an XML-based architecture for managing forms within the PDF framework. In this architecture data, structure and rendering details appear as XML contents. According to the XFA specification not all this XML content may be signed with XML Sig. Being XAdES signatures built on XML Sig, XAdES signatures may sign only those XML contents that XFA specification allows to be signed with XML Sig.

NOTE 3: Readers should be aware that although PDF documents are addressed for human beings, XFA forms, being them based on XML, may be consumed by software applications. In addition to that, conforming signature handlers may be able to identify what parts of a certain form are signed by an XAdES signature.

For each case two profiles are specified, namely:

1) One profile intended to be used by a signer, where basic forms of XAdES signatures (namely XAdES-BES, XAdES-EPES and XAdES-T) on the corresponding XML content are profiled.

2) One profile applicable to any party relying on a signature over a long period (e.g. longer than the lifetime of the signing certificate, also called long-term signature in the present document). It may be applied by a party receiving and verifying the document or the signing party who should also verify the document when applying long term verification. It specifies how to include validation information and to further protect the signature using time-stamps so that it is possible to subsequently verify a XAdES signature long after it was generated.

For the first case the present document specifies requirements for embedding a signed (with XAdES signatures) XML document within a PDF container as an embedded file.

For the second case the present document specifies requirements for generating XAdES signatures on only the XML data of the form, or on any XML content of the XFA form that may be signed with a XML Sig signature.

For both cases the present document specifies requirements on the XAdES properties both signed and unsigned.

Also for both cases the present document specifies requirements for upgrading of XAdES signatures from basic to more advanced forms.