Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.oasis-open.org OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.

Published byBridget Washington Modified over 6 years ago

Similar presentations

Presentation on theme: "Www.oasis-open.org OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales."— Presentation transcript:

1 OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity

2 Contents ETSI and ESI TC DSS and DSS-X OASIS TC
Introduction to ETSI and ETSI ESI TC ESI standardization work overview DSS and DSS-X OASIS TC DSS concept DSS TC standardization work overview DSS-X overview ESI and DSS-X standards relationship Questions and Answers

3 ETSI and ESI TC

4 Introduction to ETSI and ETSI ESI TC
European Telecommunications Standars Insitute (ETSI) website reports that ETSI: Is recognised as an official European Standards Organisation by the European Commission. Produces globally applicable standards for Information and Communications Technologies (including internet) Websites: and

5 Introduction to ETSI and ETSI ESI TC
Electronic Signatures and Infrastructures (ESI) TC: Is responsible for Electronic Signatures and Infrastructures standardisation within ETSI. Develops generic standards, guides and reports related to electronic signatures and supporting infrastructures.

6 Introduction to ETSI and ETSI ESI TC
Liases with both internal and external bodies to ETSI related to electronic signatures in order to harmonize specifications at the international level. Website:

7 ESI standardisation work overview
Standardisation work background: Publication in 1999 of the European Directive that allows use digital signatures for legally binding transactions and defines the Advanced Electronic Signature.

8 ESI standardisation work overview
ESI TC standardises in different electronic signature related areas: Electronic Signature Formats Infrastructure, including: Specification of new architectural elements Profiling of architectural elements Policies, including: Signature Policy formats Policies for Trusted Service Providers

9 ESI standardisation work overview
Guidance material, including: Guidance on algorithms and parameters for electronic signatures.

10 ESI standardisation work overview
Electronic signatures formats. Technical Specification TS : “XML Advanced Electronic Signatures (XAdES)” TS : “CMS Advanced Electronic Signatures (CAdES)” These specifications: Build on XMLDSig and CMS formats respectively. Standardise a set of properties that may be incorporated to XMLDSig-based electronic signatures fulfilling a number of common requirements (such as the long term validity of the signature)

11 ESI standardisation work overview
Identify a set of different combinations of properties (Signature Forms), each one offering its own set of features relevant in specific contexts and phases of the signatures life cycle. They have been further profiled by: TS : “Profiles of XML Advanced Electronic Signatures based on TS ” TS : “Profiles of CMS Advanced Electronic Signatures based on TS ” They define an electronic signatures baseline profile and profiles for e-Government and e-Invoicing.

12 ESI standardisation work overview
Infrastructure. This includes: Profiling infrastructural elements: TS : “Qualified Certificate Profile” Defines a technical format for Qualified Certificats aligned with annexes I and II of the European Directive. TS : “X.509 v3 Certificate Profile for Certificates Issued to Natural Persons”. TS : “Time stamping profile”. Profiles IETF RFC 3161 time-stamps regarding electronic signatures time-stamping.

13 ESI standardisation work overview
Specifying new infrastructural elements: TS : “Provision of Harmonized Trust Service Provider status information”. Defines a way for publishing information on the status of Trusted Service Providers and the services that they provide, as assessed against certain assessment schemes. This is specially useful for supporting cross-domain and international transactions. ASN.1 and XML formats are specified.

14 ESI standardisation work overview
Policies. This includes: Signature Policies Formats: Technical Report TR : XML format for signature policies TR : ASN.1 format for signature policies These reports define structured formats for signature policies documents that govern the creation and verification of electronic signatures.

15 ESI standardisation work overview
Policies that Core Trusted Services Providers must adhere. These include providers of: Public Key Certificates: TS Attribute Certificates: TS Qualified Certificates: TS Time-stamps: TS

16 ESI standardisation work overview
Specifications covering electronic signatures when used in specific application areas. These include: TS : “Policy requirements for trust service providers signing and/or storing data for digital accounting”. Specifies security management and policy requirements applicable to TSPs that issue fiscally relevant electronically signed documents and/or store them on behalf of taxable persons

17 ESI standardisation work overview
On going work on Registered Electronic mail Systems (REM systems: systems that provide trusted evidences that certain facts have actually occurred), where ETSI is going to produce a new TS: “Registered Electronic Mail (REM) Architecture, Formats for signed evidences and Policies”, a multi-part document that will specify: A generic architecture for REM systems Data requirements and formats for signed evidences in REM systems. Policy requirements for trust service providers providing signed evidences in REM systems.

18 ESI standardisation work overview
Guidance. This includes: TS : “Algorithms and Parameters for Secure Electronic Signatures”. Multipart document: Part 1 deals with hash functions and asymmetric algorithms. Part 2 deals with secure channel protocols and algorithms for signature creation devices.

19 DSS and DSS-X OASIS TC

20 DSS concept DSS charter reads:
Develop “a protocol for a digital signature creation web service. Providing digital signatures via such a web service facilitates policy-based control of the provision of the signatures”. Develop “a protocol for a digital signature verification web service that can verify signatures in relation to a given policy set”. Develop “an XML-based protocol to produce cryptographic time-stamps”.

21 DSS concept. Conventional approach
Deploy key to each user Handle Interface to all PKI functions Security depends on user

22 PKI Certificate Management
DSS concept. DSS approach Internal user Authentication & authorisation Directory System PKI Certificate Management

23 DSS concept. Why DSS Avoid burden of deployment of signing on individual basis Shared server for generation and verification of digital signatures Support of signing as corporate function

24 DSS concept. Main features
DSS concept. Main features DSS supports : Creation of digital signatures Verification of signatures Creation / verification of time-stamps XML (Define in DSS) / Binary (RFC 3161) Simplified slide

25 DSS concept. Main features
DSS concept. Main features Support range of signature formats including: W3C XML Signatures CMS (RFC 3852) Signatures RFC 3161 XML time-stamps (defined in DSS) Advanced Electronic Signatures (ETSI TS and ETSI TS ) Range of Document / Signature structures Optional inputs / outputs for controlling specific features

26 DSS TC standardization work overview
DSS TC standardization work overview Core protocol specification. Defines two protocols: signing and verification. Each protocol two messages: request and response. Defines basic mandatory features and a number of optional features.

27 DSS Sign Protocol DSS-Sign request (document)
(Signed document) DSS-Sign request (document) DSS-Sign response (Signed document) Archive DSS Server

28 DSS Signature Creation: Advantages
Authentication of user separated from management of signature key. Controls on who may apply “corporate” signatures Controls on user access to own signing key Based on existing internal security controls using existing authentication and authorisation controls within normal work flow If user’s authorisation is revoked, organisation can stop use of signature Immediate No need to publish external revocation No need for special device on user system Strict organisational controls can be applied to handling of signing key Improved security & reduced per user cost Need not be just eInvocing, same for verification?

29 DSS Verify Protocol DSS-Verify request (Signed document)
Public Key Store / directory Archive

30 DSS Signature Verification: Advantages
Verification complexities taken off user system Common verification policy can be directly applied Can maintain log of result of signature verification when first received for later re-checking

31 DSS TC standardization work overview
Profiles of the core specification: Extend and/or adapt the core to specific needs, use cases and environments. Time-stamp: equivalent of RFC 3161 for XML. Entity-seal: generation/verification of a “seal” (time-stamped signature with information of identity of the requester: proxy signature).

32 DSS TC standardization work overview
Advanced Electronic Signature. Supports lifecycle of CAdES and XAdES signatures Signature Gateway: creation of signatures at a gateway, translating from an internal format to a standard form Code-signing. Support to signing of code authorized for distribution Asynchronous Processing. Supports deferred delivery of server responses

33 DSS-X Overview New DSS-X TC “Digital Signature Services eXtended” opened in 23rd July 2007. DSS-X TC has joined OASIS IDTrust member section. Charter at: 33

34 DSS-X overview Main goals in the charter:
Produce new profiles based on DSS core. Produce dissemination material. Produce analysis of inter-relationship among profiles. Maintenance of existing DSS OASIS standards. 34

35 Anyone willing to contribute is very welcomed!
DSS-X overview Contacting coordinates: Website: Public comments list: Anyone willing to contribute is very welcomed! 35

36 Current status (I): DSS-X overview
Identified a number of profiles to develop: Profile for visible signatures. Profile for PDF signatures Profile for ebXML Profile for individual reports on every signature verified in multi-signature documents Profile for requesting signed verification responses 36

37 DSS-X overview Profiles for basic functions in support of generation and verification of XML signatures, CMS signatures, XML time-stamps and RFC 3161 time-stamps ("baseline" profiles). Profile for handling of signature & service policy Profile for supporting centralized encryption and decryption services 37

38 DSS-X overview Received some external and internal contributions that will be assessed in a near future. Currently TC is working in producing requirements documents for the different profiles. Rough time-line estimation: work completed by the end of 2008. 38

39 ESI and DSS, DSS-X standards relationship

40 ESI and DSS-X standards relationship
ESI has: Standardised electronic signature formats and profiled infrastructural elements. DSS (and its successor DSS-X) has: Defined protocols for remotely requesting generation and verification of electronic signatures to specialized services and has also … Specified a profile for requesting generation and validation of AdES signatures specified by ESI.

41 ESI and DSS-X standards relationship
DSS and DSS-X: Have made possible the provision of new services that are directly related to standards previously developed by IETF, W3C and ESI, but at the same time... These services will make use of infrastructural elements defined by ESI TC and ... Also, within Europe, they need to be aligned with the policy requirements specified by ESI TC

42 ESI and DSS-X standards relationship
Future: ESI and DSS-X could in a certain point of time establish a peer-review/comment mechanism to ensure the alignment of specifications produced by both bodies.

43 Thank you Questions ?

Download ppt "Www.oasis-open.org OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales."

Similar presentations

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Telia Research AB György Endersz 2001-05-08 1 European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.

Telia Research AB György Endersz European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.

Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards.

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz Presented by Arno Fiedler, Member of European Telecommunications Standards.
21 mai 2015 Bridges between Certification Authorities.

21 mai 2015 Bridges between Certification Authorities.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Web services security I

Web services security I

Similar presentations

Ads by Google