Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.

Published byJulia Searing Modified over 9 years ago

Similar presentations

Presentation on theme: "Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature."— Presentation transcript:

1 Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature and XML Encryption Authors: Juan Carlos Cruellas – Universitad Politécnica de Cataluña cruellas@ac.upc.edu Giles Hogben – European Network and Information Security Agency Giles.Hogben@enisa.europa.eu Nick Pope – Thales eSecurity Nick.Pope@thales-esecurity.com

2 Historical background 1999: European Directive on a Community framework for electronic sigantures, by the European Commission. –Defines Advanced Electronic Signatures as those ones that: Are uniquely linked to the signatory Are capable of identifying the signatory Are created using means that the signatory may maintain under his sole ontrol Are linked to the data to which it relates in such a manner that any subsequent change of the data is detectable

3 Historical background ETSI (European Telecommunications Standardization Institute) starts developing standards for electronic signatures aligned with European directive. February 2002: ETSI publishes version 1.1.1 of Technical Specification (TS) 101 903: “XML Advanced Signature (XAdES)” February 2003, W3C acknowledges a submission based on XAdES v1.1.1 as W3C Note.

4 Historical background An interoperability event is organized by ETSI at November 2003. April 2004 publishes XAdES v1.2.2. Interoperability event in May 2004. March 2006 publishes XAdES v1.3.2

5 Technical background: generalities XAdES signatures build on XMLDSig signatures. XAdES signatures use XMLDSig extension capabilities (ds:Object). XAdES standardizes: –A number of new properties that further qualify XMLDSig signatures with information able to fulfil a number of common requirements (long term validity, non-repudiation, alignment to European Directive, etc) –Mechanisms to incorporate the aforementioned properties.

6 Technical background: generalities –Defines a number of so-called “XAdES forms” as signatures that incorporate specific combinations of properties.

7 Technical background: properties XAdES properties may: –Qualify the signature itself, the data to be signed or the signatory. –Be incorporated to the signature by the signer before actually produce the digital signature value it and be secured by the signature itself (signed properties). –Be incorporated by the signer, the verifier or another party after the generation of the digital signature value (unsigned properties).

8 Technical background: XAdES and signature lifecycle XAdES forms (specific combinations of properties) are designed to encompass signatures life-cycle. This specially includes long-term signatures, where XAdES forms provides mechanisms covering from their creation to their auditing long time after their creation and first verification.

9 Signer Incorporates properties Generates Signature Requests, gets and incorporates signature time-stamp Adds references to verification data Verifier Requests, gets and incorporates time-stamp on signature and references Verifies signature Adds verification data Requests, gets and incorporates archive time-stamp Storage service (1) (2) (3) (4) (5) (6) (7) (8)

10 Technical background: properties overview Signed properties. –Incorporated by the signer before actually computing the digital signature value. –Secured by the digital signature value. SigningCertificate: –Reference to the signing certificate and optionally to the certificates in the certpath. References incorporate identifiers and also digest values of the certificates. –Secures signer certificate reference.

11 SignerRole: –Indication of the role played by the signer when generating the signature. They may be claimed or certified (certificate attributes). CommitmentTypeIndication: –Commitment endorsed by the signer when producing the signature (proof of origin, proof of receipt, etc). Technical background: properties overview

12 SignatureProductionPlace: –Indication of the claimed place where the signature is produced. SigningTime: –indication of the claimed time when the signature is produced. Data object time-stamps: –Time-stamps on the to-be-signed data objects may also be incorporated.

13 XAdES-BES SigningCertificateSignerRole....

14 Signature policy identifier: –Reference to a set of rules followed when generating the signature and that also must be met when verifying it in order to consider the signature valid. This reference also includes a digest value computed on an electronic form of the signature policy document. Technical background: properties overview

15 XAdES-EPES SigningCertificateSignerRole....

16 XAdES-BES SigningCertificateSignerRoleSignaturePolicyId

17 Technical background: properties overview Unsigned properties: –Generated after the production of digital signature value. –Generated by the signer, verifier or other parties. –Usually data that help verifiers and auditors to assert the validity of the signature even long time after it was generated.

18 Technical background: properties overview SignatureTimeStamp: –Time-stamp on the signature that proves that the electronic signature was actually generated before that time. CompleteCertificateRefs: –References (including identifiers and digest values) to all the certificates in the certpath (but the signing certificate) that whose status verifiers must check while verifying the signature.

19 XAdES-T SigningCertificateSignerRoleSignaturePolicyId SignatureTimeStamp

20 Technical background: properties overview CompleteRevocationRefs: –References (including identifiers and digest values) of certificate status data (CRLs, OCSP responses, etc) that verifiers get while verifying the electronic signature. Time-stamp on signature and references: –Time-stamp securing signature and references to the material used by the verifier. It proves that at that time, a first verification of the signature took place and used the cryptographic material time-stamped. This may be assessed time after the verification.

21 XAdES-C SigningCertificateSignerRoleSignaturePolicyId SignatureTimeStamp CompleteCertificateRefsCompleteRevocationRefs XAdES-X SigAndRefsTimeStamp

22 Technical background: properties overview The next three properties are used when a long- term signature is required that incorporates all the cryptographic material used in its verification: CertificateValues: –All the certificates required in its validation. RevocationValues: –All the CRLs and/or OCSP required in its validation.

23 Technical background: properties overview ArchiveTimeStamp: –Time-stamp securing all the material in the signature including the values of the certificates and revocation data, to counter weakness of algorithms and cryptographic material signature-related as time goes bay. –Nesting allowed to counter weaknesses in algorithms and cryptographic material in previous time-stamps.

24 XAdES-X-L SigningCertificateSignerRoleSignaturePolicyId SignatureTimeStamp CompleteCertificateRefsCompleteRevocationRefs XAdES-A SigAndRefsTimeStamp CertificateValuesRevocationValues ArchiveTimeStamp

25 XAdES current deployment XAdES signatures are nowadays being deployed in European countries for a variety of environments: electronic invoicing, digital accounting, Registered Electronic e-mail, etc. In certain countries, laws require use of XAdES signatures for certain transactions. ETSI has issued TS 102 904 “Profiles of XML Advanced Electronic Signatures based on TS 101 903 (XAdES)”, defining XAdES profiles for e- invoicing, e-government, and also a baseline profile

26 Position XAdEs provides a relevant building block for international mutual legal recognition of electronic signatures. This is a critical issue in areas like European Union (3-years programme for rollout of cross-border interoperable e-ID services) and Asia (e-Asian Framework agreement, to “facilitate the establishment of mutual recognition of digital signature frameworks”)

27 Position It is suggested that W3C notes the existence of the features already defined in ETSI TS 101903, and does not re-define any features already addressed there. It is suggested that W3C works with ETSI to establish common specifications for use of XML- based signatures.

28 Position It is suggested that W3C takes account of the lack of reversibility between ASN.1 and string representation for Distinguished Names as stated in XMLDSig and produces a reversible way (XAdES uses these mechanisms for identifying cryptographic validation material).

29 References W3C Note on XAdES. At http://www.w3.org/TR/XAdES/ TS 101 903: “XML Advanced Electronic Signature (XAdES)“ ETSI TS 102904: “Profiles of XML Advanced Electronic Signatures based on TS 101 903 (XAdES)“ ETSI Standards may be downloaded at: http://pda.etsi.org/pda/queryform.asp

Download ppt "Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature."

Similar presentations

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz 11.09.2013 Presented by Arno Fiedler, Member of European Telecommunications Standards.

© ETSI 2012 All rights reserved EUROPEAN UNION MANDATE/460 Kloster Banz Presented by Arno Fiedler, Member of European Telecommunications Standards.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.
21 mai 2015 Bridges between Certification Authorities.

21 mai 2015 Bridges between Certification Authorities.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Similar presentations

Ads by Google