OASIS Digital Signature Services (DSS) TC

Completed

Defining an XML interface to process digital signatures for Web services and other applications

Table of Contents

Announcements
TC Overview
Technical Work Produced by the Committee
External Resources
Mailing Lists and Comments
Additional Information

Announcements

DSS v1.0 has been now been fully ratified as OASIS Specifications.

The DSS OASIS Specifications are available below. This consists:

Digital Signature Service Core Protocols, Elements, and Bindings

and the following profiles of the OASIS Digital Signature Services:

XML Timestamping Profile
Signature Gateway Profile
German Signature Law Profile
Entity Seal Profile
Electronic PostMark (EPM) Profile
Abstract Code-Signing Profile
J2ME Code-Signing Profile
Asynchronous Processing Abstract Profile
Advanced Electronic Signature Profiles

Interoperability tests have been carried out by members of the DSS TC to prove the operation of the DSS.

For an overview of DSS see DSS Specifications Overview below.

TC Overview

The OASIS Digital Signature Services (DSS) TC will develop techniques to support the processing of digital signatures. This includes defining an interface for requesting that a web service produce and/or verify a digital signature on a given piece of data and techniques for proving that a signature was created within its key validity period.

For more information, see the TC Charter and FAQ

Technical Work Produced by the Committee

DSS Specifications Overview

The Digital Signature Services (DSS) specifications describe two XML-based request/response protocols – a signing protocol and a verifying protocol. Through these protocols a client can send documents to a server and receive back a signature on the documents; or send documents and a signature to a server, and receive back an answer on whether the signature verifies the documents. The DSS Core specifications provide the basic protocols and elements which are adapted to support specific use cases in the DSS profiles.

A paper submitted to the EEMA ISSE 2006 conference describing DSS is available (courtesy of EEMA) EEMA ISSE paper on DSS.

An overview of the DSS specifications is available DSS Overview

Interoperability Testing

The OASIS DSS TC has carried out a set of interoperability tests for assessing the worthiness of the specifications being developed, and the feasibility of easily getting interoperable implementations from them. A document has been produced that defines and describes a number of relevant test cases for the specifications. Its contents may benefit implementors of the DSS specifications.

Latest version of the aforementioned document may be found at: http://www.oasis-open.org/committees/download.php/20508/oasis-dss-1.0-interop-wd-07.doc.

Members of the TC, which have developed independent implementations of the specifications, have successfully participated in these interoperability tests.

DSS Core

The DSS Core specification provide the basic protocols and elements which are adapted to support specific use cases in the DSS profiles.

DSS Profiles

The following profiles are released with this version 1.0 of DSS:

The DSS Time-stamp profile defines the use of the DSS Core protocols to support creation and verification of time-stamps. The profile includes support for the creation of XML Time-stamps as defined in the Core and binary time-stamps as defined in RFC 3161.

The DSS Asynchronous profile defines a simple mechanism for asynchronous DSS signing and verification requests.

The DSS Code-signing profile defines the use of the DSS Core protocols to support the signing of a software program.

The DSS J2ME Code-signing profile defines the use of the DSS Core protocols to support the signing of a software program as specified in the Java 2 Micro Edition (J2ME), Mobile Information Device Profile 2.0.

The DSS Entity seal profile defines the use of the DSS Core protocols to support creation and validation of a “seal” created by a given Entity or Organization on electronic data.

The DSS EPM profile defines the use of the DSS Core protocols to support the Universal Postal Union’s Electronic PostMarking (also called Digital PostMark) service.

The DSS German Signature Law profile defines the use of the DSS Core protocols to support creation and validation of qualified signatures according to the guidelines given by the German signature law.

The DSS AdES profile defines the use of the DSS Core to support the creation and verification of XML and binary Advanced Electronic Signatures as defined in ETSI TS 101 733 and TS 101 903.

The DSS Signature Gateway profile defines the use of the DSS Core to support the transform of both signing technology and credential logistics.

External Resources

Although not produced by the OASIS DSS TC, the following information offers useful insights into its work.

OASIS Members Work to Develop Digital Signature and Timestamping Protocols: Entrust, IONA, NIST, webMethods, TIBCO, Verisign, and Others Collaborate on Security Standard to Accelerate Web Services Deployment
OASIS News, 24 Oct 2002

Mailing Lists and Comments

dss: the list used by TC members to conduct Committee work. TC membership required to post. TC members are automatically subscribed; the public may view archives.

dss-comment: a public mail list for providing input to the OASIS dss Technical Committee members. Send a comment or view archives.

Additional Information

The DSS Technical Committee currently reviewing its future activities.

Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.

OASIS Open

OASIS Digital Signature Services (DSS) TC

Completed

Related links