OASIS Digital Signature Services eXtended (DSS-X) TC
Advancing digital signature services standards
Andreas Kuehne, kuehne@trustable.de, Chair
Stefan Hagen, stefan@hagen.link, Chair
Table of Contents
- Announcements
- Overview
- Technical Work Produced by the Committee
- Expository Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Additional Information
- Security Notice: CVE-2020-13101 - The DSS core 1.0 became OASIS standard in 2007. It defines an interface for signature creation and validation for different signature formats and supports multiple variants to transport the documents to be signed or verified. The combination of InlineXML-option (XML-payload within the DSS transport document) and a specially crafted XMLDSig allows an attacker to circumvent the non-repudiation property of the signature. The details regarding this problem are explained in detail in a short (presentation). The recommended mitigation is to move to DSS-X core 2.0. Alternatively, deny the use of the InlineXML option.
- Digital Signature Service Core Protocols, Elements, and Bindings v2.0 and Digital Signature Service Metadata v1.0 are approved as Committee Specification 02. See the announcement for details.
- Digital Signature Service Core Protocols, Elements, and Bindings v2.0 Committee Specification Public Review Draft 03 (CSPRD03) and Digital Signature Service Metadata v1.0 CSPRD02 are for public review and comment through October 21st. See the announcement for details.
- Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0 Committee Specification 01, approved 04 July 2019, is available. See https://docs.oasis-open.org/dss-x/dss-core/v2.0/cs01/dss-core-v2.0-cs01.html
- Digital Signature Service Metadata Version 1.0 Committee Specification 01, approved 04 July 2019, is available. See https://docs.oasis-open.org/dss-x/dss-md/v1.0/cs01/dss-md-v1.0-cs01.html
- DSS Extension for Local Signature Computation Version 1.0 Committee Specification 02, approved 06 March 2017, is available. See http://docs.oasis-open.org/dss-x/localsig/v1.0/cs02/localsig-v1.0-cs02.html.
- DSS-X takes on work on Digital Signature Services from the DSS technical committee
- DSS-X joins IDtrust Member Section
- DSS-X Starts work on requirements for profiles and errata on DSS Core spec
- DSS-X TC begins work on local signature processing profile: Info - Use Cases
The DSS-X TC is developing new profiles of the existing OASIS Digital Signature Services core protocol "Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0" and is maintaining this specification and its existing profiles. If at a later date it becomes clear that a new version of DSS is necessary then this may be produced by the TC.
DSS-X is also working on promotion of the standard and the creation of material helping dissemination. In general terms, the TC has the goal to facilitate the processing of digital signatures and time stamps in a client server environment.
The DSS-X TC is a member of the IDtrust Member Section.
For more information, see the TC Charter and FAQ
Technical Work Produced by the Committee
Existing DSS SpecificationsThe existing DSS specifications are available through the DSS TC home page
Committee SpecificationsDigital Signature Service Core Protocols, Elements, and Bindings Version 2.0 CS02 (Approved 11 December 2019): PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.
Digital Signature Service Metadata Version 1.0 CS02 (Approved 11 December 2019>: PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.
Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0 CS01 (Approved 04 July 2019): PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.
Digital Signature Service Metadata Version 1.0 (Approved 04 July 2019>: PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.
OASIS DSS Extension for Local Signature Computation Version 1.0 CS02 (Approved 06 March 2017): PDF, HTML, Editable Source (DocBook). XML schema.
OASIS DSS Extension for Local Signature Computation Version 1.0 (Approved since 27 July 2015): PDF, HTML (Authoritative), Editable Source (DocBook).
OASIS ebXML Messaging Transport Binding for Digital Signature Services Version 1.0 (Approved since 08 November 2008): PDF, HTML, Editable Source.
OASIS DSS v1.0 Profile for Comprehensive Multi-Signature Verification Reports Version 1.0 (Approved since 11 November 2010): PDF (Authoritative), HTML, Editable Source; Schema in W3C XSD.
Visible Signature Profile of the OASIS Digital Signature Services Version 1.0 (Approved since 08 May 2009): PDF, HTML, Editable Source; Schema in W3C XSD.
Public DraftsSignature Policy Profile (the public review started 15 June 2009, and ended 14 August 2009): PDF, HTML, Editable Source; Schema in W3C XSD.
Interoperability TestingThe OASIS DSS TC carried out a set of interoperability tests for assessing the worthiness of the specifications being developed, and the feasibility of easily getting interoperable implementations from them. A document has been produced that defines and describes a number of relevant test cases for the specifications. Its contents may benefit implementors of the DSS specifications.
Latest version of the aforementioned document may be found at:
http://www.oasis-open.org/committees/download.php/20508/oasis-dss-1.0-interop-wd-07.doc.
Members of the DSS TC, which have developed independent implementations of the specifications, have successfully participated in these interoperability tests.
Wiki for OASIS DSS-X TC member collaboration
dss-x-spec TC GitHub: Repository for development of the draft standard, where the schema files and the prose annotations are mixed via continuous integration into the resulting prose work product.
dss-x-openapi TC GitHub: Repository to support development of OpenAPI conforming schema equivalents of the Digital Signature Service schema family.
Expository Work Produced by the Committee
A presentation on Digital Signatures and e-Identity (Getting the best out of DSS / DSS-X services.), as presented on the EEMA-Event London, in 2009 is available here:
EEMA-Event 2009 presentation [PPT]
A presentation on DSS-X and ETSI ESI committees activities and their relationships, as presented on the IDTrust-Workshop Barcelona, in October 2007 is available here:
IDTrust 2007 Workshop presentation
A presentation on DSS given in July 2007 is available here:
DSS Presentation
Although not produced by the OASIS DSS TC, the following information offers useful insights into its work.
IDtrust XML.org is a community-driven site hosted by OASIS that provides reliable background information on the standard. The site also serves as a community bulletin board and directory where readers post news, ideas, opinions, and recommendations. It incorporates wiki functionality to let users edit and add new pages to the site. The public is encouraged to contribute content.
A paper submitted to the EEMA ISSE 2006 conference describing DSS is available (courtesy of EEMA)
EEMA ISSE paper on DSS.
dss-x: the list used by TC members to conduct Committee work. TC membership required to post. TC members are automatically subscribed; the public may view archives.
dss-x-comment: a public mail list for providing input to the OASIS dss-x Technical Committee members. Send a comment or view archives.
dss-dev: an unmoderated, public mail list that provides an open forum for developers to exchange ideas and information on implementing the DSS OASIS Standard. Subscribe or view archives.*
*To minimize spam, you must subscribe to these lists before posting.
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.