Professional Documents
Culture Documents
Oasis Eema 2009 London v1
Oasis Eema 2009 London v1
org
Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services.
Coarse Orientation:
'Protocols for central services providing signature generation AND verification'
Avoid problems of deployment of infrastructure required to support individual generation Reduces overhead of key management: the central server takes care of the required tasks on certs status in both generation and verification. All the complexity of verification implemented and deployed once at the server. Details of the policy for the signatures centralized. Get this using one standardized protocol !
What's new :
DSS-X TC
Founded in 2008 Many DSS members joined
Detailed Look :
Get a more detailed knowledge about some selected profiles that may be useful for e-identity applications : Verification reports
Detailed information about verification results.
ebXML
Transporting DSS requests using the OASIS standard.
Details on the signed and unsigned properties present within the signature.
PathValiditySummary
CertificateIdentifier
PathValidityDetail
CertificateIdentifier PathValidityDetail Subject ChainingOK TSLValidity CertificateValidity ValidityPeriodOK ExtensionsOK CertificateValue CertificateContent SignatureOK CertificateStatus Details on the status of this certificate (including CRL, OCSP responses) in next slide
CertStatusOK RevocationDate RevocationInfo CertificateStatus CRLValidity CRLReference RevocationEvidence OCSPValidity OCSPReference Other Details certification path for the CRL itself RevocationReason
Structure of IndividualReport
Individual Structures
ebXML Profile
ebXML Messaging (ebMS) is an advanced OASIS Standard messaging protocol:
Synchronous or asynchronous SOAP-based messaging Reliable and secure messaging Standard business metadata in document header OASIS Standards version 2.0 (2002), version 3.0 (2007)
CS profile advantages
Centralized signing pays off in the usual way : Control about secret keys Easy certificate management Controlling who signs Tracking what / when / by whom was signed Access can be managed on per-user basis. Even automatic build environments supported.
Standardization forecast
Public review
ebXML Visible Signature Signature Policy Individual Verification Report Other ..
Further process
Approval of new profiles as OS : end of 2009 Updated DSS Core : end of 2009 Cross matrix for existing profiles : First term of 2010
http://www.turbophoto.com
Questions ?
OASIS Digital Signature Services eXtended ( DSS-X )
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss-x
Chairs : Stefan Drees ( stefan@drees.name) Juan Carlos Cruellas ( cruellas@ac.upc.edu) Andreas Kuehne ( kuehne@trustable.de )