Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Slides:



Advertisements
Similar presentations
Universal Electronic Signatures Tarvi Martens ESTONIA.
Advertisements

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Education applications and the FAST project. Jonathan Gay Co-ordinator for Sheffield.
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Mountain View 25, 26 Sept 2007 The importance of incorporating XAdES extensions into ongoing XML-Sig work W3C Workshop on Next Steps for XML Signature.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Developments in cooperation between research and standardization related to security and secure communications Presentation at eMayor clustering event,
21 mai 2015 Bridges between Certification Authorities.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.
8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.
Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.
An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
OASIS Week of ebXML Standards Webinars June 4 – June 7, 2007.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Ivo Rosol, OKsystem Middleware.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
# # 0089CB # 00283C HEXRGB # COLOUR PALETTE TEXT COLOUR HEXRGB # FFFFFF 255 # # BFBFBF.
OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.
Presented by : Piero Milani ( InfoCamere - Italy)Piero Milani InfoCamere - Italy VCD Signature & VCD Verification strategy as seen by InfoCamere ( WP1.
Frank Schipplick Work Package Coordinator WP1 - eSignatures.
TAG Presentation 18th May 2004 Paul Butler
OASIS Digital Signature Services and ETSI standards Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales.
Training for developers of X-Road interfaces
DIGITAL SIGNATURE SERVICE
WEB SERVICES From Chapter 19 of Distributed Systems Concepts and Design,4th Edition, By G. Coulouris, J. Dollimore and T. Kindberg Published by Addison.
TAG Presentation 18th May 2004 Paul Butler
S/MIME T ANANDHAN.
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
Dashboard eHealth services: actual mockup
WEB SERVICES From Chapter 19, Distributed Systems
Presentation transcript:

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X co-chair Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X co-chair

n Paving the way (I): l OASIS DSS Standards. Protocols for central services providing signature generation AND verification. n Avoid problems of deployment of infrastructure required to support individual generation n All the complexity of verification implemented and deployed once at the server. n Reduces overhead of key management: the central server takes care of the required tasks on certs status in both generation and verification. n All the details of the policy for the signatures centralized. n May keep logs of the verification processes and results.

DSS concept. Conventional approach n Deploy key to each user n Handle Interface to all PKI functions n Security depends on user

PKI Certificate Management Directory System Internal user Authentication & authorisation DSS concept. DSS approach

DSS also forms the basis for the emerging standard eID-framework DSS (X) ISO/IEC / CEN TS („European Citizen Card“) ? classical DSS-domain new

n OASIS Digital Signature Services TC produced a set of OASIS standards, including the core protocols and a number of profiles. n When IPR modes changed, it was closed. n New OASIS Digital Signature Services eXtended TC created operating under OASIS RF IPR mode.

l Ebxml Messaging Transport Binding for DSS. n Specifies how DSS messages are encoded and carried using OASIS ebXML Message Service (Ebxml MS). n Ebxml MS: designed for supporting e-business. Communities using it as regular transport mechanism, may use this binding. n Robust channel between DSS clients and servers. n Make use of all the Ebxml MS features, including asynchronous messaging. l Profile for managing visible signatures. n Need to display (mostly in signed documents) information on the digital signatures to human beings. Parts of this information may also be signed. n Aims at defining mechanisms enabling clients interacting with DSS servers, to incorporate this visual information in the created signatures.

n In verification, DSS servers should be able to also verify some of the displayed information. l Profile for supporting centralized encryption/decryption. n Aims at providing protocols for requesting centralized encryption/decryption operations. n Works with CMS ContentInfo and with elements (binary and XML documents). n Allows to request encryption/decryption of only certain parts of a document. n Allows to request encryption for different intended recipients and operate with the corresponding encryption keys. n The combination of encryption and signature is also an issue for this profile.

l Profile for detailed individual verification reports. n Aims at incorporating the capability of reporting individually on each signature found in a document. Also aims at incorporating in each report relevant details of the verification process. n Business requirement: log the details of the verification process, including the certificates whose status were checked, the time-stamps verified, the CRLs checked, the OCSP responses requested and checked, attribute certificates verified, commitment endorsed by the signer, etc…. And this for each signature found in the signed document. l Profile for signed verification responses. n Aims at allowing to DSS clients to request that the verification response is actually signed by the verifying server. n Business requirement: to get responses that may be seen…

n …as signed receipts of the verification of a certain signed document. l Profile for handling signature policies. n Aims at allowing clients to request generation/verification of a digital signature following a certain set of rules (signature policy), and also allowing servers to report on the signature policy used for verifying certain signatures. n Business requirement: different documents may require different types of signatures, generated and verified following different rules and processes. This information is the signature policy. A server may be able to operate under different policies and allow to clients to select the suitable one.

l Analysis of inter-relationships among existing profiles. n Requirement: the number of different DSS profiles requires the production of a document explaining their inter- relationships in order to make a right usage of them. n Paving the way (II): Interoperability events: l Standards more and more complex. Interoperability is an issue. l Interoperability tests: n Very useful for progressing towards interoperability. n Provide feedback to the Standardization Bodies from actual implementers, helping in getting better standards (identify wrong or ambiguous parts, identify new requirements, etc)

l Face to face: XML Sec maintenance WG in l BUT now ALSO REMOTE interoperability events. n ETSI owns a portal supporting remote interoperability tests on XAdES signatures. It has conducted two Remote Interoperability events on XAdES (high figures of participation from Europe and Asia) and organized a third one for next year on XAdES and CAdES. See details at n l Also former DSS TC organized a restricted interoperability test between the TC members.

n New coming areas for digital signatures include trusted services supporting electronic business, with specific requirements on the signatures. One example: l “Registered Electronic Mail”. ETSI is about to publish its Technical Specification TS : “Registered Electronic Mail (REM): Architecture, Formats and Policies”. l REM: an “ enhanced form of mail transmitted by electronic means ( ) which provides evidence relating to the handling of an including proof of submission and delivery “. l This TS specifies a generic architecture for the provision of this type of services, proposals for formats of signed evidences and requirements on the corresponding digital signatures. This spec also acknowledges the existence of centralized services for generation and verification of digital signatures for evidences (DSS set of protocols).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.