Advanced Electronic Signature Profiles of the OASIS Digital Signature Service Version 1.0
Committee Specification
13 February 2007
Specification URIs:
This Version:
http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-AdES-cs-v1.0-r1.html
http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-AdES-cs-v1.0-r1.pdf
Latest Version:
http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-AdES-cs-v1.0-r1.html
http://docs.oasis-open.org/dss/v1.0/oasis-dss-profiles-AdES-cs-v1.0-r1.pdf
Technical Committee:
OASIS Digital Signature Services TC
Chair(s):
Nick Pope, Thales eSecurity
Juan Carlos Cruellas, Centre d'aplicacions avançades d’Internet (UPC)
Editor(s):
Juan Carlos Cruellas, Centre d'aplicacions avançades d’Internet (UPC)
Related work:
This specification is related to:
Abstract:
This document defines one abstract profile of the OASIS DSS protocols for the purpose of creating and verifying XML or CMS based Advanced Electronic Signatures. It also defines two concrete sub-profiles: one for creating and verifying XML Advanced Electronic Signatures and the other for creating and verifying CMS based Advanced Electronic Signatures.
Status:
This document was last revised or approved by the OASIS Digital Signature Services TC on the above date. The level of approval is also listed above. Check the current location noted above for possible later revisions of this document. This document is updated periodically on no particular schedule.
Technical Committee members should send comments on this specification to the Technical Committee’s email list. Others should send comments to the Technical Committee by using the “Send A Comment” button on the Technical Committee’s web page at http://www.oasis-open.org/committees/dss.
For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasis-open.org/committees/dss/ipr.php.
The non-normative errata page for this specification is located at http://www.oasis-open.org/committees/dss.
Notices
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright © OASIS® 1993–2007. All Rights Reserved. OASIS trademark, IPR and other policies apply.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The names "OASIS" are trademarks of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance.
Table of Contents
3 Advanced Electronic Signature abstract profile
3.2.2 Relationship To Other Profiles
3.3 Profile of Signing Protocol
3.3.1.1 Element <OptionalInputs>
3.3.1.1.1.1 Optional Input <SignatureForm>
3.3.1.1.2 Optional Inputs already defined in the Core
3.3.1.1.2.1 Optional Input <SignatureType>
3.3.1.1.2.2 Optional inputs <ClaimedIdentity> and <KeySelector>
3.3.1.1.2.3 Optional Input <SignedProperties>
3.3.1.1.2.3.1 Requesting SigningTime
3.3.1.1.2.3.2 Requesting CommitmentTypeIndication
3.3.1.1.2.3.3 Requesting SignatureProductionPlace
3.3.1.1.2.3.4 Requesting SignerRole
3.3.1.1.2.3.5 Requesting AllDataObjectsTimeStamp
3.3.1.1.2.3.6 Requesting DataObjectFormat
3.3.2.1 Element <SignatureObject>
3.4 Profile of Verifying Protocol
3.4.1.2 Element <SignatureObject>
3.4.1.3 Element <OptionalInputs>
3.4.1.3.1 Element <ReturnUpdatedSignature>
3.5.1.1 Element <OptionalOutputs>
3.5.1.1.1 Optional Output <UpdatedSignature>
4 XML Advanced Electronic Signatures concrete Profile
4.2.3 Relationship To Other Profiles
4.3 Profile of Signing Protocol
4.3.2.1 Element <OptionalInputs>
4.3.2.1.1.1 Element <SignatureForm>
4.3.2.1.2 Optional Inputs already defined in the Core
4.3.2.1.2.1 Optional Input <SignatureType>
4.3.2.1.2.2 Optional inputs < ClaimedIdentity> and <KeySelector>
4.3.2.1.2.3 Optional Input <SignedProperties>
4.3.2.1.2.3.1 Requesting SigningTime
4.3.2.1.2.3.2 Requesting CommitmentTypeIndication
4.3.2.1.2.3.3 Requesting SignatureProductionPlace
4.3.2.1.2.3.4 Requesting SignerRole
4.3.2.1.2.3.5 Requesting AllDataObjectTimeStamp
4.3.2.1.2.3.6 Requesting DataObjectFormat
4.3.2.1.2.3.7 Requesting <xades:IndividualDataObjectTimeStamp>
4.3.3.1 Element <SignatureObject>
4.4 Profile of Verifying Protocol
4.4.1.2 Element <SignatureObject>
4.4.1.3 Element <OptionalInputs>
4.4.1.3.1 Optional Output <ReturnUpdatedSignature>
4.4.2 Element <VerifyResponse>
4.4.2.1 Element <OptionalOutputs>
4.4.2.1.1 Optional Output <UpdatedSignature>
4.5.2.2 TLS X.509 Mutual Authentication
5 CMS-based Advanced Electronic Signature profile
5.2.3 Relationship To Other Profiles
5.3 Profile of Signing Protocol
5.3.1.2 Element <OptionalInputs>
5.3.1.2.1.1 Element <SignatureForm>
5.3.1.2.2 Optional Inputs already defined in the Core
5.3.1.2.2.1 Element <SignatureType>
5.3.1.2.2.2 Optional inputs < ClaimedIdentity> / <KeySelector>
5.3.1.2.2.3 Element <SignedProperties>
5.3.1.2.2.3.1 Requesting signing-time
5.3.1.2.2.3.2 Requesting commitment-type-indication
5.3.1.2.2.3.3 Requesting signer-location
5.3.1.2.2.3.4 Requesting signer-attributes
5.3.1.2.2.3.5 Requesting content-time-stamp
5.3.1.2.2.3.6 Requesting content-hints
5.3.2.1 Element <SignatureObject>
5.4 Profile of Verifying Protocol
5.4.1.2 Element <OptionalInputs>
5.4.1.2.1 Element <ReturnUpdatedSignature>
5.4.1.3 Element <SignatureObject>
5.4.2 Element <VerifyResponse>
5.4.2.1 Element <OptionalOutputs>
5.4.2.1.1 Element <UpdatedSignature>
5.5.2.2 TLS X.509 Mutual Authentication
6 XML timestamps in XAdES signatures
6.1 Generation and inclusion of XML timestamps
6.1.1 Profile for XAdES timestamp containers
6.1.2 XML timestamp within xades:IndividualDataObjectsTimeStamp
6.1.3 XML timestamp within xades:AllDataObjectsTimeStamp
6.1.4 XML timestamp within xades:SigAndRefsTimeStamp
6.1.5 XML timestamp within xades:RefsOnlyTimeStamp
6.1.6 XML timestamp within xades:ArchiveTimeStamp
6.2 Verification of XML timestamps
6.2.1 Verification of of xades:IndividuallDataObjectsTimeStamp including a XML timestamp
6.2.2 Verification of xades:AllDataObjectsTimeStamp including a XML timestamp
6.2.3 Verification of xades:SigAndRefsTimeStamp including a XML timestamp
6.2.4 Verification of xades:RefsOnlyTimeStamp including a XML timestamp
6.2.5 Verification of xades:ArchiveTimeStamp including a XML timestamp
7 Identifiers defined in this specification
7.1 Predefined advanced electronic signature forms identifiers
The DSS signing and verifying protocols are defined in [DSSCore]. As defined in that document, the DSS protocols have a fair degree of flexibility and extensibility. This document defines an abstract profile for the use of the DSS protocols for creating and verifying XML and CMS-based Advanced Electronic Signatures as defined in [XAdES] and [CAdES]. This document also defines two concrete profiles derived from the abstract one: one for creating and verifying XAdES signatures and the other for creating and verifying CAdES signatures.
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this specification are to be interpreted as described in IETF RFC 2119 [RFC 2119]. These keywords are capitalized when used to unambiguously specify requirements over protocol features and behavior that affect the interoperability and security of implementations. When these words are not capitalized, they are meant in their natural-language sense.
This specification uses the following typographical conventions in text: <ns:Element>, Attribute, Datatype, OtherCode.
1.2 Normative References
[AdES-XSD] J. C. Cruellas et al. AdES Profile Schema, OASIS, February 2007.
[CAdES] CMS Advanced Electronic Signatures. ETSI TS 101 733, January 2007.
[Core-XSD] S. Drees et al. DSS Schema. OASIS, February 2007).
[DSSCore] S. Drees et al. Digital Signature Service Core Protocols and Elements. OASIS, February 2007.
[RFC2119] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, http://www.ietf.org/rfc/rfc2119.txt, IETF RFC 2119, March 1997.
[RFC 2634] . Hoffman (ed.). Enhanced Security Services for S/MIME http://www.ietf.org/rfc/rfc2634.txt, , IETF RFC 2634 June 1999
[RFC 3852] R. Housley. Cryptographic Message Syntax (CMS) , IETF RFC 3852, July 2004.
[XAdES] Advanced Electronic Signatures. ETSI TS 101 733. March 2006.
[XML-ns] T. Bray, D. Hollander, A. Layman. Namespaces in XML. http://www.w3.org/TR/1999/REC-xml-names-19990114, W3C Recommendation, January 1999.
[XMLSig] D. Eastlake et al. XML-Signature Syntax and Processing. http://www.w3.org/TR/1999/REC-xml-names-19990114, W3C Recommendation, February 2002.
1.3 Non-Normative References
1.4 Namespaces
The structures described in this specification are contained in the schema file [AdES-XSD]. All schema listings in the current document are excerpts from the schema file. In the case of a disagreement between the schema file and this document, the schema file takes precedence.
This schema is associated with the following XML namespace:
urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#
Conventional XML namespace prefixes are used in this document:
o The prefix dss: (or no prefix) stands for the DSS core namespace [Core-XSD].
o The prefix ds: stands for the W3C XML Signature namespace [XMLSig].
o The prefix xades: stands for ETSI XML Advanced Electronic Signatures (XAdES) document [XAdES].
Applications MAY use different namespace prefixes, and MAY use whatever namespace defaulting/scoping conventions they desire, as long as they are compliant with the Namespaces in XML specification [XML-ns].
This document defines three profiles of the protocols specified in: “Digital Signature Services Core Protocol and Elements” [DSSCore].
The first one is an abstract profile defining messages for supporting the lifecycle of advanced electronic signatures. Both, XML and CMS-based advanced electronic signatures are supported by this profile.
One concrete profile, derived from the aforementioned abstract profile, gives support to the lifecycle of XML advanced electronic signatures as specified in [XAdES].
A second concrete profile, also derived from the abstract one, gives support to the lifecycle of CMS-based advanced electronic signatures as specified in [CAdES].
Implementations should implement one of the concrete profiles (or both) in order to request generation or validation of advanced electronic signatures in one of the two formats (or both).
3.1 Overview
This abstract profile supports operations within each phase of the lifecycle of two types of advanced electronic signature:
o XML encoded signatures based on [XMLSig] such as specified in [XAdES].
o Binary encoded signatures based on [RFC 3852] such as specified in [CAdES].
Henceforward, the document will use the term advanced signature when dealing with issues that affect to both types of signatures. The document will use XAdES or CAdES signatures when dealing with issues that affect one or the other but not both of them.
For the generation of advanced signatures, the following operations apply:
o SignRequest. This operation supports requests for:
o Generating predefined advanced signature forms as defined in [XAdES] and [CAdES].
o Generating XML signatures incorporating specific signed/unsigned properties whose combination does not fit any predefined XAdES signature form. In such cases, the form MUST have been defined in a proprietary specification and MUST be identified by one URI.
o Generating CMS signatures incorporating specific signed/unsigned attributes whose combination does not fit any predefined [CAdES] signature form. In such cases, the form MUST have been defined in a proprietary specification and MUST be identified by one URI.
o SignResponse. This operation supports delivery of:
o Predefined advanced signature forms as defined in [XAdES] and [CAdES].
o XML signatures with specific properties whose combination does not fit any predefined XAdES signature form. In such cases, the form MUST have been defined in some other specification and MUST be identified by one URI.
o CMS signatures incorporating specific signed attributes whose combination does not fit any predefined [CAdES] signature form. In such cases, the form MUST have been defined in some other specification and MUST be identified by one URI.
For advanced signature verification (and updating) the following operations apply:
o VerifyRequest. This operation supports requests for:
o Verifying a predefined advanced signature form.
o Verifying XML signatures incorporating specific properties whose combination does not fit any predefined XAdES signature form.
o Verifying any of the signatures mentioned above PLUS updating them by addition of additional properties (time-stamps, validation data, etc) leading to a predefined XAdES form.
o Verifying CMS signatures incorporating specific attributes whose combination does not fit any predefined [CAdES] signature form.
o Verifying any of the signatures mentioned above PLUS updating them by addition of additional attributes (time-stamps, validation data, etc) leading to a predefined [CAdES] form.
o Verifying a long-term advanced signature in a certain point of time.
o VerifyResponse. This operation supports delivery of:
o Advanced signature verification result of signatures mentioned above.
o Advanced signature verification result PLUS the updated signatures as requested.
The material for each operation will clearly indicate the lifecycle phase it pertains to.
3.2 Profile Features
3.2.1 Scope
This document profiles the DSS signing and verifying protocols defined in [DSSCore].
3.2.2 Relationship To Other Profiles
The profile in this document is based on the [DSSCore]. The profile in this document may not be directly implemented. It is further profiled by the two concrete profiles also defined in sections 4 and 5.
3.2.3 Signature Object
This profile supports the creation and verification of advanced signatures as defined in [XAdES] and [CAdES].
This profile also supports update of advanced signatures by addition of unsigned properties (time-stamps and different types of validation data), as specified in [XAdES] and [CAdES].
3.3 Profile of Signing Protocol
The present profile allows requesting:
o Predefined forms of advanced electronic signatures as defined in [XAdES] and [CAdES].
o Other forms of signatures based in [XMLSig] or [RFC 3852] defined in other specifications,
In both cases, the specific requested form will be identified by an URI.
According to this profile, the following predefined advanced signature forms defined in [XAdES] and [CAdES] MAY be requested (those forms whose name begin by XAdES- are forms names for XAdES signatures; those ones whose name begin by CAdES are names for CAdES signatures):
o CAdES-BES and XAdES-BES. In this form, the signing certificate is secured by the signature itself.
o CAdES-EPES and XAdES-EPES. This form incorporates an explicit identifier of the signature policy that will govern the signature generation and verification.
o CAdES-ES-T and XAdES-T. This form incorporates a trusted time, by means of a time-stamp token or a time-mark.
o CAdES-ES-C and XAdES-C.
o CAdES-ES-X and XAdES-X.
o CAdES-ES-X-L and XAdES-X-L.
o CAdES-ES-A and XAdES-A.
In addition, the present profile provides means for requesting incorporation in any of the aforementioned forms any of the signed properties defined in [XAdES] and signed attributes defined in [CAdES].
Other electronic signature forms based in [XMLSig] or [RFC 3852], defined elsewhere, MAY also be requested using the mechanisms defined in this profile.
3.3.1 Element <SignRequest>
This clause profiles the dss:SignRequest element.
3.3.1.1 Element <OptionalInputs>
3.3.1.1.1 New Optional Inputs
3.3.1.1.1.1 Optional Input <SignatureForm>
The form of signature required MAY be indicated using the following new optional input
<xs:element name="SignatureForm" type=”xs:anyURI”/>
If not present the signature form SHALL be implied by the selected <SignaturePolicy> or the signature policy applied by the server.
Section 7.1 of this abstract profile defines a set of URIs identifying the predefined advanced electronic signature forms specified in [CAdES] and [XAdES].
Should other standard or proprietary specification define new signature forms and their corresponding URIs, concrete sub-profiles of this abstract profile could be defined for giving support to their verification and update.
Should a form identified by an URI, admit different properties combinations, the server will produce a specific combination depending on its policy or configuration settings.
3.3.1.1.2 Optional Inputs already defined in the Core
None of the optional inputs specified in the [DSS Core] are precluded in this abstract profile. It only constrains some of them and specifies additional optional inputs.
3.3.1.1.2.1 Optional Input <SignatureType>
This element is OPTIONAL. If present, <SignatureType> SHALL be either:
urn:ietf:rfc:3275
for requesting XML-based signatures, or
urn:ietf:rfc:3369
for requesting CMS-based signatures, as defined in 7.1 of [DSS Core].
If not present the signature type SHALL be implied by the selected <SignaturePolicy> or the signature policy applied by the server.
3.3.1.1.2.2 Optional inputs <ClaimedIdentity> and <KeySelector>
As forms defined in [XAdES] and [CAdES] require that the signing certificate is protected by the signature, the server MUST gain access to that certificate.
<dss:ClaimedIdentity> or <dss:KeySelector> optional inputs MAY be present. If they are not present, the server may use means not specified in this profile to identify the signer’s key and gain access to its certificate.
3.3.1.1.2.3 Optional Input <SignedProperties>
The requester MAY request to the server the addition of optional signed properties using the <dss:SignedProperties> element’s <dss:Property> child profiled as indicated in clauses below. First names correspond to the one given by XAdES to the signed properties. Second ones correspond to the names given by CAdES to the signed attributes.
Signed properties that MAY be requested are:
|
XAdES |
CAdES |
|
SigningTime |
signing-time |
|
CommitmentTypeIndication |
commitment-type-indication |
|
SignerRole |
signer-attributes |
|
SignatureProductionPlace |
signer-location |
|
DataObjectFormat |
content-hints |
|
AllDataObjectsTimeStamp |
content-time-stamp |
|
IndividualDataObjectsTimeStamp |
No equivalent signed attribute |
Next sub-sections show how a client should request each of the aforementioned properties-attributes. The type of signature requested (XAdES or CAdES) will determine whether a XAdES property or a CAdES attribute is generated by the server.
3.3.1.1.2.3.1 Requesting SigningTime
Value for <Identifier> element:
urn:oasis:names:tc:dss:1.0:profiles:AdES:SigningTime
If the client does not request such property, the server still MAY generate and include this property depending on its policy.
No content is required for Value element, since the actual contents of the property will be generated by the server when required.
3.3.1.1.2.3.2 Requesting CommitmentTypeIndication
Value for <Identifier> element:
urn:oasis:names:tc:dss:1.0:profiles:AdES:CommitmentTypeIndication
If the client does not request such property, the server still MAY generate and include it with values that depend on server’s policy.
The client MAY request the generation and inclusion of this signed property. In such cases the <Value> element MUST have the following content:
<xs:element name="RequestedCommitment">
<xs:complexType>
<xs:choice>
<xs:element ref="xades:CommitmentTypeIndication"/>
<xs:element name="BinaryValue" type="xs:base64Binary"/>
</xs:choice>
</xs:complexType>
</xs:element>
Element <xades:CommitmentTypeIndication> will be present when requesting a XML signature.
Element <BinaryValue> will be present when requesting an ASN.1 signature. Its contents MUST be the base64 encoding of commitment-type-indication ASN.1 attribute defined in [CAdES], DER-encoded
3.3.1.1.2.3.3 Requesting SignatureProductionPlace
Value for <Identifier> element:
urn:oasis:names:tc:dss:1.0:profiles:AdES:SignatureProductionPlace
The client MAY request a certain value for this property. Nevertheless, this value MAY be ignored by the server depending on its own policy, and the property be set to another value.
For requesting a value for this property, the <Value> element MUST have the following content:
<xs:element name="RequestedSignatureProductionPlace">
<xs:complexType>
<xs:choice>
<xs:element ref="xades:SignatureProductionPlace"/>
<xs:element name="BinaryValue" type="xs:base64Binary"/>
</xs:choice>
</xs:complexType>
</xs:element>
Element <xades:SignatureProductionPlace> will be present when requesting a XML signature.
Element <BinaryValue> will be present when requesting an ASN.1 signature. Its contents MUST be the base64 encoding of SignerLocation ASN.1 attribute defined in [CAdES], DER-encoded.
3.3.1.1.2.3.4 Requesting SignerRole
Value for <Identifier> element:
urn:oasis:names:tc:dss:1.0:profiles:AdES:SignerRole
When the client requests the generation and inclusion of this signed property the <Value> element MUST have the following content:
<xs:element name="RequestedSignerRole">
<xs:complexType>
<xs:choice>
<xs:element ref="xades:SignerRole"/>
<xs:element name="BinaryValue" type="xs:base64Binary"/>
</xs:choice>
</xs:complexType>
</xs:element>
Element <xades:SignerRole> will be present when requesting a XML signature.
Element <BinaryValue> will be present when requesting a ASN.1 signature. Its contents MUST be the base64 encoding of signer-attributes ASN.1 attribute defined in [CAdES], DER-encoded.
3.3.1.1.2.3.5 Requesting AllDataObjectsTimeStamp
This element will be added for requesting the generation and inclusion of a time-stamp token on (all) the data object(s) to be signed.
Value for <Identifier> element:
urn:oasis:names:tc:dss:1.0:profiles:AdES:AllDataObjectsTimeStamp
No content is required for <Value> element, since the actual contents of the property will be generated by the server when required.
3.3.1.1.2.3.6 Requesting DataObjectFormat
Value for Identifier element:
urn:oasis:names:tc:dss:1.0:profiles:AdES:DataObjectFormat
When the client requests the generation and inclusion of this signed property the <Value> element MUST have the following content.
<xs:element name="RequestedDocsFormat&quo