Digital Signature Service Core Protocols, Elements, and Bindings Version 0 oasis standard 11 April 2007




старонка1/11
Дата канвертавання24.04.2016
Памер0.54 Mb.
  1   2   3   4   5   6   7   8   9   10   11


Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0

OASIS Standard

11 April 2007

Specification URIs:

This Version:

http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html

http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.pdf

http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.doc

Latest Version:

http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html

http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.pdf

http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.doc

Technical Committee:

OASIS Digital Signature Services TC

Chair(s):

Nick Pope, Thales eSecurity

Juan Carlos Cruellas, Centre d'aplicacions avançades d’Internet (UPC)

Editor(s):

Stefan Drees, individual



Related work:

Declared XML Namespace(s):

urn:oasis:names:tc:dss:1.0:core:schema



Abstract:

This document defines XML request/response protocols for signing and verifying XML documents and other data. It also defines an XML timestamp format, and an XML signature property for use with these protocols. Finally, it defines transport and security bindings for the protocols.



Status:

This document was last revised or approved by the membership of OASIS on the above date. The level of approval is also listed above. Check the current location noted above for possible later revisions of this document. This document is updated periodically on no particular schedule.

Technical Committee members should send comments on this specification to the Technical Committee’s email list. Others should send comments to the Technical Committee by using the “Send A Comment” button on the Technical Committee’s web page at http://www.oasis-open.org/committees/dss/.

For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the Technical Committee web page (http://www.oasis-open.org/committees/dss/ipr.php).

The non-normative errata page for this specification is located at http://www.oasis-open.org/committees/dss/.

Notices

OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.

OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.

Copyright © OASIS® 1993–2007. All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.

This document and the information contained herein is provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

The name "OASIS" is a trademark of OASIS, the owner and developer of this specification, and should be used only to refer to the organization and its official outputs. OASIS welcomes reference to, and implementation and use of, specifications, while reserving the right to enforce its marks against misleading uses. Please see http://www.oasis-open.org/who/trademark.php for above guidance.



Table of Contents

1 Introduction 7

1.1 Terminology 7

1.2 Normative References 7

1.3 Schema Organization and Namespaces 9

1.4 DSS Overview (Non-normative) 9

2 Common Protocol Structures 11

2.1 Type AnyType 11

2.2 Type InternationalStringType 11

2.3 Type saml:NameIdentifierType 11

2.4 Element 11

2.4.1 Type DocumentBaseType 12

2.4.2 Element 13

2.4.3 Element 14

2.4.4 Element 15

2.5 Element 16

2.6 Element 17

2.7 Elements and 20

2.8 Common Optional Inputs 20

2.8.1 Optional Input 20

2.8.2 Optional Input 20

2.8.3 Optional Input 21

2.8.4 Optional Input 21

2.8.5 Optional Input 21

2.9 Common Optional Outputs 22

2.9.1 Optional Output 22

2.10 Type 22

2.11 Type 22

2.12 Element 23

3 The DSS Signing Protocol 24

3.1 Element 24

3.2 Element 24

3.3 Processing for XML Signatures 25

3.3.1 Basic Process for 25

3.3.2 Process Variant for 26

3.3.3 Process Variant for 26

3.3.4 Process Variant for 26

3.3.5 Process Variant for 27

3.3.6 Process Variant for 27

3.4 Basic Processing for CMS Signatures 28

3.4.1 Process Variant for 28

3.5 Optional Inputs and Outputs 29

3.5.1 Optional Input 29

3.5.2 Optional Input 29

3.5.3 Optional Input 31

3.5.4 Optional Input 31

3.5.5 Optional Input


31

3.5.6 Optional Input 32

3.5.7 Optional Input 34

3.5.8 Enveloped Signatures, Optional Input and Output 34

3.5.9 Optional Input 36

4 The DSS Verifying Protocol 39

4.1 Element 39

4.2 Element 39

4.3 Basic Processing for XML Signatures 39

4.3.1 Multi-Signature Verification 41

4.3.2 Signature Timestamp verification procedure 41

4.4 Basic Processing for CMS Signatures 43

4.5 Optional Inputs and Outputs 43

4.5.1 Optional Input and Output 44

4.5.2 Optional Input 44

4.5.3 Optional Input/Output / 45

4.5.4 Optional Input 46

4.5.5 Optional Input and Output


46

4.5.6 Optional Input and Output 47

4.5.7 Optional Input and Output 48

4.5.8 Optional Input and Outputs , 49

4.5.9 Optional Input and Output 50

4.5.10 Optional Input and Outputs , 51

5 DSS Core Elements 52

5.1 Element 52

5.1.1 XML Timestamp Token 52

5.1.2 Element 53

5.2 Element 53

6 DSS Core Bindings 55

6.1 HTTP POST Transport Binding 55

6.2 SOAP 1.2 Transport Binding 55

6.2.1 SOAP Attachment Feature and Element 56

6.3 TLS Security Bindings 58

6.3.1 TLS X.509 Server Authentication 58

6.3.2 TLS X.509 Mutual Authentication 58

6.3.3 TLS SRP Authentication 58

6.3.4 TLS SRP and X.509 Server Authentication 58

7 DSS-Defined Identifiers 59

7.1 Signature Type Identifiers 59

7.1.1 XML Signature 59

7.1.2 XML TimeStampToken 59

7.1.3 RFC 3161 TimeStampToken 59

7.1.4 CMS Signature 59

7.1.5 PGP Signature 59

A. Use of Exclusive Canonicalization 60

B. More Complex Example 61

C. Acknowledgements 62




  1   2   3   4   5   6   7   8   9   10   11


База данных защищена авторским правом ©shkola.of.by 2016
звярнуцца да адміністрацыі

    Галоўная старонка