Digital Signatures without the Headaches
Deploying support for digital signatures can be a major headache for any organisation. In many cases signatures are created on behalf of an organisation but may be applied by a constantly changing authorised group of personnel. The need to manage the allocation and certification of the multitude of user keys can be particularly burdensome and difficult to secure. This paper presents an alternative approach to the digital signing, which significantly reduces these headaches, being supported by a number of companies and standardised by OASIS. The OASIS “Digital Signature Services” (DSS) standard specifies the use of a specialised server for the creation and verification of signatures under control of remote clients. Instead of keys having to be held and managed individually, OASIS DSS enables keys and other aspects of the signing service to be managed centrally on a networked server. The OASIS DSS protocol supports a range of signature formats including XML and CMS. It is designed around a basic “Core” set of elements and procedures which can be profiled to support specific uses such as time-stamping (including XML structured timestamps), corporate entity seals, electronic post marks and code signing.
KeywordsDigital Signature Proxy Signing Secure Channel Signature Verification Core Document
Unable to display preview. Download preview PDF.
- [OASIS DSS]OASIS Digital Signature Services Technical Committee http://www.oasis-open.orglconmiittees/tc_home.php?wg_abbrev=dss
- [ETSI TS 101 733]CMS Advanced Electronic Signatures (CAdES) http://www.etsi.org/services_products/freestandardlhome.htm
- [ETSI TS 101 903]XML Advanced Electronic Signatures (XAdES) http://www.etsi.org/services_products/freestandardlhome.htm
- [UPU EPM]Universal Postal Union-Electronic Post Mark http://www.upu.intlnews_centre/documents/enlbrochure_the_electronic_ post_mark_en.pdf