XML Sophisticated Digital Signatures (XAdES) W3C Observe twenty February 2003 This edition: Most current model: Authors: Juan Carlos Cruellas, UPC<cruellas@ac.upc.es> Gregor Karlinger, IAIK<gregor.kerlinger@iaik.at> Denis Pinkas, Bull<Denis.Pinkas@bull.net> John Ross, Security and Standards<ross@secstan.com> Editors: Juan Carlos Cruellas, UPC<cruellas@ac.upc.es> Gregor Karlinger, IAIK<gregor.kerlinger@iaik.at> Krishna Sankar, Cisco<ksankar@cisco.com> Contributor: Krishna Sankar,
Microsoft Office 2007 Professional, Cisco<ksankar@cisco.com>
Copyright © 2003 ETSI , All
Rights Reserved.
Abstract
This notice (XAdES) extends the IETF/W3CXML-Signature Syntax and Processing
specification [XMLDSIG] into the domain of
non-repudiation by defining XML formats for innovative electronic signatures
that remain valid over long periods and are compliant with the European
"Directive 1999/93/EC of the European Parliament and of the Council of 13
December 1999 on a Community framework for digital signatures" [EU-DIR-ESIG] (also denoted as "the Directive" or the
"European Directive" in the rest of the present document) and incorporate
additional useful information in common uses cases. This includes evidence as
to its validity even if the signer or verifying party later attempts to deny
(repudiates) the validity of the signature.
An innovative electronic signature aligned with the present document can, in
consequence, be used for arbitration in case of a dispute between the signer
and verifier, which may occur at some later time, even years later.
This be aware adds six additional forms to [XMLDSIG]]:
XML Innovative Digital Signature (XAdES): Provides basic authentication and integrity protection and satisfies the legal requirements for innovative electronic signatures as defined in the European Directive [EU-DIR-ESIG]. But does not provide non-repudiation of its existence. This form adds the following elements to [XMLDSIG]:
QualifyingProperties
SignedProperties
SignedSignatureProperties
SigningTime
SigningCertificate
SignaturePolicyIdentifier
SignatureProductionPlace?
SignerRole?
SignedDataObjectProperties
DataObjectFormat*
CommitmentTypeIndication*
AllDataObjectsTimeStamp*
IndividualDataObjectsTimeStamp*
UnsignedProperties
UnsignedSignatureProperties
CounterSignature*
XML Superior Electronic Signature with Time-Stamp (XAdES-T): Includes time-stamp to provide protection against repudiation. This form adds the following element to XAdES form within the indicated element:
Within UnsignedSignatureProperties element:
SignatureTimeStamp+
XML Superior Electronic Signature with complete validation data (XAdES-C): Includes references to the set of data supporting the validation of the digital signature (i.e. the references to the certification path and its associated revocation status information). This form is useful for those situations where such information is archived by an external source, like a trusted service provider. This form adds the following elements to XAdES-T form within the indicated element:
Within UnsignedSignatureProperties element:
CompleteCertificateRefs
CompleteRevocationRefs
XML Advanced Digital Signature with eXtended validation data (XAdES-X): Includes time-stamp on the references to the validation data or on the ds:Signature element and the aforementioned validation data. This time-stamp counters the risk that any keys used in the certificate chain or in the revocation status information may be compromised. As it has been said, this form has two alternative implementations. The first one adds the following element to XAdES-C:
Within the UnsignedSignatureProperties element :
RefsOnlyTimeStamp*
The second one,
Windows 7 Ultimate Key, adds the following element to XAdES-C:
Within the UnsignedSignatureProperties element:
SigAndRefsTimeStamp*
XML Advanced Electronic Signature with eXtended validation data incorporated for the long term (XAdES-X-L): Includes the validation data for those situations where the validation data are not stored elsewhere for the long term. This form adds the following elements to XAdES-X:
Within the UnsignedSignatureProperties:
CertificatesValues
RevocationValues
XML Superior Digital Signature with archiving validation data (XAdES-A): It includes additional time-stamps for archiving signatures in a way that they are protected if the cryptographic data become weak. This form adds the following elements to XAdES-X-L:
Within the UnsignedSignatureProperties:
ArchiveTimestamp+
This be aware also articulates the following roles and their responsibilities
with respect to signature validity:
Signer: the entity that creates the digital signature. When the signer digitally signs over data object(s) using the prescribed format,
Office 2007 Key, this represents a commitment on behalf of the signing entity to the data object(s) being signed.
Verifier: the entity that verifies the digital signature. It may be a single entity or multiple entities
Trusted Service Providers: one or more entities that help to build trust relationships between the signer and verifier. The TSPs include Certification Authorities, Registration Authorities, Repository Authorities (e.g. a directory),
Windows 7 Serial, Time-Stamping Authorities,
Office 2010, Signature Policy Issuers and Attribute Authorities.
Arbitrator: An entity that arbitrates in disputes between a signer and a verifier.