w3c workshop on next steps for xml signature and xml
play

W3C Workshop on Next Steps for XML Signature and XML Encryption - PowerPoint PPT Presentation

Mar 18, 2023 •108 likes •404 views

W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating XAdES extensions into ongoing XML-Sig work Authors: Juan Carlos Cruellas Universitad Politcnica de Catalua cruellas@ac.upc.edu Giles

  1. W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating XAdES extensions into ongoing XML-Sig work Authors: Juan Carlos Cruellas – Universitad Politécnica de Cataluña cruellas@ac.upc.edu Giles Hogben – European Network and Information Security Agency Giles.Hogben@enisa.europa.eu Nick Pope – Thales eSecurity Nick.Pope@thales-esecurity .com Mountain View 25, 26 Sept 2007

  2. Historical background • 1999: European Directive on a Community framework for electronic sigantures, by the European Commission. – Defines Advanced Electronic Signatures as those ones that: • Are uniquely linked to the signatory • Are capable of identifying the signatory • Are created using means that the signatory may maintain under his sole ontrol • Are linked to the data to which it relates in such a manner that any subsequent change of the data is detectable

  3. Historical background • ETSI (European Telecommunications Standardization Institute) starts developing standards for electronic signatures aligned with European directive. • February 2002: ETSI publishes version 1.1.1 of Technical Specification (TS) 101 903: “XML Advanced Signature (XAdES)” • February 2003, W3C acknowledges a submission based on XAdES v1.1.1 as W3C Note.

  4. Historical background • An interoperability event is organized by ETSI at November 2003. • April 2004 publishes XAdES v1.2.2. • Interoperability event in May 2004. • March 2006 publishes XAdES v1.3.2

  5. T echnical background: generalities • XAdES signatures build on XMLDSig signatures. • XAdES signatures use XMLDSig extension capabilities (ds:Object). • XAdES standardizes: – A number of new properties that further qualify XMLDSig signatures with information able to fulfil a number of common requirements (long term validity, non- repudiation, alignment to European Directive, etc) – Mechanisms to incorporate the aforementioned properties.

  6. T echnical background: generalities – Defines a number of so-called “XAdES forms” as signatures that incorporate specific combinations of properties.

  7. T echnical background: properties • XAdES properties may: – Qualify the signature itself, the data to be signed or the signatory. – Be incorporated to the signature by the signer before actually produce the digital signature value it and be secured by the signature itself (signed properties). – Be incorporated by the signer, the verifier or another party after the generation of the digital signature value (unsigned properties).

  8. T echnical background: XAdES and signature lifecycle • XAdES forms (specific combinations of properties) are designed to encompass signatures life-cycle. • This specially includes long-term signatures, where XAdES forms provides mechanisms covering from their creation to their auditing long time after their creation and first verification.

  9. (8) Requests, gets and incorporates Incorporates archive time-stamp Storage properties Verifier service (1) (8) Adds verification Signer Generates data (2) Signature (7) (3) Requests, gets and incorporates Requests, gets (6) time-stamp on signature and incorporates and references signature time-stamp (5) Verifies (4) signature (4) Adds references to verification data

  10. T echnical background: properties overview • Signed properties. – Incorporated by the signer before actually computing the digital signature value. – Secured by the digital signature value. • SigningCertificate: – Reference to the signing certificate and optionally to the certificates in the certpath. References incorporate identifiers and also digest values of the certificates. – Secures signer certificate reference.

  11. T echnical background: properties overview • SignerRole: – Indication of the role played by the signer when generating the signature. They may be claimed or certified (certificate attributes). • CommitmentTypeIndication: – Commitment endorsed by the signer when producing the signature (proof of origin, proof of receipt, etc) .

  12. T echnical background: properties overview • SignatureProductionPlace: – Indication of the claimed place where the signature is produced. • SigningTime: – indication of the claimed time when the signature is produced. • Data object time-stamps: – Time-stamps on the to-be-signed data objects may also be incorporated.

  13. SignerRole .... XAdES-BES SigningCertificate

  14. T echnical background: properties overview • Signature policy identifier: – Reference to a set of rules followed when generating the signature and that also must be met when verifying it in order to consider the signature valid. This reference also includes a digest value computed on an electronic form of the signature policy document.

  15. SignerRole .... XAdES-EPES SigningCertificate

  16. XAdES-BES SigningCertificate SignerRole SignaturePolicyId

  17. T echnical background: properties overview • Unsigned properties: – Generated after the production of digital signature value. – Generated by the signer, verifier or other parties. – Usually data that help verifiers and auditors to assert the validity of the signature even long time after it was generated.

  18. T echnical background: properties overview • SignatureTimeStamp: – Time-stamp on the signature that proves that the electronic signature was actually generated before that time. • CompleteCertificateRefs: – References (including identifiers and digest values) to all the certificates in the certpath (but the signing certificate) that whose status verifiers must check while verifying the signature.

  19. XAdES-T SigningCertificate SignerRole SignaturePolicyId SignatureTimeStamp

  20. T echnical background: properties overview • CompleteRevocationRefs: – References (including identifiers and digest values) of certificate status data (CRLs, OCSP responses, etc) that verifiers get while verifying the electronic signature. • Time-stamp on signature and references: – Time-stamp securing signature and references to the material used by the verifier. It proves that at that time, a first verification of the signature took place and used the cryptographic material time-stamped. This may be assessed time after the verification.

  21. XAdES-C SigningCertificate SignerRole SignaturePolicyId XAdES-X SignatureTimeStamp CompleteCertificateRefs CompleteRevocationRefs SigAndRefsTimeStamp

  22. T echnical background: properties overview • The next three properties are used when a long- term signature is required that incorporates all the cryptographic material used in its verification: • CertificateValues: – All the certificates required in its validation. • RevocationValues: – All the CRLs and/or OCSP required in its validation.

  23. T echnical background: properties overview • ArchiveTimeStamp: – Time-stamp securing all the material in the signature including the values of the certificates and revocation data, to counter weakness of algorithms and cryptographic material signature-related as time goes bay. – Nesting allowed to counter weaknesses in algorithms and cryptographic material in previous time-stamps.

  24. XAdES-X-L SigningCertificate SignerRole SignaturePolicyId XAdES-A SignatureTimeStamp CompleteCertificateRefs CompleteRevocationRefs SigAndRefsTimeStamp CertificateValues RevocationValues ArchiveTimeStamp

  25. XAdES current deployment • XAdES signatures are nowadays being deployed in European countries for a variety of environments: electronic invoicing, digital accounting, Registered Electronic e-mail, etc. • In certain countries, laws require use of XAdES signatures for certain transactions. • ETSI has issued TS 102 904 “Profiles of XML Advanced Electronic Signatures based on TS 101 903 (XAdES)”, defining XAdES profiles for e- invoicing, e-government, and also a baseline profile

  26. Position • XAdEs provides a relevant building block for international mutual legal recognition of electronic signatures. This is a critical issue in areas like European Union (3-years programme for rollout of cross-border interoperable e-ID services) and Asia (e-Asian Framework agreement, to “facilitate the establishment of mutual recognition of digital signature frameworks”)

  27. Position • It is suggested that W3C notes the existence of the features already defined in ETSI TS 101903, and does not re-define any features already addressed there. • It is suggested that W3C works with ETSI to establish common specifications for use of XML- based signatures.

  28. Position • It is suggested that W3C takes account of the lack of reversibility between ASN.1 and string representation for Distinguished Names as stated in XMLDSig and produces a reversible way (XAdES uses these mechanisms for identifying cryptographic validation material).

  29. References • W3C Note on XAdES. At http://www.w3.org/TR/XAdES/ • TS 101 903: “XML Advanced Electronic Signature (XAdES)“ • ETSI TS 102904: “Profiles of XML Advanced Electronic Signatures based on TS 101 903 (XAdES)“ • ETSI Standards may be downloaded at: http://pda.etsi.org/pda/queryform.asp

Recommend

ratification and signature Signature vs ratification Signature formal expression of intent to

ratification and signature Signature vs ratification Signature formal expression of intent to

Steps and technical modalities to follow for the deposit of the instrument of ratification and signature Signature vs ratification Signature formal expression of intent to be bound, but no legal obligation yet: however, a State is

585 views • 10 slides
Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature

Discharge uncertainty: sources and implications for hydrological analyses Signature 1 Signature 1 Signature 2 Signature 2 http://comm ons.wikime dia.org/wiki/ File:Piasnic a- Signature 3 Signature 3 wodowskaz -0.jpg Ida Westerberg 1,2

388 views • 19 slides
1 8 Steps to Grow Your Coaching Practice with Ease 1) Receive Your Niche 2) Create Your

1 8 Steps to Grow Your Coaching Practice with Ease 1) Receive Your Niche 2) Create Your

1 8 Steps to Grow Your Coaching Practice with Ease 1) Receive Your Niche 2) Create Your Signature Program 3) Grow Your Community 4) Design Investment Opportunities 5) Learn a Winning Enrollment Conversation 6) Craft Your Signature Talk 7)

201 views • 19 slides
XML Signature Performance and One-Pass Processing Issues Position Paper Presentation Sean Mullan

XML Signature Performance and One-Pass Processing Issues Position Paper Presentation Sean Mullan

XML Signature Performance and One-Pass Processing Issues Position Paper Presentation Sean Mullan Sun Microsystems W3C Workshop on Next Steps for XML Signature and Encryption Agenda Performance Issues One-Pass Processing Issues

599 views • 12 slides
Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital

Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Digital Signature And Hash Function Biometric Signature Electronic Signature Act ROC, 2002/04/01,

299 views • 13 slides
Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is

Digital Signature Schemes 1 What is digital signature? Properties Who signed what is publicly verifiable Unforgeable 2 A Digital Signature Scheme Key generation algorithm G (probabilistic) ( pk, sk ) G (1 ) security

602 views • 22 slides
1-out-of-2 Signature Jun Shao 2 Whats 1-out-of-2 Signature Mirosaw Kutyowski 1 and Jun

1-out-of-2 Signature Jun Shao 2 Whats 1-out-of-2 Signature Mirosaw Kutyowski 1 and Jun

1-out-of-2 Signature Mirosaw Kutyowski 1 and 1-out-of-2 Signature Jun Shao 2 Whats 1-out-of-2 Signature Mirosaw Kutyowski 1 and Jun Shao 2 Definitions of 1-out-of-2 signature 1 Institute of Mathematics and Computer Science Our

489 views • 34 slides
Chairs signature Mrs E Surtees Heads signature Mr M Tipple-Johnson

Chairs signature Mrs E Surtees Heads signature Mr M Tipple-Johnson

Presentation & Handwriting Policy Chairs signature Mrs E Surtees Heads signature Mr M Tipple-Johnson Date 24 th January 2018 Review date Jan 2020 1 Presentation 1 Book covers should indicate:

52 views • 4 slides
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is unalterable. 5. Signature cannot be

244 views • 21 slides
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is unalterable. 5. Signature cannot be

478 views • 24 slides
Digital Signature And Hash Function

Digital Signature And Hash Function

Digital Signature And Hash Function 1 Electronic Signature Electronic Signature El Electronic Signature t i Si t Digital Signature Biometric Signature

894 views • 52 slides
Week 07 Lectures Signature-based Selection Indexing with Signatures 2/103 Signature-based

Week 07 Lectures Signature-based Selection Indexing with Signatures 2/103 Signature-based

Week 07 Lectures Signature-based Selection Indexing with Signatures 2/103 Signature-based indexing: designed for pmr queries (conjunction of equalities) does not try to achieve better than O(n) performance attempts to provide an

859 views • 27 slides
2 Mission Impact Framework Signature Outcomes YWCA USA and member associations work to achieve

2 Mission Impact Framework Signature Outcomes YWCA USA and member associations work to achieve

2 Mission Impact Framework Signature Outcomes YWCA USA and member associations work to achieve signature metrics for each signature platform over a period of years. 3 Vision for Quality, Affordable Early Learning Strength, confidence,

291 views • 18 slides
Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse) Detection Intrusion Detection Host-based Network-based Boriana Ditcheva and Lisa Fowler Active/Passive University of North Carolina at

401 views • 12 slides
Signature Alfresco Kitchen November 2019 Signature Alfresco Kitchen The ultimate in outdoor

Signature Alfresco Kitchen November 2019 Signature Alfresco Kitchen The ultimate in outdoor

Signature Alfresco Kitchen November 2019 Signature Alfresco Kitchen The ultimate in outdoor entertaining. Signatures alfresco kitchen range is a spacious, high quality outdoor cooking and preparation space. Designed for our BBQs to perform at

452 views • 10 slides
40 th & Colorado Next Steps Study Community Workshop December 17, 2015 Purpose of Meeting:

40 th & Colorado Next Steps Study Community Workshop December 17, 2015 Purpose of Meeting:

40 th & Colorado Next Steps Study Community Workshop December 17, 2015 Purpose of Meeting: 1 - Project Overview and Schedule 2 Discuss connectivity conditions today and better understand community needs What is a Next Steps

663 views • 32 slides
A New RSA-Based Signature Scheme Sven Sch age, J org Schwenk Horst G ortz Institute for

A New RSA-Based Signature Scheme Sven Sch age, J org Schwenk Horst G ortz Institute for

A New RSA-Based Signature Scheme Sven Sch age, J org Schwenk Horst G ortz Institute for IT-Security Africacrypt 2010 1 / 13 RSA-Based Signature Schemes Na ve RSA signature scheme not secure under the standard definition of

647 views • 51 slides
DUNE FD Calibration workshop: Summary, additional thoughts & Next steps Sowjanya Gollapinni

DUNE FD Calibration workshop: Summary, additional thoughts & Next steps Sowjanya Gollapinni

DUNE FD Calibration workshop: Summary, additional thoughts & Next steps Sowjanya Gollapinni (UTK) Kendall Mahn (MSU) DUNE Calibration Workshop March 16, 2018 Calibration Strategy: Collaboration Process Timeline 2 Workshop Goals/Format

523 views • 28 slides
Tie 9-Steps to Disaster Recovery: How to Become Betuer Prepared for the Next Event Alessandra

Tie 9-Steps to Disaster Recovery: How to Become Betuer Prepared for the Next Event Alessandra

University of New Orleans ScholarWorks@UNO DRU Workshop 2013 Presentations Disaster Resistant University Workshop: Linking Mitigation Conferences and Workshops and Resilience 3-1-2013 Tie 9-Steps to Disaster Recovery: How to Become

658 views • 42 slides
Signature Aviation 2020 Interim Results Mark Johnstone (CEO) David Crook (FD) Signature

Signature Aviation 2020 Interim Results Mark Johnstone (CEO) David Crook (FD) Signature

Signature Aviation 2019 Interim Results Signature Aviation 2020 Interim Results Mark Johnstone (CEO) David Crook (FD) Signature Aviation 2020 Interim Results Summary Signatures US market has recovered strongly to be down 19% in

343 views • 31 slides
Signature Aviation 2019 Final Results Mark Johnstone (CEO) David Crook (FD) Signature Aviation

Signature Aviation 2019 Final Results Mark Johnstone (CEO) David Crook (FD) Signature Aviation

Signature Aviation 2019 Interim Results Signature Aviation 2019 Final Results Mark Johnstone (CEO) David Crook (FD) Signature Aviation 2019 Final Results 2019 Transformational Year Ontic disposal $1bn of capital returned to

692 views • 39 slides
Day 4: HPSG approaches to information structure The signature of an HPSG grammar The signature

Day 4: HPSG approaches to information structure The signature of an HPSG grammar The signature

Day 4: HPSG approaches to information structure The signature of an HPSG grammar The signature HPSG in a nutshell defines the ontology (declaration of what exists): Approaches to information structure: which kind of objects

641 views • 18 slides
CES-MED Workshop Technical Steps for the Preparation of SECAPs - Training of Trainers THE

CES-MED Workshop Technical Steps for the Preparation of SECAPs - Training of Trainers THE

CLEANER ENERGY SAVING MEDITERRANEAN CITIES EuropeAid/132630/C/SER/MultiR/MULTI This project is funded by the European Union CES-MED Workshop Technical Steps for the Preparation of SECAPs - Training of Trainers THE RESULTS ACHIEVED AND

476 views • 19 slides
3-509

3-509

3-509 liuzhen@sjtu.edu.cn 1 Digital Signature Hash Function Message Authentication Code 2 Digital Signature There is an electronic document to be sent

738 views • 24 slides

More recommend