OASIS Digital Signature Services eXtended (DSS-X) TC

 View Only

OASIS-dss-x@ConnectedCommunity.org

Contacts

Chair: Andreas Kuehne
kuehne@trustable.de

Chair: Stefan Hagen
stefan@hagen.link

OASIS Staff Contact: Kelly Cullinane

kelly.cullinane@oasis-open.org

Charter

The charter for the DSS-X TC will be posted to http://www.oasis-open.org/committees/dss-x/charter.php, and can be found in the original Call for Participation.
Statements regarding IPR related to the work of this TC will be posted to http://www.oasis-open.org/committees/dss-x/ipr.php.

Description

Advancing digital signature services standards

Group Notes

Table of Contents


Announcements



  • Security Notice: CVE-2020-13101 - The DSS core 1.0 became OASIS standard in 2007. It defines an interface for signature creation and validation for different signature formats and supports multiple variants to transport the documents to be signed or verified. The combination of InlineXML-option (XML-payload within the DSS transport document) and a specially crafted XMLDSig allows an attacker to circumvent the non-repudiation property of the signature. The details regarding this problem are explained in detail in a short (presentation). The recommended mitigation is to move to DSS-X core 2.0. Alternatively, deny the use of the InlineXML option.

  • Digital Signature Service Core Protocols, Elements, and Bindings v2.0 and Digital Signature Service Metadata v1.0 are approved as Committee Specification 02. See the announcement for details.

  • Digital Signature Service Core Protocols, Elements, and Bindings v2.0 Committee Specification Public Review Draft 03 (CSPRD03) and Digital Signature Service Metadata v1.0 CSPRD02 are for public review and comment through October 21st. See the announcement for details.


Overview

The DSS-X TC is developing new profiles of the existing OASIS Digital Signature Services core protocol "Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0" and is maintaining this specification and its existing profiles. If at a later date it becomes clear that a new version of DSS is necessary then this may be produced by the TC.

DSS-X is also working on promotion of the standard and the creation of material helping dissemination. In general terms, the TC has the goal to facilitate the processing of digital signatures and time stamps in a client server environment.

The DSS-X TC is a member of the IDtrust Member Section.

For more information, see the TC Charter and FAQ


Technical Work Produced by the Committee


Existing DSS Specifications

The existing DSS specifications are available through the DSS TC home page


Committee Specifications

Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0 CS02 (Approved 11 December 2019): PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.

Digital Signature Service Metadata Version 1.0 CS02 (Approved 11 December 2019>: PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.

Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0 CS01 (Approved 04 July 2019): PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.

Digital Signature Service Metadata Version 1.0 (Approved 04 July 2019>: PDF, HTML, Editable source, JSON and XML schema, Distribution ZIP package.

OASIS DSS Extension for Local Signature Computation Version 1.0 CS02 (Approved 06 March 2017): PDF, HTML, Editable Source (DocBook). XML schema.

OASIS DSS Extension for Local Signature Computation Version 1.0 (Approved since 27 July 2015): PDF, HTML (Authoritative), Editable Source (DocBook).


OASIS ebXML Messaging Transport Binding for Digital Signature Services Version 1.0 (Approved since 08 November 2008): PDF, HTML, Editable Source.


OASIS DSS v1.0 Profile for Comprehensive Multi-Signature Verification Reports Version 1.0 (Approved since 11 November 2010): PDF (Authoritative), HTML, Editable Source; Schema in W3C XSD.


Visible Signature Profile of the OASIS Digital Signature Services Version 1.0 (Approved since 08 May 2009): PDF, HTML, Editable Source; Schema in W3C XSD.


Public Drafts


Signature Policy Profile (the public review started 15 June 2009, and ended 14 August 2009): PDF, HTML, Editable Source; Schema in W3C XSD.


Interoperability Testing

The OASIS DSS TC carried out a set of interoperability tests for assessing the worthiness of the specifications being developed, and the feasibility of easily getting interoperable implementations from them. A document has been produced that defines and describes a number of relevant test cases for the specifications. Its contents may benefit implementors of the DSS specifications.

Latest version of the aforementioned document may be found at:

http://www.oasis-open.org/committees/download.php/20508/oasis-dss-1.0-interop-wd-07.doc.

Members of the DSS TC, which have developed independent implementations of the specifications, have successfully participated in these interoperability tests.

Wiki for OASIS DSS-X TC member collaboration

dss-x-spec TC GitHub: Repository for development of the draft standard, where the schema files and the prose annotations are mixed via continuous integration into the resulting prose work product.

dss-x-openapi TC GitHub: Repository to support development of OpenAPI conforming schema equivalents of the Digital Signature Service schema family.


Expository Work Produced by the Committee

A presentation on Digital Signatures and e-Identity (Getting the best out of DSS / DSS-X services.), as presented on the EEMA-Event London, in 2009 is available here:
EEMA-Event 2009 presentation [PPT]

A presentation on DSS-X and ETSI ESI committees activities and their relationships, as presented on the IDTrust-Workshop Barcelona, in October 2007 is available here:
IDTrust 2007 Workshop presentation

A presentation on DSS given in July 2007 is available here:
DSS Presentation


External Resources

Although not produced by the OASIS DSS TC, the following information offers useful insights into its work.



idtrust.xml.org logo


IDtrust XML.org is a community-driven site hosted by OASIS that provides reliable background information on the standard. The site also serves as a community bulletin board and directory where readers post news, ideas, opinions, and recommendations. It incorporates wiki functionality to let users edit and add new pages to the site. The public is encouraged to contribute content.

A paper submitted to the EEMA ISSE 2006 conference describing DSS is available (courtesy of EEMA)

EEMA ISSE paper on DSS
.


Mailing Lists and Comments

dss-x: the list used by TC members to conduct Committee work. TC membership required to post. TC members are automatically subscribed; the public may view archives.

dss-x-comment: a public mail list for providing input to the OASIS dss-x Technical Committee members. Send a comment or view archives.

dss-dev: an unmoderated, public mail list that provides an open forum for developers to exchange ideas and information on implementing the DSS OASIS Standard. Subscribe or view archives.*

*To minimize spam, you must subscribe to these lists before posting.



Public Resources

Announcements

Log in to see this information

Either the content you're seeking doesn't exist or it requires proper authentication before viewing.