1、 ETSI SR 003 186 V2.1.1 (2016-04) Electronic Signatures and Infrastructures (ESI) Testing interoperability and conformity activities to be run during the implementation and promotion of the framework of digital signatures SPECIAL REPORT ETSI ETSI SR 003 186 V2.1.1 (2016-04) 2 Reference RSR/ESI-00031
2、86v211 Keywords conformance, e-commerce, electronic signature, interoperability, security, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-
3、Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall no
4、t be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secre
5、tariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document,
6、please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written
7、permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMa
8、nd the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI S
9、R 003 186 V2.1.1 (2016-04) 3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 9g33.1 Definitions 9g33.2 Abbreviations . 9g34 Technical Approach an
10、d Methodology for Conformance and Interoperability testing 10g34.1 Introduction to conformance and interoperability testing . 10g34.2 Gathering inputs . 10g34.3 Standards to be targeted by testing events and criteria to identify them. 11g34.4 Criteria to identify the scope of testing events . 11g34.
11、5 Rules to identify priorities in the testing event scheduling . 12g35 Standards targeted for Testing and Testing Specifications 12g35.0 Introduction 12g35.1 Identification of standards that benefit from Conformance and Interoperability Testing events . 12g35.2 List of Technical Specifications for T
12、esting Conformance and Interoperability 13g35.2.0 Introduction. 13g35.2.1 CAdES Testing Conformance and Interoperability 13g35.2.2 XAdES Testing Conformance and Interoperability 14g35.2.3 PAdES Testing Conformance and Interoperability. 14g35.2.4 ASiC Testing Conformance and Interoperability . 14g35.
13、2.5 Testing Conformance of Trusted Lists 15g36 Planning of identified activities 15g36.1 Proposed scheduling and scoping of testing events 15g36.2 Planning for the production of Technical Specifications for Testing Conformance and Interoperability 16g36.2.0 Introduction. 16g36.2.1 Deliverable D1: St
14、able Draft for TB Review (SPR) . 16g36.2.2 Deliverables D2: Final Draft for approval (FTB) . 18g36.2.3 Deliverables D3: Publication (PTS) 18g36.3 Production plan for conformity testing tools development 19g3Annex A: History of ETSI/ESI Plugtests . 20g3A.1 AdES Signature Plugtests . 20g3A.2 TSL Plugt
15、ests and Conformance tools . 21g3Annex B: ETSI/ESI Plugtests . 22g3B.1 Plugtest Portal 22g3B.1.0 Introduction 22g3B.1.1 Public part of the portal 22g3B.1.2 Private part of the portal . 23g3B.1.2.0 Introduction. 23g3B.1.2.1 Contents of Common area of Private part . 24g3B.1.2.1.1 Conducting Plugtests
16、information pages . 24g3B.1.2.1.2 Cryptographic material pages 24g3B.1.2.1.3 Online PKI-related services pages 25g3B.1.2.1.4 Attribute certificate issuance page 25g3B.1.2.2 Contents of Signatures Interop Specific areas of Private part . 25g3B.1.2.2.0 Introduction . 25g3ETSI ETSI SR 003 186 V2.1.1 (2
17、016-04) 4 B.1.2.2.1 Test Cases Definition Language . 25g3B.1.2.2.2 Test Cases pages . 25g3B.1.2.2.3 Individual verification reports . 26g3B.1.2.2.4 Upload pages . 26g3B.1.2.2.5 Download pages 26g3B.1.2.2.6 Test data directory pages . 26g3B.2 Conducting ETSI/ESI Plugtests . 26g3B.2.1 Introduction 26g
18、3B.2.2 Generation and Cross-verification 27g3B.2.3 Only Verification 28g3B.2.4 Upgrade and Arbitration test 28g3Annex C: Bibliography 30g3History 31g3ETSI ETSI SR 003 186 V2.1.1 (2016-04) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been dec
19、lared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, whic
20、h is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in
21、 ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Special Report (SR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). Modal verbs terminology In the present doc
22、ument “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except
23、 when used in direct citation. ETSI ETSI SR 003 186 V2.1.1 (2016-04) 6 1 Scope The present document details a proposal for ETSI activities related to testing conformance and interoperability performed in parallel with the building up and promotion of the Rationalized Framework for Electronic Signatu
24、re Standardization ETSI TR 119 000 i.1. The critical deliverables, European Standards and Technical Specifications, of the Framework i.1 that are in preparation at the time of publication of the present document and whose development, adoption and deployment would largely benefit from the organizati
25、on of testing events are identified together with the required conformity testing tools. An appropriate scheduling of events for testing interoperability and conformance is proposed, to help ensure that a reasonable amount of implementations are available in the market for being tested and that thes
26、e tests may actually impact in due time the standardization process, allowing to fix any problem (interoperability, ambiguity, etc.) present in the deliverables under development that are identified during these events. Finally, a scheduling of conformity testing tools development and deployment is
27、defined, including also recommendations about when and how they will be made available to the community. The present document covers the period from Q4 2015 to Q4 2016, schedule for previous events is available in the previous version of the present document. 2 References 2.1 Normative references Re
28、ferences are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced
29、 documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced docum
30、ents are necessary for the application of the present document. Not applicable. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-spec
31、ific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the ap
32、plication of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 119 000: “Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview“. i.2 CEN CWA 16408: “Testing Framework for Global eBusiness Interoper
33、ability Test Beds (GITB)“, February 2012. NOTE: Available at: ftp:/ftp.cen.eu/CEN/Sectors/List/ICT/CWAs/CWA_16408.pdf. i.3 OASIS Standard: “Test Assertions Model Version 1.0“. NOTE: Available at: http:/docs.oasis-open.org/tag/model/v1.0/testassertionsmodel-1.0.pdf. ETSI ETSI SR 003 186 V2.1.1 (2016-
34、04) 7 i.4 Commission Decision 2011/130/EU of 25 February 2011 establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market as
35、amended. i.5 Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the points of single contact under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market. i.6 Commissio
36、n Decision 2010/425/EU of 28 July 2010 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States. i.7 ETSI TS 119 312: “Electronic Signatures and Infrastructures (ESI); Cryptograp
37、hic Suites“. i.8 ETSI TS 101 733: “Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)“. i.9 Void. i.10 ETSI TS 101 903: “Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)“. i.11 ETSI TS 103 171 (V2.1.1): “Electronic S
38、ignatures and Infrastructures (ESI); XAdES Baseline Profile“. i.12 Void. i.13 ETSI TS 102 778-2 (V1.2.1): “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic - Profile based on ISO 32000-1“. i.14 ETSI TS 102 778-3 (V1.2.1): “Electronic Si
39、gnatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles“. i.15 ETSI TS 102 778-4 (V1.1.2): “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES
40、LTV Profile“. i.16 ETSI TS 102 778-5 (V1.1.2): “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 5: PAdES for XML Content - Profiles for XAdES signatures“. i.17 Void. i.18 ETSI TS 102 918 (V1.3.1): “Electronic Signatures and Infrastructures (ESI); Ass
41、ociated Signature Containers (ASiC)“. i.19 Void. i.20 ETSI TS 119 612: “Electronic Signatures and Infrastructures (ESI); Trusted Lists“. i.21 ETSI TS 102 231: “Electronic Signatures and Infrastructures (ESI); Provision of harmonized Trust-service status information“. i.22 ETSI TS 102 853: “Electroni
42、c Signatures and Infrastructures (ESI); Signature validation procedures and policies“. i.23 ETSI EN 319 412-2: “Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons“. i.24 ETSI EN 319 412-3: “Electronic Signatur
43、es and Infrastructures (ESI); Certificate Profiles; Part 3: Certificate profile for certificates issued to legal persons“. i.25 ETSI EN 319 412-5: “Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements“. i.26 Void. i.27 Void. ETSI ETSI SR 003 186 V2.1.1 (2016-04
44、) 8 i.28 ETSI TS 119 134 (all parts): “Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signature (XAdES) Testing Compliance PDF Advanced Electronic Signature (PAdES) Testing Compliance Associated Signature Containers (ASiC) Testing Compliance Associated Signature Containers
45、(ASiC) Testing Compliance Part 2: Test Suite for ASiC interoperability test events“. i.32 IETF RFC 3161: “Internet X.509 Public Key Infrastructure Time-Stamp Protocol“. i.33 IETF RFC 3281: “An Internet Attribute Certificate Profile for Authorization“. i.34 ETSI EN 319 122-1: “Electronic Signatures a
46、nd Infrastructures (ESI); CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures“. i.35 ETSI EN 319 122-2: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures; Part 2: Extended CAdES signatures“. i.36 ETSI EN 319 132-1: “Electronic Signatures and Infra
47、structures (ESI); XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures“. i.37 ETSI EN 319 132-2: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures“. i.38 ETSI EN 319 142-1: “Electronic Signatures and Infrastructur
48、es (ESI); PAdES digital signatures; Part 1: Building blocks and PAdES baseline signatures“. i.39 ETSI EN 319 142-2: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles“. i.40 ETSI EN 319 162-1: “Electronic Signatures and Infrastruc
49、tures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers“. i.41 ETSI EN 319 162-2: “Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 2: Additional ASiC containers“. i.42 Directive 2014/24/EU of the European Parliament and of the council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC. i.43 IETF RFC 4998: “Evidence Record Syntax (ERS)“. i.44 IETF RFC 6283: “Extensible
