1、 ETSI TR 102 047 V1.2.1 (2005-03)Technical Report International Harmonizationof Electronic Signature FormatsETSI ETSI TR 102 047 V1.2.1 (2005-03) 2 Reference RTR/ESI-000028 Keywords e-commerce, electronic signature, digital, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANC
2、E Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be
3、made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version
4、kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If y
5、ou find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reprod
6、uction in all media. European Telecommunications Standards Institute 2005. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Memb
7、ers. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 047 V1.2.1 (2005-03) 3 Contents Intellectual Property Rights4 Foreword.4 1 Scope 5 2 References 5 3 Definitions and abbreviations.5 3.1 Definitions5 3.2 Abbreviatio
8、ns .5 4 Objective 6 5 International basis of European electronic signature formats 6 5.1 TS 101 733 and IETF RFC 26306 5.2 TS 101 903 and W3C XML signatures 6 6 Further harmonization activities.7 6.1 IETF RFC 31267 6.2 W3C Note and joint working group .7 6.3 OASIS Digital Signature Services (DSS).7
9、7 Recommendations 9 Annex A: Further technical details of OASIS DSS.10 A.1 OASIS DSS Core Protocol.10 A.2 OASIS DSS XAdES-related protocols.10 History 12 ETSI ETSI TR 102 047 V1.2.1 (2005-03) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been
10、 declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“,
11、which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs
12、 not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). ETSI ETSI TR 102 047 V
13、1.2.1 (2005-03) 5 1 Scope The present document presents the results of ongoing work to harmonize existing ETSI technical specifications on electronic signature formats (TS 101 733 1 and TS 101 903 2) with other internationally recognized standards and related activities. The aim of the present docum
14、ent is to identify the way forward to meet the requirements of Directive 1999/93/EC 4 for advanced electronic signatures in a manner which maximizes international interoperability. 2 References For the purposes of this Technical Report (TR) the following references apply: 1 ETSI TS 101 733: “Electro
15、nic Signatures and Infrastructures (ESI) ; Electronic Signature Formats“. 2 ETSI TS 101 903: “XML Advanced Electronic Signatures (XAdES)“. 3 IETF RFC 3369: “Cryptographic Message Syntax“. 4 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framewor
16、k for electronic signatures. 5 W3C Recommendation/IETF RFC 3275: “XML-Signature Syntax and Processing“. 6 IETF RFC 3126: “Electronic Signature Formats for long term electronic signatures“. NOTE: Equivalent to TS 101 733. 7 W3C Note: “XML Advanced Electronic Signatures (XAdES)“. NOTE 1: See. http:/ww
17、w.w3.org/TR/2003/NOTE-XAdES-20030220/. NOTE 2: Equivalent to TS 101 903. 8 oasis-dss-1.0-core-spec-cd-02: “Digital Signature Service Core Protocols, Elements, and Bindings“. 9 ETSI TR 102 047: “International Harmonization of Electronic Signature Formats“. 3 Definitions and abbreviations 3.1 Definiti
18、ons For the purposes of the present document, the terms and definitions given in TS 101 733 1 and TS 101 903 2 apply. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: ASN.1 Abstract Syntax Notation (number) 1 CMS Cryptographic Message Syntax CRL Certific
19、ate Revocation List DSS Digital Signature ServicesDSS-TC Digital Signature Services Technical Committee DTD Document Type Definition EPM Electronic Post Mark ETSI ETSI TR 102 047 V1.2.1 (2005-03) 6 IETF Internet Engineering Task Force OASIS Organization for the Advancement of Structured Information
20、Standards OCSP Online Certificate Status Provider TC Technical Committee URI Uniform Resource Identifier W3C World Wide Web Consortium XAdES XML Advanced Electronic Signatures XML eXtended Markup Language XMLDSIG XML-Signature Syntax and Processing 4 Objective The major objective of international ha
21、rmonization on electronic signature formats is to maximize interoperability between electronic signatures in line with European electronic signature Directive 1999/93/EC 4 and other electronic signature systems. 5 International basis of European electronic signature formats Recognizing the need to e
22、nsure that European electronic signatures are internationally harmonized the technical specifications developed in ETSI are based on existing internationally recognized standards as described in clause 5.1. 5.1 TS 101 733 and IETF RFC 2630 IETF has specified a format for electronic signatures using
23、the ASN.1 abstract syntax (RFC 3369 3). This format defines the basic components for any electronic signature based on this syntax. It also presents mechanisms for incorporating additional information as required by the environment. TS 101 733 1: Defines ASN.1 types for the additional attributes tha
24、t have to be present in an electronic signature to remain valid over long periods, to satisfy common use cases requirements, and to be compliant with the European Directive. Proposes different advanced electronic signatures forms that satisfy the aforementioned requirements, based on the types defin
25、ed. Presents an exhaustive rationale on each of the different new types. TS 101 733 1 specifies ASN.1 structures that can be added to the basic CMS signature, namely: indication of signing time, different time-stamps, indication of commitment gotten by the signer, indication of the signature place,
26、identifier of a signature policy, indication of the signer role, countersignatures of a signature, and validation data, including references to certificates, CRLs or OCSP responses, or their corresponding values. A new version of TS 101 733 1 has been published in December 2003 taking into account e
27、xternal comments raised to ESI. 5.2 TS 101 903 and W3C XML signatures W3C/IETF has specified a format for XML Signature Syntax and Processing (XMLDSIG). This format specifies the basic components of an XML electronic signature and defines mechanisms for incorporating additional information to the si
28、gnature itself. TS 101 903 2 XML Advanced Electronic Signatures (XAdES) was born as the counterpart of TS 101 733 1 for XML. Specifically, TS 101 903 2: Shows a taxonomy of the additional elements (properties) that have to be present in an electronic signature to remain valid over long periods, to s
29、atisfy common use cases requirements, and to be compliant with the European Directive. ETSI ETSI TR 102 047 V1.2.1 (2005-03) 7 Specifies XML schema definitions for new elements able to carry or to refer to the aforementioned properties. Specifies two ways for incorporating the qualifying information
30、 to XMLDSIG, namely either by direct incorporation of the qualifying information or using references to such information. Both ways make use of mechanisms defined in XMLDSIG. Proposes specific XML Advanced Electronic signatures that satisfy the aforementioned requirements by combining the defined el
31、ements. As its ASN.1 counterpart, TS 101 903 2 define XML structures able to contain similar information to that mentioned in clause 5.1. TS 101 903 2 has been reviewed in the light of external comments and the first XAdES interoperability event organized by ETSI. The new version of TS 101 903 2 was
32、 publish in first half of 2004. 6 Further harmonization activities 6.1 IETF RFC 3126 Members of the ETSI TC ESI have fed the TS 101 733 1 into the Internet Engineering Task Force (IETF) as an informational specification which is technically identical to TS 101 733 1. This has resulted in the work of
33、 ETSI being visible internationally and has resulting in the use of the same technique outside Europe, maximizing international interoperability. Recently, TS 101 733 1 has been updated to address a number of issues coming from different external sources in implementing the earlier version. Text for
34、 an Internet Draft to replace RFC 3126 6 in line with the new version TS 101 733 1 has been produced. However, at the time the present document was produced progress of this Internet Draft has been halted pending resolution of IPR issues following changes in the IETF IPR rules. 6.2 W3C Note and join
35、t working group Once the TS 101 903 2 was issued, a W3C Note 7 was produced as a way of attracting the attention of agents outside Europe. Currently, more and more implementations of XAdES are becoming known. The ETSI TC ESI has updated TS 101 903 2 with comments coming from different sources includ
36、ing standardization organizations outside Europe, implementers, etc. Discussions have been held with W3C concerning updating the existing W3C as well as other activities on XML signatures. As a result it has been proposed that W3C and ETSI set up a joint activity on XML signatures to work together o
37、n advanced XML signatures. 6.3 OASIS Digital Signature Services (DSS) In 2002 OASIS (Organization for the Advancement of Structured Information Standards), set up the Digital Signature Services Technical Committee (DSS-TC). The mandate of the DSS-TC is the development of techniques to support the pr
38、ocessing of digital signatures. This mandate includes defining an interface for requesting that a web service produce and/or verify a digital signature on a given piece of data and techniques for proving that a signature was created within its key validity period. The TC is developing: A protocol fo
39、r a digital signature creation web service. Providing digital signatures via such a web service facilitates policy-based control of the provision of the signatures. A digital signature verification web service that can verify signatures in relation to a given policy set. An XML-based protocol to pro
40、duce cryptographic time-stamps that can be used for determining whether or not a signature was created within the associated keys validity period or before revocation. The TC will also develop an XML format for cryptographic time-stamps. ETSI ETSI TR 102 047 V1.2.1 (2005-03) 8 A set of profiles of t
41、he aforementioned protocols. These profiles will define specific uses of the general protocols to address specific applications. The DSS specifications consist of a specification which defines the Core Protocol, elements and bindings, including protocols for creation and verification of signatures a
42、nd an XML structure for time-stamps. A number of profiles have been defined which selects options within the Core and adds additional elements necessary to support particular use cases. Profiles have been drafted for: Time-stamping services; Asynchronous operation; Code signing; Entity seal; Electro
43、nic Post Mark (EPM); German signature law; Policy wise operation; XML Advanced Electronic Signature (XAdES) (as in TS 101 903 2). The TC has close to agreeing a set of Committee Drafts for the DSS Core Protocol and the above profiles. Profiles are also being developed or are planned for: Signature g
44、ateway; Court filing; Electronic notaries; Web security services. The use of the OASIS time-stamping protocol profile and XML token format is being incorporated within the ANSI standard X9.95 for “Trusted Time Stamp Management and Security“. XAdES profile supports the creation and validation of sign
45、atures as in TS 101 903 2. This profile defines a protocol able to cover the lifecycle of a XAdES signature. This means that it will provide with operations for: Requesting the creation of a XAdES signature, and responding to this request. Requesting the validation of the formerly created XAdES sign
46、ature, and responding to this request, which can include the incorporation of validation data to the signature (time-stamp on the signature, references to certificates, CRLs, etc.). Requesting incorporation of additional properties for getting archival forms of XAdES, and responding to these request
47、s. Requesting re-validation for arbitration purposes, and responding to these requests. In addition, up to two other identified profiles (EPM and German signature profile) have shown certain overlap with XAdES profile such as are using time-stamping for archival, as they incorporate in their scenari
48、os the usage of certain XAdES forms and/or properties. Having agreed the Committee Drafts, it is planned to produce trial implementations to test interoperability before the documents are formally put out for public review and progression to an OASIS standard. Two members of the ETSI TC ESI joined t
49、his TC since its birth. Currently both of them share the responsibility of co-chairing the TC and leading the works of XAdES profiling group. Further technical information about DSS is provided in annex A. ETSI ETSI TR 102 047 V1.2.1 (2005-03) 9 7 Recommendations The ETSI specifications on electronic signature formats (TS 101 733 1 and TS 101 903 2) are very closely harmonized with other similar international standardization. The specifications were b
