The Cross Matrix for Existing Profiles shall serve two purposes:

  1. It shall document the minimized overlap, maximized coverage provided by the profiles and the core
  2. Instruct the reader with regard to dependencies and possibly conflicts when profiling the core

This together should wind up quite usefull.

As a proposed first start, each editor of the existing profiles is kindly asked, to provide a list of necessary includes for employing her profile in any proposed way, i.e. if there are multiple conformance levels, what dependencies must be fullfilled to implement the corresponding level and what if applicable should be avoided.

Details on Profiles

This section provides relevant details for each profile in terms of relationship with other profiles.

Comprehensive Multi-signature Verification Reports Profile details



Visible Signature Profile details


-- in work...
This section summarizes the most relevant features of both signing and verifying protocols of Visible Signature profile.
For each protocol, the sub-sections below will identify those DSS and DSS-X profiles that could be used in conjunction with Visible Signature profile's protocols for achieving more powerful features.

Signing Protocol

Overview section of Visible Signature profile summarizes the features of Visible Signature profile signing protocol as follows:

* SignRequest. This operation supports requests for:

* SignResponse. This operation supports delivery of:


The table below provides information on the interaction of Signature Profile with other DSS and DSS-X profiles. In this table the following prefixes are used:

Visible Signature Profile

AdES
profile

Usage

The Visible Signature and AdES profiles may be jointly used in a <SignRequest> element by including the following two <AdditionalProfile> elements in any order:
* <AdditionalProfile type="urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#"> <!-- This is for indicating application of AdES Profile -->
* <AdditionalProfile type="urn:oasis:names:tc:dssx:1.0:profiles:VisibleSignatures:schema# <!-- This is for indicating application of Visible Signature profile -->

Use case

Request to the server the generation of any form of Advanced Signature in conjunction with a Visible Signature may direct the server to include visible elements that are defined as part of the advanced signature profile (such as signer role). Many of the elements in the Advanced Signature profile are not listed to be included in the produced visible signature.

Verifying Protocol



* VerifyRequest. This operation supports requests for:

* VerifyResponse. This operation supports delivery of:


The table below provides information on the interaction of Signature Profile with other DSS and DSS-X profiles. In this table the following prefixes are used:

Visible Signature Profile

AdES
profile

Usage

The Visible Signature and AdES profiles may be jointly used in a <VerifyRequest> element by including the following two <AdditionalProfile> elements in any order:
* <AdditionalProfile type="urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#"> <!-- This is for indicating application of AdES Profile -->
* <AdditionalProfile type="urn:oasis:names:tc:dssx:1.0:profiles:VisibleSignatures:schema# <!-- This is for indicating application of Visible Signature profile -->

Use case

Request to the server the verification of any form of Advanced Signature in conjunction with a Visible Signature may direct the server to include visible indications into the visible signature according to the information and the conformaty level of the advanced signature. The existing Visible Signature profile only include signature validation status as well as signing certificate status.

Comprehensive Signature
Verification Report Profile
(CSVR)

Usage

The Visible Signature and MultVer profiles may be jointly used in a <VerifyRequest> element by including the following two <AdditionalProfile> elements in any order:
* <AdditionalProfile type="urn:oasis:names:tc:dss:1.0:profiles:verificationreport:schema#"> <!-- This is for indicating application of MultVer Profile -->
* <AdditionalProfile type="urn:oasis:names:tc:dssx:1.0:profiles:VisibleSignatures:schema#{{{ <!-- This is for indicating application of Visible Signature profile

Use case

Request to the server to produce a verification report may be done upon documents that may include one or more digital signature with thier related visible signatures. The report can include an indication that there exits a related visible signature to the digital signature as well as other characterstics such as a field-id of the visible signature. We may consider including other information in the multiple signature verification profile such as location of the signature field in the document, reason for signing and other elements.

-- in work...

AdES Profile details

This section summarizes the most relevant features of both signing and verifying protocols of AdES profile.
For each protocol, the sub-sections below will identify those DSS and DSS-X profiles that could be used in conjunction with AdES protocols for achieving more powerful features.

Signing Protocol

Overview section of AdES profile summarizes the features of AdES Profile signing protocol as follows:

* SignRequest. This operation supports requests for:

* SignResponse. This operation supports delivery of:


The table below provides information on the interaction of AdES Profile with other DSS and DSS-X profiles. In this table the following prefixes are used:

AdES Profile (AdES)

Signature Policy
Profile (SP)

Usage

SP and AdES profiles may be jointly used in a <SignRequest> or a <VerifyRequest> element by including the following two <AdditionalProfile> elements in any order:
* <AdditionalProfile type="urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#"> <!-- This is for indicating application of AdES Profile -->
* <AdditionalProfile type="urn:oasis:names:tc:dss-x:1.0:profiles:SignaturePolicy:schema#">  <!-- This is for indicating application of Signature Policy Profile -->

Use case

Request to the server the generation of any form of AdES signature (-EPES to -A) with the following indications:
1. Requesting to generate the signature following a certain Signature Policy (the requester may, additionally pass the location of the electronic document where the server may find the Signaure Policy itself, and also pass its digest as a sanity check).
2. Requesting the inclusion of a certain number of additional AdES signed properties.

Elements in AdES
and SP Profiles
in the same <dss:SignRequest>

1. <dssades:SignatureType> indicates whether a XAdES or a CAdES signature is requested.
2. <dssades:SignatureForm> indicates the AdES form (any but -BES)
3. Additional signed properties may be requested as indicated in the AdES profile.
4. <dsssigpol:GenerateUnderSignaturePolicy> will instruct the server to generate that XAdES or CAdES form with the signed properties UNDER the indicated signature policy.
5. <dsssigpol:ReturnSupportedSignaturePolicies> will instruct the server to return the list of the supported Signature Policies.

Expected Response
by the Server

The server must return a <dss:SignResponse> including a XAdES or CAdES signature, within a <dss:SignatureObject> or enveloped in a document (e.g. a XML document enveloping a XAdES signature). If the signature is a XAdES signature, it will include a <xades:SignaturePolicyIdentifier> signed property. If it is a CAdES signature, it will include the Signature-policy-identifier signed attribute.
The server must return the list of supported Signature Policies in the <dsssigpol:SupportedSignaturePolicies> optional output.
The server may also return an indication of the Signature Policy used in the <dsssigpol:UsedSignaturePolicy> optional output.

Notes

Use case

Here a use case for verification protocols of AdES and SP Profiles.

Elements in AdES
and SP Profiles
in the same <SignRequest>

Here discusion on elements in AdES and SP Profiles

Expected Response
by the Server

Here details on response by the server

Notes

Here additional notes

Comprehensive Signature
Verification Report Profile
(CSVR)

Usage

CSVR and AdES profiles may be jointly used ONLY in a <VerifyRequest> element by including the following two <AdditionalProfile> elements in any order:
* <AdditionalProfile type="urn:oasis:names:tc:dss:1.0:profiles:AdES:schema#"> <!-- This is for indicating application of AdES Profile -->
* <AdditionalProfile type="urn:oasis:names:tc:dss:1.0:profiles:verificationreport"> <!-- This is for indicating application of Comprehensive Signature Verification Report Profile -->

Use case

Request to the server the verification of a document signed with one or more AdES signatures and request that the server issues for each found AdES signature a report of its corresponding verification process, with a certain degree of details, according to the CSVR profile.

Elements in AdES
and CSVR Profiles
in the same <SignRequest>

Here discusion on elements in AdES and CSVR Profiles

Expected Response
by the Server

Here details on response by the server

Notes

Here additional notes

NOTE FROM JC: The idea would be that the tables develop, for each other profile, a number of Use Cases for both signing and verifying protocols, showing:

1. how to use in the same SignRequest the two profiles.

2. What things may be done using the two profiles (use cases)

3. How these things may be achieved (identify relevant elements in both profiles that provide a compound feature).

3. What responses do we get.

Should you think that there are more things to comment, please let me know.

END NOTE JC

TABLE TEMPLATE:

[Your Profile Name] Profile ([Your Profile Achronym])

[Profile A Name]
Profile [(Profile A Acronym)]

Usage

[Here explanations on how to make that two profiles work together]

Use case

[Here description of Use Case 1 for interaction with Profile A, including what profiles elements will do what ]

Elements in [Your Profile]
and [Profile A] Profiles
in the same [Here <SignRequest> or <VerifyRequest>]

[Here discusion on elements in Your Profile and Profile A Profiles]

Expected Response
by the Server

[Here details on respone]

Notes

Use case

[Here Use Case 2 for interaction with Profile A]

Elements in [Your Profile]
and [Profile A] Profiles
in the same [Here <SignRequest> or <VerifyRequest>]

[Here discusion on elements in Your Profile and Profile A Profiles]

Expected Response
by the Server

[Here details on response by the server]

Notes

Here additional notes

[Profile B Name]
Profile [(Profile B Acronym)]

Usage

[Here the usage for interaction of Your Profile and Profile B]

Use case

[Here description of Use Case 1 for interaction with Profile B, including what profiles elements will do what ]

Elements in [Your Profile]
and [Profile B] Profiles
in the same [<SignRequest> or <VerifyRequest>]

[Here discusion on elements in Your Profile and Profile B Profiles in <SignRequest> or <VerifyRequest>] ]

Expected Response
by the Server

[Here details on response by the server]

Notes

[Here additional notes]

Verifying Protocol

Overview section of AdES profile summarizes the features of AdES Profile verifying protocol as follows:

* VerifyRequest. This operation supports requests for:

* VerifyResponse. This operation supports delivery of:


Signature Policy Profile details



OASIS ebXML Messaging Transport Binding Profile details



Encryption Profile details



Code-signing Profile details



DSS J2ME Code-signing Profile details



DSS J2SE Signing Profile details



Asynchronous Profile details



DSS Signature Gateway Profile details



DSS EPM Profile details



DSS Time-stamp Profile details



DSS Entity Seal Profile details



DSS Signature Gateway Profile details



CrossMatrix (last edited 2010-01-18 17:01:50 by cruellas)