Wiki for consolidating preparatory work for DSS-X Interop.

Interop scope

Section for providing details on the scope. One section for the envisaged specifications (core and profiles),

Core

General

We have a first assessment plan via reverse RFC2119-Keyword mapping.

General Procedure for Identifying relevant parts

  1. Identifying the MUST, MAY, etc helps collect the conformance relevant decision nodes of a graph.

  2. Filtering for identifying things like the request/response bracketing expressions (e.g. optional parts in a request become mandatory for the response if present in the request.
  3. Take notice of identified sources of potential misunderstandings, ambiguities or sub optimal placement of requirements texts and incorporate them in the proces of the core review


Visible Signatures Profile

General

The following document provides a general scope of the interoperability testing of the Visible Signature profile. The Visible Signature profile extends the scope of the DSS core to handle visible information that relates to the digital signature act. This general scope for the 1st stage of interoperability testing will try to address a limited critical mass of functionality that will have effectiveness of interoperability tests to the profile.

General Scoping for the 1st phase

Each of the following items is defined in the Visible Signatures profile. For each items its relevant scoping will be defined:

Input Documents:

Only PDF files will be tested, other type of files will be tested on later stages.

OptionalInputs/FieldName

Fully supported according to the definitions and bounded by other parameters’ limitations.

OptionalInputs/VisibleSignaturePolicy:

The following policies or usage scenarios will be tested:

Both the SimpleWorkflowPolicy and GeneralPolicy will not be included in the testing scope.

OptionalInputs/DocumentRestrictionLevel:

This parameter will be included in the testing scope. This parameter is relevant to PDF files.

OptionalInputs/VisibleSignaturePosition:

Only the simple PixelVisibleSignaturePositionType will be part of the testing scope. The generalized GeneralVisibleSignaturePositionType will not be included in the testing scope.

OptionalInputs/VisibleSignatureItemsConfiguration:

Only the following items can be selected to be included in the visible signature.

All other information such as item positioning inside the visible signature, the font to use, or other types of items will not be included in the testing scope. The DSS service can decide to omit any of the above given data and produce the visible signature according to the service policy.

Open Questions:

Comprehensive multisignature verification report



AdES Profile


First part would be devoted to check interoperability at the level of more basic XAdES form with (XAdES-BES) different signed propoerties.

Part 1: Managing XAdES-BES signatures

Protocol / Features group

Tested Feature

Element(s) involved

Signing Protocol. XAdES-BES with selected signed properties

SigningTime

SignedProperties as 4.3.2.1.2.3.1

Signing Protocol. XAdES-BES with selected signed properties

CommitmentTypeIndication

SignedProperties as 4.3.2.1.2.3.2

Signing Protocol. XAdES-BES with selected signed properties

SignatureProductionPlace

SignedProperties as 4.3.2.1.2.3.3

Signing Protocol. XAdES-BES with selected signed properties

SignerRole (ClaimedRole; problems for getting attribute certs)

SignedProperties as 4.3.2.1.2.3.4

Signing Protocol. XAdES-BES with selected signed properties

DataObjectFormat

SignedProperties as 4.3.2.1.2.3.6

Signing Protocol. XAdES-BES with selected signed properties

AllDataObjectsTimeStamp

SignedProperties as 4.3.2.1.2.3.5

Signing Protocol. XAdES-BES with selected signed properties

IndividualDataObjectsTimeStamp

SignedProperties as 4.3.2.1.2.3.6

Verifying Protocol. XAdES-BES with the aforementioned properties

Test that servers verify all the aforementioned properties


Second part would be devoted to check interoperability at the level of evolved forms of XAdES.

Part 2: Managing Evolved Forms of XAdES

Protocol / Features group

Tested Feature

Element(s) involved

Signing Protocol. XAdES-C

Generate a XAdES-C . Only SigningCertificate and optionally SigningTime as signed properties

SignatureForm

Signing Protocol. XAdES-X

Generate a XAdES-X . Only SigningCertificate and optionally SigningTime as signed properties

SignatureForm

Signing Protocol. XAdES-X-L

Generate a XAdES-X-L. Only SigningCertificate and optionally SigningTime as signed properties

SignatureForm

Signing Protocol. XAdES-A

Generate a XAdES-A . Only SigningCertificate and optionally SigningTime as signed properties

SignatureForm

Verifying Protocol. All the XAdES forms already mentioned

Test that servers verify all types of XAdES signatures


Third part would be devoted to check how servers would evolve the XAdES forms.

Part 3: Managing Upgrading of XAdES signatures

Protocol / Features group

Tested Feature

Element(s) involved

Signing Protocol. Update from BES to C

Server gets a simple XAdES-BES with signinCertificate and singintime signed properties. It should return the XAdES-C corresponding to that signature.

ReturnUpdatedSignature

Signing Protocol. Update from C to X

Server gets the former XAdES-C. It should return the corresponding XAdES-X.

ReturnUpdatedSignature

Signing Protocol. Update from X to X-L

Server gets the former XAdES-X. It should return the corresponding XAdES-X-L.

ReturnUpdatedSignature

Signing Protocol. Update from X-L to A

Server gets the former XAdES-X-L. It should return the corresponding XAdES-A.

ReturnUpdatedSignature

Signing Protocol. Update from BES to A

Server gets a simple XAdES-BES with signinCertificate and singintime signed properties. It should return the XAdES-A corresponding to that signature (no references, only thec cert and rev values plus a time-stamp).

ReturnUpdatedSignature


Notes:

  1. For CAdES it could be something similar.
  2. Initially not included in the former scope XML time-stamps in XAdES signatures, whose verification is profiled in section 6. Leave it open if we should include them...opinions?


Other Profiles ?

Preparation Interop DSS-X (last edited 2010-04-12 15:16:55 by sdrees)