[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [DSS-X] comments to profile on individual reporting multi-signatureverification
Hallo Juan Carlos, your requirements below seem to point to a similar direction as the attached draft of a VerificationReport-structure. This structure aims at providing (if requested by specifying a sufficiently high detail-level) a comprehensive verification report for arbitrary signed objects (such as advanced electronic signatures and related structures (incl. time stamps, (attribute) certificates and revocation information - possibly by expanding the binary structures to a human readable form). Such a comprehensive verification report is (in some Europen countries) required to be generated and archived for electronic invoices. > I have uploaded a document that we worked some time ago and > that could serve to launch discussions on an abstract profile > that could support individual reporting multi-signature verification. > > Some of the initial requirements that such a profile should meet are: > > 1. A new optional input in the <dss:VerificationRequest> > requesting that if hte server finds more than one signature, > it reports verification individually for each one. This could even be a default behaviour. Within the VerificationReport-structure, there is a general part (related to the request) and multiple (0..*) specific parts (related to the signed objects). > > 2. For <dss:VerificationResult> there will be two types of results: > global and individual. Yes. > > 3. For <dss:VerificationResult> global Major results should > globaly indicate whether there has been or not success. > In the latter case, the client must look at the individual reports. It would be possible to specify a kind of detail-level, such that the lowest level would provide the same information as the current verification in DSS. However the highest detail-level will provide a comprehensive verification report, which contains all information, which is gathered during the verification process. While this - e.g. in case of an advanced electronic signature - might become a fairly complex structure, such a report is required in some scenarios (e.g. eInvoicing). > 4. For <dss:VerificationResult> global Minor results have > also been re-adjusted > I don't think that we would need to change any Major or Minor results. The VerificationReport structure could just be handed back in OptionalOutputs. > 5. For <dss:VerificationResult> a new optional output element > satisfying the following > requirements: Please have a look at the structures defined in the draft of the VerificationReport.xsd attached. > > 5.1 Each one of these elements will report details on how > verification of one > signature has gone. If one aims at supporting advanced electronic signatures, which may contain time stamps, (attribute) certificates and related revocation information (OCSP or CRL), it would be a natural extension (with only modest changes) to allow the verification of these structures as well. > 5.2 This element will include result major and minor for > each signature. > > 5.3 This element will contain mechanisms for identifying > the signature verified > (and this is something on what I would like to get more > ideas....you will see that > I propose something but I would say that there might be > other ways to do that). This element will contain some Identifier for the signed object. In case of a signature, this might be something similar to the SignaturePtr-element. > 5.4 This element may incorporate any optional output giving > details on a verified signature > that have been defined in the DSSCore Yes. It seems to me that covering (CMS or XML) advanced electronic signatures would imply that everything (maybe apart from PGP-signatures?) is covered. > > 5.5 Should allow the inclusion of further details on the > verification process. In fact it could make sense to define a kind of detail-level, such that one is able to control how detailled the verification report will be. Please let me know what you think about the draft of the attached VerificationReport-structure. Best regards, Detlef -- Dipl. Inform. (FH) Dr. rer. nat. Detlef Hühnlein Partner secunet Security Networks AG Sudetenstraße 16 96247 Michelau Telefon +49 9571 896479 Mobil +49 171 9754980 detlef.huehnlein@secunet.com www.secunet.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]