New Digital Signature Services (DSS) OASIS Standard Assures Authenticity of Data for Web Services

["Carol Geyer" <carol.geyer@oasis-open.org>]

** Link to this press release at
http://www.oasis-open.org/news/oasis-news-2007-06-07.php **


New Digital Signature Services (DSS) OASIS Standard Assures Authenticity of
Data for Web Services

Boston, MA, USA; 7 June 2007 -- OASIS, the international standards consortium,
today announced that its members have approved Digital Signature Services (DSS)
version 1.0 as an OASIS Standard, a status that signifies the highest level of
ratification. DSS defines an XML interface to process digital signatures for
Web services and other applications, enabling the sharing of digital signature
creation, verification and other associated services, without complex client
software and configuration. 

"DSS makes it easy to use digital signatures because it lets companies control
their signature applications on an organizational basis through a network-based
server," said Juan Cruellas of Centre d'aplicacions avanades d'Internet
(CANET), co-chair of the OASIS DSS Technical Committee. "Instead of being
managed individually, signing keys are maintained on a secure server with
controls that minimize the risk of compromise. Signatures can still be created
by authorized individuals, but instead of requiring specialized signing
equipment for each person, DSS allows organizations to use their existing
authentication mechanisms, such as passwords, two factors, biometrics, etc."

DSS describes two XML-based request/response protocols, one for signatures and
a second for verification. Using these protocols, a client can send documents
to a server and receive back a signature on the documents; or send documents
and a signature to a server and receive back an answer on whether the signature
verifies the documents. 

"A DSS signature secures an organization's documents efficiently and
effectively while maintaining accountability down to the individual level,"
said Nick Pope of Thales eSecurity Ltd., co-chair of the OASIS DSS Technical
Committee. "What's more, DSS allows sensitive signing keys to be protected by
using tamper-proof signing devices and by locating the server in a room with
controlled access. Costs are reduced with DSS, because security can be highly
localized."

DSS supports a range of signature formats including XML and CMS. It is designed
around a core set of elements and procedures which can be profiled to support
specific uses such as time-stamping (including XML structured time-stamps),
corporate entity seals, electronic post marks and code signing.

The OASIS DSS Technical Committee worked closely with the Universal Postal
Union, an agency of the United Nations, to facilitate the use of DSS within its
Electronic Post Mark system (UPU EPM).

"Deploying support for digital signatures can be extremely challenging,
especially for large companies. The task of allocating and certifying user keys
can be burdensome and difficult to secure," said OASIS president and CEO,
Patrick Gannon. "The DSS OASIS Standard presents an approach to digital signing
which significantly reduces these obstacles. The added services enabled by this
standard are meeting global needs, and the Universal Postal Union is a good
example."

The DSS OASIS Standard was developed by representatives of the American Bar
Association, Austria Federal Chancellery, BEA Systems, CATCert-Agencia Catalana
de Certificacio, IBM, Nokia, Universal Postal Union, and others. The DSS OASIS
Standard and the archives of the OASIS DSS Technical Committee work are
publicly accessible. OASIS hosts the dss-dev mailing list for exchanging
information on implementing the standard. 


Additional information

DSS 1.0 OASIS Standard:
http://www.oasis-open.org/specs/index.php#dssv1.0

OASIS DSS Technical Committee:
http://www.oasis-open.org/committees/dss/

DSS FAQ:
http://www.oasis-open.org/committees/dss/faq.php


About OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is
a not-for-profit, international consortium that drives the development,
convergence, and adoption of e-business standards. Members themselves set the
OASIS technical agenda, using a lightweight, open process expressly designed to
promote industry consensus and unite disparate efforts. The consortium produces
open standards for Web services, security, e-business, and standardization
efforts in the public sector and for application-specific markets. Founded in
1993, OASIS has more than 5,000 participants representing over 600
organizations and individual members in 100 countries.
http://www.oasis-open.org


Press contact

Carol Geyer
OASIS Director of Communications
carol.geyer@oasis-open.org
+1.978.667.5115 x209 (office)
+1.941.284.0403 (mobile)