OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-dev] question about DSS

Hi Vladimir,

nice to see that you're interested in the DSS standard !
006501c95f54$1ddf6100$e0c8010a@vmercep.fina.hr" type="cite">

I am Vladimir Mercep from Croatia and I work in financial agency ( FINA ). We have build CA and issuing qualified certificates.


Now we are intrested in building Digital Signature Services. I saw on your site that Germany build DSS that support creation and validation of qualified signatures.

Does anybody else create it in Europe, because we need DSS to support creation and validation of qualified signatures by regulations of EU.

Two remarks :

- Germany is part of europe ;-)
The german regulations are a way to be compliant with the EU directive. So it's not a bad startinmg point.

- DSS defines an interface !
The regulations ( EU or country level ) don't care about the interface, but implementation of processes, security  and legal aspects. So don't expect too much from the  DSS standard regarding a concrete solution. I was the editor of the 'German Sig law' profiles. If you take a look at it, you see that it's a very sparse document. The intention of a profile of an interface cannot be to describe an implementation but to decribe the contarct of service provider and service user. In this case the client uses the profile to request a sig law compliant signature and the server accepts the request if it is build in a way to create such signatures. Not more ...
006501c95f54$1ddf6100$e0c8010a@vmercep.fina.hr" type="cite">

Can you give me some exampels, prices and materials to build test DSS (latter implement it in production).

The spec is free to use !
By the way, I'm not completly sure about the standard docs ...
@Stefan : Do you know what was the outcome of the IPR process ? We didn't adrred on an IPR policy in DSS, so which policy did apply to them ?

By chance  my company is building an open source implementation of DSS. Maybe this can be intersting for you to use  ...
006501c95f54$1ddf6100$e0c8010a@vmercep.fina.hr" type="cite">

I saw some Security Modules, can you give me some advice about it too.

Hmm, can you point out what you mean ? The topic doesn't give me an idea ...



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]