Specialist Task Force 351: Interoperability framework for XML Advanced Electronic Signatures (XAdES)
Who we are:
Team Leader: Mr. Juan Carlos Cruellas Ibarz
Mr. Konrad Lanz
Mr. Kenji Urushima
Mr. Kuan Ieong Gregory Sun
Dr. Yoji Maeda
Mr. Peter Kremer
Why we do it:
The objective of this work is to aid interoperability for mutual recognition
of advanced electronic signatures taking the IDABC and DG INFSO work in this
domain into account. It is also proposed to support the greater interoperability
of e-signatures (as called for by the Directive 1999/93/EC) as necessary to
achieve the widespread use of electronic signatures and related services.
Studies on mutual recognition of electronic signatures [IDABC-MutualRec] and
the ongoing survey on electronic signature standardization [eSigSurvey] will be
taken into consideration.
The action also strongly considers new technological developments such
as mobile communication technologies in the area of e-signatures, which is
exactly where the joint Working Group (ETSI TC ESI and ECOM from Japan) will
contribute to: extending usage and development of XAdES ETSI TS 101 903 V1.3.2:
“XML advanced Electronic Signatures (XAdES)” employing web technologies, thus
helping to achieve greater interoperability, and identifying future work for
adapting XAdES signatures to the mobile world.
The proposed action has the following objectives:
• to set up a standing Joint ETSI/ECOM PlugtestsTeam;
• to establish an infrastructure for supporting multiple remote interoperability
a) by defining a clear set of relevant reference test cases;
b) providing a web based portal to access information for XAdES
c) allowing for interaction amongst stakeholders and participants, like
d) publishing results, best practices, recommendations;
• to make recommendations on follow up standardisation based on the
• to produce a new version of XAdES based on the aforementioned recommendations
• to strengthen the partnership between Japanese and European standardisation
• to actively support and involve stakeholders in the further standardisation
and acceptance of the European standard XAdES;
• to establish a single point of reference for XAdES developers.
For more details, see our
Terms of Reference
How we do it:
The XAdES standard has been developed and is still being maintained by ETSI
TC ESI. XAdES is based on the XML-DSig-Standard, which has been jointly
developed by W3C and the IETF. XAdES has been published as a W3C-Note within
This proposed work will be the first interoperability co-operation between an
ESO (European Standardisation Organisation) - in this case ETSI - and the
Electronic Commerce Promotion Council of Japan (ECOM). ECOM carries out various
activities related to Electronic Commerce (EC), such as developing rules,
presenting proposals to governments and conducting international standardization
activities based on user needs in order to enable secure use of e-commerce.
This action is based on ETSI TS 101 903 V1.3.2: “XML advanced Electronic
Signatures, XAdES”. XAdES itself builds on work by the W3C/IETF on XML
Signatures, published as RFC 3275 and a W3C recommendation (the W3C-Note
mentioned above). It will also build on the results and requirements from
working groups and task forces within ETSI, the W3C, IETF, OASIS and others, who
are using XML and XML signatures as a basis for providing other services.
Examples are XKMS, XForms SOAP, Web services, OASIS-DSS and many others.
This initiative between Europe and Japan is a follow up on two European
face-to-face interoperability events on former versions of XAdES [XAdES-IntOp1].
Previous work was also performed by ECOM in a Japanese Interoperability activity
in 2006 [XAdES-IntOp-JP].
The proposed work is based on informal preparations and data exchange between
organisations within Europe and Japan under a joint effort of ETSI and ECOM.
XAdES, an extension to XML Signatures, is a European standard that has its
root in the European Electronic Signature Directive (1999/93/EC) and provides a
significant contribution to security. Its usage has gone beyond the European
boundaries and plays a more and more important role in the long term securing of
electronic documents. An increasing number of European countries and also
Japanese organisations are adopting the usage of XAdES in areas like e-Invoicing,
digital Accounting and e-Government. A consequence of not being able to perform
this activity will be a lack of early synchronisation and interoperability
checks between the different usages causing a fragmentation of implementations
and this may hinder future electronic transactions within Europe and between
Europe and Japan.
According to [eSigSurvey] it appears that full compliance to some instance of
some standards may lead to costly development and/or complex when not unfeasible
applications. This work is contributing towards paving the way for broader use
of XAdES and to ease its use for developers and for implementation in real life
The ongoing survey on electronic signature standardization [eSigSurvey]
refers to several causes for the low development of the (qualified) electronic
An important point is the complexity and uncertainty on archiving of
electronic proofs for the long and very long term. This can be mitigated by the
use of XAdES-A forms offering a format to tackle these requirements. As this
project will provide a single point of reference and a comprehensive set of use
and test cases we believe that it can considerably contribute towards
simplifying the implementation and use of XAdES forms like XAdES-A in real life
Such use and test cases can also function as criteria for quality and
interoperability assessment for XAdES applications. Eventually feedback could be
given to the standardisation and legalization entities by identifying portions
of XAdES that are considered to be hard to implement or realize.
The IDABC preliminary study on mutual recognition of eSignatures for
eGovernment [IDABC-MutualRec] will produce a “(Draft) Analysis and Assessment of
similarities and differences to be finalised in September 2007” where especially
the differences in the use of XAdES will be of interest to this project.
This section provides some details on the roles
played and activities carried out by each STF member.
- Test Case Definition Language and Test Cases for
XAdES Forms (BES-A). The STF specified a test
case definition language to be used for the September 2008 Plugtest Event taking
as basis a specification made by IAIK. This was commented by the STF members. At
the Tokio meeting the STF team conducted a final review, and the resulting
version appears now on the Plugtest Portal. on all the details, which has been
implemented. Mr. Lanz produced the xml files specifying the generation and
cross-verification test cases. Mr. Cruellas reviewed the XAdES specification and
identified up to 80 potential only-verification test cases. He produced the xml
files specifying them and generated a document providing rationale for each one.
Mr. Urushima made an intensive review of these test cases. Mr. Cruellas and Mr.
Urushima filtered the initial set and proposed a subset of 20 for the Septembert
2008 Plugtest Event, leaving the rest as potential tests to be included in the
February 2009 Event. Mr. Konrad and Mr. Sun conducted a peer-review of the
proposed test cases. Mr. Urushima and Mr. Cruellas generated the signatures
corresponding to the the generation and cross-verification test cases, and Mr.
Lanz generated before the start of the plugtest the generation and
cross-verification signatures from IAIK, so that participants may find since the
very beginning a complete set of signatures.
- Specification and implementation of the Trust
The whole team worked collectively in specifying the Trust framework and the
different scenarios for the test. Mr. Lanz deployed and configured the CA and
TSA services software in the portal. As it has been said before, Mr. Krémer
provided support in several aspects of the portal falling under the
responsibility of ETSI CTI. Once the trust framework was deployed in the portal,
the rest of the experts experimented with the portal to ensure its correct
behaviour (Mr. Urushima intensive contribution must be remarked here). Several
issues were identified, reported and quickly fixed. This ensured a robust
deployment of the different software components in the portal.
- Specification and implementation of Plugtest
Portal. The whole team worked collectively in planning the
contents of the whole portal. Mr. Lanz, in addition to the CA and TSA services
software aforementioned, deployed and configured in the portal the following
software components: repositories for CA and TSA certificates (LDAP server and
HTTP server), and OCSP responder services. Mr. Lanz has also produced a number
of scripts that automatically generate up to date versions of the Test cases
document, including interoperability matrixes that reflect in each instant the
current state of the tests for each participant. Mr. Cruellas has generated the
informative pages of the portal, including the description of how to conduct the
Plugtests, the details on how to use the PKI services, etc. Mr. Cruellas and Mr.
Krémer produced an orientation presentation that is handed to the participants
before the official start of the Plugtest.. Mr. Krémer produced contents for
certain specific informative pages (particpants list, for instance). As it has
been said before the experts (Mr. Urushima intensive contribution must be
remarked here) experimented with the portal to ensure its correct behaviour and
also the coherence of the informative contents.
- Remote Interoperability plugtest events. So far the STF has conducted the September 2008
Plugtest Event. The protected part of the portal was actually opened on
September the 1st so that participants could gain access to all the information
time before the official start of the Plugtest Event and prepare themselves for
it. An introduction meeting was conducted on September the 3rd for explaining
the contents of the portal, and highlighting to the participants the most
remarkable aspects of both the Portal and the Event. During the Event, the
members of the team collectively work in preparing agendas for the meetings
(there will be one remote meeting once each two days), reacting to questions
raised by the particpants, updating the list of open issues for discussion,
taking minutes of the meetings, and update the contents of the portal
accordingly. The March 2008 Plugtest Event proved to be a period of time very
demanding in terms of dedication: almost a full dedication of the members was
required during the whole duration of the Plugtest Event. It must be remarked
the fact that ECOM has established a specific helpdesk for Japanese participants
in the Events.
- Continuous dissemination of results and XAdES
related material. All the experts of the STF
team produced presentations for the ECOM/ETSI workshop, and Mr. Urushima, Mr.
Lanz, and Mr. Cruellas gave a presentation in that workshop. Additionally Mr.
Cruellas produced material detailing the activities of the ESI TC (including the
enumeration and short explanations of the most remarkable Technical
Specifications produced by this committee) and the history of XAdES that
participants may access in the portal. Mr. Cruellas also prepared publizicing
material for the Plugtest Events, which were reviewed by the STF team and
afterwards uploaded to the ETSI Plugtest Web pages. After the September 2008
Plugtest, the team will complete a workplan for further dissemination to be
implemented during the rest of the project. The STF is considering the
organization of workshops in different countries that have brought participants
to the Plugtest Events, and also the production of material related to XAdES and
Here is the summary of roles:
Responsible STF member
|Plugtest Portal (Web site, PKI, TSP, LDAP, OCSP)
||Konrad Lanz, Peter Kremer
|Certificate and TimeStampToken Profile
||Konrad Lanz, Kenji Urushima
|XAdES testcase document
||Juan Carlos Cruellas, Konrad Lanz
|XAdES Test Case Definition Language
||Konrad Lanz, Juan Carlos Cruellas
|XAdES positive cross-checking testcase design
||Juan Carlos Cruellas, Konrad Lanz
|XAdES negative testcase design
||Juan Carlos Cruellas, Kenji Urushima
|XAdES negative testcase test signature generation
||Juan Carlos Cruellas, Kenji Urushima
|CAdES testcase document and design
|CAdES Test Case Definition Language
||Juan Carlos Cruellas, Gregory Sun
|CAdES negative testcase test signature generation
Time plan for the work:
STF has started in April 2008 and will work until end-February 2009 (delivery
of the Final Report to EC/EFTA is due by end March 2009 at the latest).
- The STF-351 members want to
express their gratitude to Mr. Yoji Maeda from ECOM for his continuous support
and contributions to relevant STF activities (organization and conduction of the
ECOM/ETSI Seminar on XAdES, held in Japan, etc.).
and the STF-351 team conceived, prepared, organized and conducted the first
ECOM/ETSI Advanced Electronic Signatures
Seminar. This seminar was kindly hosted by ECOM in Tokyo, Japan on 18 August
Members of the STF-351 made 4 presentations on
topics directly related with XAdES and CAdES as well as on the XAdES and CAdES
Plugtest portal and the Plugtests that are currently being defined and organized.
This event proved to be an extraordinary occasion for getting feedback from main
Asian players in the electronic signature arena and also a very good occasion
for European and Asian partners fruitful exchange of experiences. The English
version of the program and additional details of the workshop may be found at
the following URLs:
http://www.ecom.jp/forum/workshop01_data.html (to download slides)
How to contact us:
Mr. Juan Carlos Cruellas Ibarz firstname.lastname@example.org
Mr. Konrad Lanz Konrad.Lanz@iaik.tugraz.at
Mr. Kenji Urushima Kenji.Urushima@entrust.com
Mr. Kuan Ieong Gregory Sun email@example.com
Dr. Yoji Maeda firstname.lastname@example.org
Mr. Peter Kremer email@example.com
This information is based upon STF working assumptions.
The views expressed do not necessarily represent the position of ETSI in this