Specialist Task Force 351: Interoperability framework for XML Advanced Electronic Signatures (XAdES)

Who we are:

Team Leader: Mr. Juan Carlos Cruellas Ibarz
 Team Members:      Mr. Konrad Lanz
Mr. Kenji Urushima
Mr. Kuan Ieong Gregory Sun
Dr. Yoji Maeda
Mr. Peter Kremer

Why we do it:

The objective of this work is to aid interoperability for mutual recognition of advanced electronic signatures taking the IDABC and DG INFSO work in this domain into account. It is also proposed to support the greater interoperability of e-signatures (as called for by the Directive 1999/93/EC) as necessary to achieve the widespread use of electronic signatures and related services.

Studies on mutual recognition of electronic signatures [IDABC-MutualRec] and the ongoing survey on electronic signature standardization [eSigSurvey] will be taken into consideration.

The action  also strongly considers new technological developments such as mobile communication technologies in the area of e-signatures, which is exactly where the joint Working Group (ETSI TC ESI and ECOM from Japan) will contribute to: extending usage and development of XAdES ETSI TS 101 903 V1.3.2: “XML advanced Electronic Signatures (XAdES)” employing web technologies, thus helping to achieve greater interoperability, and identifying future work for adapting XAdES signatures to the mobile world.

The proposed action has the following objectives:

• to set up a standing Joint ETSI/ECOM PlugtestsTeam;
• to establish an infrastructure for supporting multiple remote interoperability events:

a) by defining a clear set of relevant reference test cases;
b) providing a web based portal to access information for XAdES interoperability;
c) allowing for interaction amongst stakeholders and participants, like mailing lists;
d) publishing results, best practices, recommendations;

• to make recommendations on follow up standardisation based on the interoperability experiences
• to produce a new version of XAdES based on the aforementioned recommendations
• to strengthen the partnership between Japanese and European standardisation work;
• to actively support and involve stakeholders in the further standardisation and acceptance of the European standard XAdES;
• to establish a single point of reference for XAdES developers.

For more details, see our Terms of Reference

How we do it:

The XAdES standard has been developed and is still being maintained by ETSI TC ESI. XAdES is based on the XML-DSig-Standard, which has been jointly developed by W3C and the IETF. XAdES has been published as a W3C-Note within W3C.

This proposed work will be the first interoperability co-operation between an ESO (European Standardisation Organisation) - in this case ETSI - and the Electronic Commerce Promotion Council of Japan (ECOM). ECOM carries out various activities related to Electronic Commerce (EC), such as developing rules, presenting proposals to governments and conducting international standardization activities based on user needs in order to enable secure use of e-commerce.

This action is based on ETSI TS 101 903 V1.3.2: “XML advanced Electronic Signatures, XAdES”. XAdES itself builds on work by the W3C/IETF on XML Signatures, published as RFC 3275 and a W3C recommendation (the W3C-Note mentioned above). It will also build on the results and requirements from working groups and task forces within ETSI, the W3C, IETF, OASIS and others, who are using XML and XML signatures as a basis for providing other services. Examples are XKMS, XForms SOAP, Web services, OASIS-DSS and many others.

This initiative between Europe and Japan is a follow up on two European face-to-face interoperability events on former versions of XAdES [XAdES-IntOp1]. Previous work was also performed by ECOM in a Japanese Interoperability activity in 2006 [XAdES-IntOp-JP].

The proposed work is based on informal preparations and data exchange between organisations within Europe and Japan under a joint effort of ETSI and ECOM.

XAdES, an extension to XML Signatures, is a European standard that has its root in the European Electronic Signature Directive (1999/93/EC) and provides a significant contribution to security. Its usage has gone beyond the European boundaries and plays a more and more important role in the long term securing of electronic documents. An increasing number of European countries and also Japanese organisations are adopting the usage of XAdES in areas like e-Invoicing, digital Accounting and e-Government. A consequence of not being able to perform this activity will be a lack of early synchronisation and interoperability checks between the different usages causing a fragmentation of implementations and this may hinder future electronic transactions within Europe and between Europe and Japan.

According to [eSigSurvey] it appears that full compliance to some instance of some standards may lead to costly development and/or complex when not unfeasible applications. This work is contributing towards paving the way for broader use of XAdES and to ease its use for developers and for implementation in real life systems.

The ongoing survey on electronic signature standardization [eSigSurvey] refers to several causes for the low development of the (qualified) electronic signatures market.

An important point is the complexity and uncertainty on archiving of electronic proofs for the long and very long term. This can be mitigated by the use of XAdES-A forms offering a format to tackle these requirements. As this project will provide a single point of reference and a comprehensive set of use and test cases we believe that it can considerably contribute towards simplifying the implementation and use of XAdES forms like XAdES-A in real life systems.
Such use and test cases can also function as criteria for quality and interoperability assessment for XAdES applications. Eventually feedback could be given to the standardisation and legalization entities by identifying portions of XAdES that are considered to be hard to implement or realize.

The IDABC preliminary study on mutual recognition of eSignatures for eGovernment [IDABC-MutualRec] will produce a “(Draft) Analysis and Assessment of similarities and differences to be finalised in September 2007” where especially the differences in the use of XAdES will be of interest to this project.

Roles:

This section provides some details on the roles played and activities carried out by each STF member.

• Test Case Definition Language and Test Cases for XAdES Forms (BES-A). The STF specified a test case definition language to be used for the September 2008 Plugtest Event taking as basis a specification made by IAIK. This was commented by the STF members. At the Tokio meeting the STF team conducted a final review, and the resulting version appears now on the Plugtest Portal. on all the details, which has been implemented. Mr. Lanz produced the xml files specifying the generation and cross-verification test cases. Mr. Cruellas reviewed the XAdES specification and identified up to 80 potential only-verification test cases. He produced the xml files specifying them and generated a document providing rationale for each one. Mr. Urushima made an intensive review of these test cases. Mr. Cruellas and Mr. Urushima filtered the initial set and proposed a subset of 20 for the Septembert 2008 Plugtest Event, leaving the rest as potential tests to be included in the February 2009 Event. Mr. Konrad and Mr. Sun conducted a peer-review of the proposed test cases. Mr. Urushima and Mr. Cruellas generated the signatures corresponding to the the generation and cross-verification test cases, and Mr. Lanz generated before the start of the plugtest the generation and cross-verification signatures from IAIK, so that participants may find since the very beginning a complete set of signatures.

• Specification and implementation of the Trust Infrastructure. The whole team worked collectively in specifying the Trust framework and the different scenarios for the test. Mr. Lanz deployed and configured the CA and TSA services software in the portal. As it has been said before, Mr. Krémer provided support in several aspects of the portal falling under the responsibility of ETSI CTI. Once the trust framework was deployed in the portal, the rest of the experts experimented with the portal to ensure its correct behaviour (Mr. Urushima intensive contribution must be remarked here). Several issues were identified, reported and quickly fixed. This ensured a robust deployment of the different software components in the portal.

• Specification and implementation of Plugtest Portal. The whole team worked collectively in planning the contents of the whole portal. Mr. Lanz, in addition to the CA and TSA services software aforementioned, deployed and configured in the portal the following software components: repositories for CA and TSA certificates (LDAP server and HTTP server), and OCSP responder services. Mr. Lanz has also produced a number of scripts that automatically generate up to date versions of the Test cases document, including interoperability matrixes that reflect in each instant the current state of the tests for each participant. Mr. Cruellas has generated the informative pages of the portal, including the description of how to conduct the Plugtests, the details on how to use the PKI services, etc. Mr. Cruellas and Mr. Krémer produced an orientation presentation that is handed to the participants before the official start of the Plugtest.. Mr. Krémer produced contents for certain specific informative pages (particpants list, for instance). As it has been said before the experts (Mr. Urushima intensive contribution must be remarked here) experimented with the portal to ensure its correct behaviour and also the coherence of the informative contents.

• Remote Interoperability plugtest events. So far the STF has conducted the September 2008 Plugtest Event. The protected part of the portal was actually opened on September the 1st so that participants could gain access to all the information time before the official start of the Plugtest Event and prepare themselves for it. An introduction meeting was conducted on September the 3rd for explaining the contents of the portal, and highlighting to the participants the most remarkable aspects of both the Portal and the Event. During the Event, the members of the team collectively work in preparing agendas for the meetings (there will be one remote meeting once each two days), reacting to questions raised by the particpants, updating the list of open issues for discussion, taking minutes of the meetings, and update the contents of the portal accordingly. The March 2008 Plugtest Event proved to be a period of time very demanding in terms of dedication: almost a full dedication of the members was required during the whole duration of the Plugtest Event. It must be remarked the fact that ECOM has established a specific helpdesk for Japanese participants in the Events.

• Continuous dissemination of results and XAdES related material. All the experts of the STF team produced presentations for the ECOM/ETSI workshop, and Mr. Urushima, Mr. Lanz, and Mr. Cruellas gave a presentation in that workshop. Additionally Mr. Cruellas produced material detailing the activities of the ESI TC (including the enumeration and short explanations of the most remarkable Technical Specifications produced by this committee) and the history of XAdES that participants may access in the portal. Mr. Cruellas also prepared publizicing material for the Plugtest Events, which were reviewed by the STF team and afterwards uploaded to the ETSI Plugtest Web pages. After the September 2008 Plugtest, the team will complete a workplan for further dissemination to be implemented during the rest of the project. The STF is considering the organization of workshops in different countries that have brought participants to the Plugtest Events, and also the production of material related to XAdES and CAdES.

Here is the summary of roles:

Time plan for the work:

STF has started in April 2008 and will work until end-February 2009 (delivery of the Final Report to EC/EFTA is due by end March 2009 at the latest).

Other:

• The STF-351 members want to express their gratitude to Mr. Yoji Maeda from ECOM for his continuous support and contributions to relevant STF activities (organization and conduction of the ECOM/ETSI Seminar on XAdES, held in Japan, etc.).

• ECOM and the STF-351 team conceived, prepared, organized and conducted the first ECOM/ETSI Advanced Electronic Signatures Seminar. This seminar was kindly hosted by ECOM in Tokyo, Japan on 18 August 2008.

Members of the STF-351 made 4 presentations on topics directly related with XAdES and CAdES as well as on the XAdES and CAdES Plugtest portal and the Plugtests that are currently being defined and organized. This event proved to be an extraordinary occasion for getting feedback from main Asian players in the electronic signature arena and also a very good occasion for European and Asian partners fruitful exchange of experiences. The English version of the program and additional details of the workshop may be found at the following URLs:

http://www.ecom.jp/en/Workshop/workshop20080818.html (agenda)

http://www.ecom.jp/forum/workshop01_data.html (to download slides)

How to contact us:

Mr. Juan Carlos Cruellas Ibarz cruellas@ac.upc.edu
Mr. Konrad Lanz Konrad.Lanz@iaik.tugraz.at
Mr. Kenji Urushima Kenji.Urushima@entrust.com
Mr. Kuan Ieong Gregory Sun sunkuanieong@esigntrust.com
Dr. Yoji Maeda maeda@ecom.jp
Mr. Peter Kremer peter.kremer@etsi.org

This information is based upon STF working assumptions.
The views expressed do not necessarily represent the position of ETSI in this context.