Standard for Web-based digital signatures completed
- By William Jackson
- Jun 11, 2007
A standard to enable digital signing of electronic documents via a Web application has been finalized by the Organization for the Advancement of Structured Information Standards.Digital Signature Services Version 1.0
(DSS), approved by OASIS this month, defines an Extensible Markup Language interface to process digital signatures for Web services and other applications without complex client software. The Web-based scheme should simplify the creation and verification of digital signatures and could improve security by centralizing storage and management of cryptographic signing keys.
A digital signature uses cryptography to bind the creator's signature or assertion to an electronic document or other form of data, which in turn can be used by others to authenticate the source of the data and ensure that it has not been tampered with since its creation. This serves much the same purpose as a traditional written signature and enables electronic transactions at a level of trust and assurance similar to paper-based transactions.
Because digital signatures require creation and management of cryptographic keys, implementation can be complex, especially in large enterprises. The goal of DSS is to help overcome the complexity.
'DSS makes it easy to use digital signatures because it lets companies control their signature applications on an organizational basis through a network-based server,' said Juan Cruellas, co-chairman of the OASIS DSS technical committee. 'Instead of being managed individually, signing keys are maintained on a secure server with controls that minimize the risk of compromise. Signatures can still be created by authorized individuals, but instead of requiring specialized signing equipment for each person, DSS allows organizations to use their existing authentication mechanisms, such as passwords or biometrics.'
DSS describes XML-based protocols for creating and verifying signatures. A client sends documents to the DSS server to receive a signed version of the document in return, and signed documents can be sent to the server for verification of the signature. The core specifications can be used to support other uses, such as time-stamping and postmarking documents.
An international group of industry and government experts ' including representatives from the American Bar Association, the Austria Federal Chancellery, BEA Systems, IBM, Nokia and the United Nations' Universal Postal Union ' contributed to the standard. The Universal Postal Union has implemented DSS within its Electrical Post Mark system.
William Jackson is a Maryland-based freelance writer.