Web-Service based Transformation of Digital Signature Formats

Document Sample
Web-Service based Transformation of Digital Signature Formats Powered By Docstoc
					   Web Service based
    Transformation of
Digital Signature Formats


       Bernd Zwattendorfer
                 A-SIT
      bernd.zwattendorfer@a-sit.at
              www.a-sit.at




       e|Gov Days, Prague 2009
Contents

 1. Motivation and Problem Description

 2. Service Description and Architecture

 3. Conclusions and Outlook




      Web Service based Transformation of Digital Signature Formats   2
Motivation

 • Moving to another country



                                                                     Poland




                                       Moving House Life Event

            Ireland




     Web Service based Transformation of Digital Signature Formats            3
Different Signature Formats
    CMS                                                              XMLDSig

                               CAdES




                                                                               XAdES




                                                                      PGP




     Web Service based Transformation of Digital Signature Formats                     4
Different Signed Documents




                         XML




                                                               CMS




    Web Service based Transformation of Digital Signature Formats    5
Cross-Border Document Exchange




                                    Signature
                                 Transformation
                                     Service



                           Same signature format?

                           Signature remains valid?


    Web Service based Transformation of Digital Signature Formats   6
Transformations

• CMS signatures to XML/XAdES signatures
                                                                      XML
                                                                      DSig
                                                  CMS
                                                                      XAdES



• XML/XAdES signatures to CMS signatures
       XML
       DSig
                                         CMS

      XAdES



• XML/XAdES signatures to other types of
                           XML                                         XML
  XML/XAdES signatures     DSig                                        DSig


                                                  XAdES               XAdES


      Web Service based Transformation of Digital Signature Formats           7
Signature Transformation Service


   Original Signature                                             Original Signature



                                  Signature
   Extracted Content         Transformation               Signed Signature Validation Result


                                    Service
   Transformation Info                                             Signed Content




       Web Service based Transformation of Digital Signature Formats                           8
Signature Transformation Service

                                            • CMS-based signatures
              Original Signature
                                            • XML-based signatures



                                            • XML encoded
              Extracted Content
                                            • Base64 encoded


                                            • ID for selection of trustable root
             Transformation Info              certificates
                                            • Type of signature to create
                                            • ID for signature key



     Web Service based Transformation of Digital Signature Formats                 9
Signature Transformation Service


            Original Signature              • CMS-based signatures
                                            • XML-based signatures


                                            • CMS-based signatures
    Signed Signature Validation Result      • XML-based signatures
                                            • Error response

                                            • CMS-based signatures
             Signed Content                 • XML-based signatures
                                            • Error response



     Web Service based Transformation of Digital Signature Formats   10
Architecture

                                                           Signature Creation
                                                                Service




                                Content                         Signature
     Client                    Extraction                    Transformation
                                                                 Service




                                                           Signature Validation
                                                                 Service




     Web Service based Transformation of Digital Signature Formats                11
Transformation Process

1. Validation of the original signature (Signature
   Validation Service)
2. Creation of a signature over the verification result
   (Signature Creation Service)
3. Creation of a new signature over the extracted
   content (Signature Creation Service)




       Web Service based Transformation of Digital Signature Formats   12
Signature Creation and Validation Service

 • Based on Austrian open-source module MOA-
   SPSS
 • SOAP/WSDL Web Service
 • Supports CMS verification and XMLDSig
   signature creation/verification
 • Extended to XAdES signature capabilities and
   CMS creation Signature Verification Signature Creation
                              •   XMLDSig signatures           •   XMLDSig signatures
                              •   XAdES-BES signatures         •   XAdES-BES signatures
                              •   XAdES-T signatures           •   XAdES-T signatures
                              •   XAdES-C signatures           •   CMS signatures
                              •   XAdES-X signatures
                              •   CMS signatures

      Web Service based Transformation of Digital Signature Formats                       13
Conclusions and Outlook

 • Tested with official Austrian proof of residence
   (XML based)
 • Operation by e-Notary Service
 • OASIS - eNotarization Markup Language
   (ENML)




      Web Service based Transformation of Digital Signature Formats   14
                    Thank You
                for your attention!




                                                                  Bernd Zwattendorfer
                                                                                     A-SIT
                                                                bernd.zwattendorfer@a-sit.at
                                                                               www.a-sit.at


Web Service based Transformation of Digital Signature Formats                         15