New Digital Signature Services (DSS) OASIS Standard Assures Authenticity of Data for Web Services.BOSTON -- OASIS, the international standards consortium, today announced that its members have approved Digital Signature Services The introduction to this article provides insufficient context for those unfamiliar with the subject matter. Please help [ improve the introduction] to meet Wikipedia's layout standards. You can discuss the issue on the talk page. (DSS (1) (Digital Signature Standard) A National Security Administration standard for authenticating an electronic message. See RSA and digital signature. (2) (Digital Satellite S ) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. DSS defines an XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. interface to process digital signatures for Web services and other applications, enabling the sharing of digital signature creation, verification and other associated services, without complex client software and configuration. "DSS makes it easy to use digital signatures because it lets companies control their signature applications on an organizational basis through a network-based server," said Juan Cruellas of Centre d'aplicacions avanades d'Internet (CANET CANET Collaborative Automotive NETwork ), co-chair of the OASIS DSS Technical Committee. "Instead of being managed individually, signing keys are maintained on a secure server with controls that minimize the risk of compromise. Signatures can still be created by authorized individuals, but instead of requiring specialized signing equipment for each person, DSS allows organizations to use their existing authentication mechanisms, such as passwords, two factors, biometrics, etc." DSS describes two XML-based request/response protocols, one for signatures and a second for verification. Using these protocols, a client can send documents to a server and receive back a signature on the documents; or send documents and a signature to a server and receive back an answer on whether the signature verifies the documents. "A DSS signature secures an organization's documents efficiently and effectively while maintaining accountability down to the individual level," said Nick Pope of Thales eSecurity Ltd., co-chair of the OASIS DSS Technical Committee. "What's more, DSS allows sensitive signing keys to be protected by using tamper-proof signing devices and by locating the server in a room with controlled access. Costs are reduced with DSS, because security can be highly localized." DSS supports a range of signature formats including XML and CMS (1) See content management system and color management system. (2) (Conversational Monitor System) Software that provides interactive communications for IBM's VM operating system. . It is designed around a core set of elements and procedures which can be profiled to support specific uses such as time-stamping (including XML structured time-stamps), corporate entity seals, electronic post marks and code signing. The OASIS DSS Technical Committee worked closely with the Universal Postal Union Universal Postal Union (UPU), specialized agency of the United Nations, with headquarters at Bern, Switzerland. Established in 1875 following adoption of the Universal Postal Convention, it is one of the oldest extant international governmental organizations. , an agency of the United Nations, to facilitate the use of DSS within its Electronic Post Mark system (UPU UPU Union Postale Universelle (Universal Postal Union) UPU Universal Power Unit UPU User Part Unavailable (SS7) EPM EPM equine protozoal myeloencephalitis. ). "Deploying support for digital signatures can be extremely challenging, especially for large companies. The task of allocating and certifying user keys can be burdensome and difficult to secure," said OASIS president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , Patrick Gannon. "The DSS OASIS Standard presents an approach to digital signing which significantly reduces these obstacles. The added services enabled by this standard are meeting global needs, and the Universal Postal Union is a good example." The DSS OASIS Standard was developed by representatives of the American Bar Association American Bar Association (ABA), voluntary organization of lawyers admitted to the bar of any state. Founded (1878) largely through the efforts of the Connecticut Bar Association, it is devoted to improving the administration of justice, seeking uniformity of law , Austria Federal Chancellery, BEA Systems, CATCert-Agencia Catalana de Certificacio, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Nokia, Universal Postal Union, and others. The DSS OASIS Standard and the archives of the OASIS DSS Technical Committee work are publicly accessible. OASIS hosts the dss-dev mailing list for exchanging information on implementing the standard. Additional information DSS 1.0 OASIS Standard: http://www.oasis-open.org/specs/index.php#dssv1.0 OASIS DSS Technical Committee: http://www.oasis-open.org/committees/dss/ DSS FAQ (Frequently Asked Questions) A group of commonly asked questions about a subject along with the answers. Vendors often display them on their Web sites for use as troubleshooting guidelines. : http://www.oasis-open.org/committees/dss/faq.php About OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion