Levels of the existing and upcoming versions of XAdES

John Haug johnhaug at exchange.microsoft.com
Tue Jun 9 01:37:50 CEST 2015 

This is what I’ve been looking at recently in preparation for next week’s meeting.  Can you (or someone you’ve been talking to) what is meant by this?  In 6.2.2 “Notation for requirements” there is a listing of the meanings of various cell values in the large table showing which elements / qualifying properties / services apply to which XAdES level.  The last item under #5 reads:
"*": means that the qualifying property or signature’s element (service) identified in the first column
should not be incorporated to the signature (provided) in the corresponding level. Upper signature levels
may specify other requirements.

Comparing to “shall not be present” it seems the key difference is “should not” vs. “shall not”.  The example at the bottom of 6.2.2 looks at CompleteCertificateRefs.  The table entry for that row shows “*” for B-B and B-T and “shall not be present” for B-LT and B-LTA.  Does that mean rows using “*” and “shall not be present” are effectively deprecating those elements/properties?  These rows comprise four elements used in XAdES-C plus the RefsOnlyTimeStamp and SigAndRefsTimeStamp.

Ultimately, I’m trying to compare the current XAdES levels with the upcoming ones and I can only see doing so by comparing which elements are allowed in each.  (Wouldn’t it be nice if there existed a schema for each level?)

John

From: eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com] On Behalf Of MURATA Makoto
Sent: Sunday, June 7, 2015 4:41 AM
To: SC34
Subject: Levels of the existing and upcoming versions of XAdES

1. Existing XAdES

The existing XAdES (ETSI TS 101 903 V1.4.2) has four forms and three
advanced forms.

Four forms

    Basic Electronic Signature (XAdES-BES)
    Explicit Policy based Electronic Signature (XAdES-EPES)
    Electronic Signature with Validation Data (XAdES-T and XAdES-C).

Three advanced forms

    Extended signatures with time forms (XAdES-X)
    Extended long electronic signatures with time (XAdES-X-L)
    Archival electronic signatures (XAdES-A)

Conformant generators must support either XAdES-BES or XAdES-EPES,
while conformance verifiers must support either XAdES-BES or
XAdES-EPES.  Conformnace requirements on XAdES-T and those on XAdES-C
are defined, but generators or verifiers are not required to support
them.  Conformance requirements on XAdES-X, XAdES-X-L, or XAdES-A are
not defined.

ISO 14533-2(=JIS X5093) defines different conformance requirements.
One is the support of XAdES-T, and the other is the support of
XAdES-A.

2. Upcoming XAdES

The upcoming XAdES (Draft EN 319 132-1 and Draft EN 319 132-2)
provides four XAdES baseline signature levels (132-1) and
some additional levels (in 132-2).

2.1 Baseline signature levels

a) B-B (some signed and some unsigned qualifying properties)

b) B-T (trusted token proving that the signature itself actually
existed at a certain date and time.)

c) B-LT (all the material required for validation)

d) B-LTA (time-stamps that allow validation long time after the generation)

2.2 Additional  levels

There are:

XAdES-E-BES
XAdES-E-EPES
XAdES-E-T

XAdES-E-C
XAdES-E-X
XAdES-E-X-Long
XAdES-E-X-L

XAdES-E-A signatures built on XAdES-E-T
XAdES-E-A signatures built on XAdES-E-C, XAdES-E-X, XAdES-E-X-Long, and XAdES-E-X-L

Regards,
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20150608/430b2cc5/attachment-0001.html>

More information about the sc34wg4 mailing list