Chapter 12. ETSI Advanced XML Signatures

Chapter 12. ETSI "Advanced" XML Signatures

The European Telecommunications Standards Institute (ETSI) is developing extensions to the XML Digital Signature Recommendation (see Chapter 10) so that the resulting extended signatures will meet the European Directive requirements for valid electronic signatures for electronic commerce purposes [Directive]. This chapter describes the extensions as an example of one way to build a higher-level "trust" structure on the basic XMLDSIG structure.

The discussion in this chapter is based on ETSI's July 2001 draft, XML Advanced Electronic Signatures [XAdES], which uses the following namespace:

 http://www.etsi.org/names/TS/101903/v1.1.1# 

I don't know about you, but I'm always suspicious of things called "new" or "advanced." What will they call the next, more advanced version?

ETSI assumes the existence of trusted service providers, including time stamping services and certificate authorities. Another assumption relates to the existence of signature policy issuers. The ETSI draft is aimed, to a great extent, at convincing an independent arbiter of the validity of a signature. It assumes that all signatures with which it deals will be public key signatures with keying material in X.509 [ISO 9594] certificates.

The sheer size and complexity of the ETSI draft should give pause to those who think it should be easy to establish "trust" and "meaning" from a document (see Appendix E) point of view.

The schema information given is this chapter assumes the following preface:

 <?xml version="1.0" encoding="UTF-8"?> <schema targetNamespace=        "http://uri.etsi.org/names/TS/101903/v1.1.1#"  xmlns:xsd="http://www.w3.org/2001/XMLSchema"  xmlns="http://uri.etsi.org/names/TS/101903/v.1.1.1#"  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"  elementFormDefault="qualified" >