dss
DSS is the OASIS Digital Signature Services Specification. It allows for server-based generation and verification of different types of digital signatures, including XML DSig, CMS and PGP. The specification also defines a Timestamp feature, capable of transporting RFC 3161 time stamp tokens as well as an "XML timestamp".
As part of my intention to implement DSS, I am running a service endpoint at the following URL's:
http://markupsecurity.com:4080/dss/service/{soap12,plain-http} https://markupsecurity.com:4080/dss/service/{soap12,plain-http}
The currently deployed service conforms to DSS Working Draft 31, 27 June 2005.
I am also taking part in the interop activity organised by the Oasis DSS Technical Committee. As the initial step in that process, the participants are producing sample messages. I am gradually moving my contributions over here.
Both the Sign and Verify services require the Profile urn:oasis:names:tc:dss:1.0:profile:dss_interop.
The following sections provide details on the two Sign and Verify protocols respectively.
sign
The Sign Protocol produces XML, CMS and PGP signatures as indicated by the SignatureType optional input. The SignatureType is required by this service.
The EnvelopingSignature optional input can be used to indicate that an enveloping signature is desired.
The KeySelector optional input can be used to select the key used for signature generation. The system is aware of two signature keys that can be identified using a KeyInfo.X509Data.X509Certificate element.
verify
The Verify Protocol verifies XML, CMS and PGP signatures. The system can verify signature's contained in either XMLData or SignatureObject.
The AdditionalKeyInfo optional input can be used to provide additional information about the signature verification key.
Multi-signature verification is not yet supported.