ETSI - TS 119 432
Electronic Signatures and Infrastructures (ESI); Protocols for remote digital signature creation
|Publication Date:||1 March 2019|
The present document specifies protocols and interfaces applicable when the process of creating AdES digital signatures as defined by ETSI TS 119 102-1 [i.7] and/or digital signature values, as result of Data To Be Signed Representations signatures, is carried out by a distributed solution comprised of two or more systems/services/com
The present document is limited to remote server signing, i.e. the signing key is held in a remote shared service.
NOTE: Remote signature creation with local signing, i.e. the signing key is held with the signer's personal device but other steps in the signature creation are carried out by means of networked services, is a possible solution but protocols for such architecture are not covered in the present document.
Finally, the present document specifies two bindings, each one in a different syntax (XML and JSON), for each of the protocols mentioned above.
As far as it has been possible and suitable, the protocols have re-used constructs of CSC JSON and OASIS DSS-X XML specifications. When this has not been possible the present document specifies new components semantically and also syntactically in the two formats: XML and JSON.
The authorized signer's use of its key for signing requires users to provide multiple proofs of their claimed identity before being granted access to the needed set of resources. The way in which the user identity verification process is carried out by the service provider or any suggestion concerning the usage of multi-factor authentication mechanisms is out of the scope of the present document.