OASIS Unfurls Standard for Digital Signatures

OASIS has approved a standard for digital signatures using XML. The standard, called Digital Signature Services (DSS) version 1.0, enables the sharing of digital signatures without the use of "complex client software," according to an announcement issued by the organization.

The standard aims to facilitate security in electronic commerce, as well as in Web-based applications. It incorporates existing digital signature standards formulated by the IETF (Internet Engineering Task Force) and ETSI (European Telecommunications Standards Institute).

The DSS standard can make it easier for companies to verify documents because signing keys are maintained on a secure server, rather than being managed individually, according to OASIS' announcement.

"DSS allows sensitive signing keys to be protected by using tamper-proof signing devices and by locating the server in a room with controlled access. Costs are reduced with DSS, because security can be highly localized," explained Nick Pope of Thales eSecurity Ltd. in the announcement. Pope is also co-chair of the OASIS DSS Technical Committee.

The DSS standard describes two XML-based request and response protocols, according to the announcement. One of the protocols is used for signatures and the other is used for verification. The standard supports time-stamping, corporate seals, electronic postmarks and code signing.

The process of verification works using "a range of transport and security bindings," according to OASIS' DSS FAQ. The use of HTTP Post or SOAP over transport layer security is optional.

OASIS, or Organization for the Advancement of Structured Information Standards, is an international nonprofit consortium that advocates for e-business standards.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Opens Azure Sentinel Marketplace for Partner Solutions

    Microsoft recently announced preview releases of several Azure Sentinel improvements, including connectors for partner solutions within Azure Sentinel.

  • 2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.