OASIS Unfurls Standard for Digital Signatures

OASIS has approved a standard for digital signatures using XML. The standard, called Digital Signature Services (DSS) version 1.0, enables the sharing of digital signatures without the use of "complex client software," according to an announcement issued by the organization.

The standard aims to facilitate security in electronic commerce, as well as in Web-based applications. It incorporates existing digital signature standards formulated by the IETF (Internet Engineering Task Force) and ETSI (European Telecommunications Standards Institute).

The DSS standard can make it easier for companies to verify documents because signing keys are maintained on a secure server, rather than being managed individually, according to OASIS' announcement.

"DSS allows sensitive signing keys to be protected by using tamper-proof signing devices and by locating the server in a room with controlled access. Costs are reduced with DSS, because security can be highly localized," explained Nick Pope of Thales eSecurity Ltd. in the announcement. Pope is also co-chair of the OASIS DSS Technical Committee.

The DSS standard describes two XML-based request and response protocols, according to the announcement. One of the protocols is used for signatures and the other is used for verification. The standard supports time-stamping, corporate seals, electronic postmarks and code signing.

The process of verification works using "a range of transport and security bindings," according to OASIS' DSS FAQ. The use of HTTP Post or SOAP over transport layer security is optional.

OASIS, or Organization for the Advancement of Structured Information Standards, is an international nonprofit consortium that advocates for e-business standards.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

  • How To Block Self-Service Purchasing in Microsoft's Power Platform

    Microsoft threw Office 365 admins a bone when it gave them the ability to block users from purchasing Power Platform tools without IT approval. Here's how to prevent total anarchy.

  • Azure DevOps Services Losing Support for Alternate Credentials

    Microsoft gave notice last week that it's going to drop Alternate Credentials support for authenticating users of its Azure DevOps Services.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.