LSS Technical Specification

Similar documents
Digitaliseringsstyrelsen

General Technical Specification for LSS for NemID

Guidelines on the use of LSS for NemID test tools

XML Security Algorithm Cross-Reference

NemID JS Developer Support site. Guidelines

Recommended test procedures

NemID JS Developer Support site. Guidelines

Signature Profile for BankID

XEP-0290: Encapsulated Digital Signatures in XMPP

The SPS.Client consist of a single.net DLL (SPS.CLient.dll), henceforth referred to as the client library.

2010 Martin v. Löwis. Data-centric XML. XML Signature and Encryption

This document is the technical reference for Signaturgruppens Authentication Plugin client library.

RSA-PSS in XMLDSig. Position Paper W3C Workshop Mountain View

SOA-Tag Koblenz 28. September Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany

1. Legal/business importance parameter: Low 2. Market implementation efforts parameter: Low

ehealth Business Continuity Plan Cookbook Version 1.2 This document is provided to you free of charge by the ehealth platform

1 URI stands for Universal Resource Identifier.

edelivery SMP Profile Test Assertions Description

OASIS XACML XML DSig Profile

Web Services Security: SAML Interop 1 Scenarios

Encrypted DigiDoc Format Specification

REVENUE ONLINE SERVICE

Industry Advisory DIGITAL SIGNATURES AND C14N CROSS PLATFORM COMPATIBILITY ISSUES: RECOMMENDATIONS FOR FEMA IPAWS CONTENTS AND OTHER CAP SYSTEMS.

Specification document for OCSP

IBM Research Report. XML Signature Element Wrapping Attacks and Countermeasures

Implementation profile for using OASIS DSS in Central Signing services

Subject Key Attestations in KeyGen2

Web Services Security

XML ELECTRONIC SIGNATURES

Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track. July 2011

Digital Certificates. PKI and other TTPs. 3.3

NAADS DSS web service usage Contents

ACCESS NetFront TM Browser

Implementing WS-Security on TPF

Open Score Format Packaging Specification

PDF-validator Operation Guide

Birkbeck (University of London)

Internet Standards for the Web: Part II

CSI 3140 WWW Structures, Techniques and Standards. Representing Web Data: XML

Long Time Validation extended Signed Data Object Specification of version 1.1

Customer Documentation Business Application Header

OIO WS-Trust Profile. Version 1.0. IT- & Telestyrelsen October 2009

ETSI TS V1.1.1 ( )

Web Services and Services on the Web

Implementation Guidelines for NemID (OCES)

BDOC FORMAT FOR DIGITAL SIGNATURES

Implementation Guidelines for NemID (OCES)

Web Services Security: SOAP Message Security

Encryption, Signing and Compression in Financial Web Services

Specification document for OCSP

Web Security, Summer Term 2012

Web Security, Summer Term 2012

Kaltura MediaSpace SAML Integration Guide. Version: 5.0

CSC Web Technologies, Spring Web Data Exchange Formats

Federated Search Developer Guide

Web Services Security: SOAP Message Security

IBM [11] DOM : Web Services, security, WS-Security, XML, performance, RSA DSA HMAC

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios

DCC User Gateway Interface Design Specification. Annex - Service Request Definitions 4 Reading Service

Improving the Security of Workflow-based System using Multiple XML Digital Signature

SOAP-Based Security Interaction of Web Service in Heterogeneous Platforms *

WHY CSRF WORKS. Implicit authentication by Web browsers

Specification document for LDAP API

3.2 The EncryptionMethod Element

Implementation Guidelines for NemID (OCES)

Lesson 13 Securing Web Services (WS-Security, SAML)

Profile for High-Performance Digital Signatures

Technical Specifications for Electronic Business Services (EBS)

Subject Key Attestations in KeyGen2

IT2353 WEB TECHNOLOGY Question Bank UNIT I 1. What is the difference between node and host? 2. What is the purpose of routers? 3. Define protocol. 4.

Introduction to XML. Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University

Signed metadata : method and application

web.xml Deployment Descriptor Elements

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

Uniform Resource Locators (URL)

Lotus IBM Lotus Notes Domino 8 Developing Web Applications. Download Full Version :

Introduction to XML 3/14/12. Introduction to XML

Shankersinh Vaghela Bapu Institue of Technology

Delivery Options: Attend face-to-face in the classroom or via remote-live attendance.

Network Working Group. Category: Informational Betrusted, Inc. J. Reagle W3C December 2003

Obsoletes: 2070, 1980, 1942, 1867, 1866 Category: Informational June 2000

Part III: Survey of Internet technologies

NAADS DSS web service usage Contents

INTERNET PROGRAMMING XML

Web Standards Mastering HTML5, CSS3, and XML

Affordable Care Act (ACA) Information Returns (AIR) AIR Submission Composition and Reference Guide

SAML 2.0 Single Sign On with Citrix NetScaler

A security layer for JXTA core protocols

Composer Help. Web Request Common Block

Directories Services and Single Sign-On for Collaboration

Delivery Options: Attend face-to-face in the classroom or remote-live attendance.

XML 2 APPLICATION. Chapter SYS-ED/ COMPUTER EDUCATION TECHNIQUES, INC.

User Management Interfaces for Earth Observation Services

High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018

XML: Introduction. !important Declaration... 9:11 #FIXED... 7:5 #IMPLIED... 7:5 #REQUIRED... Directive... 9:11

Web Services Security - Basics

Mobile LREC. Dimension: Mobile: 640 (W) x 500 (H) pixels (for News app now, available on mytv SUPER app since Jan 2018)

Lesson 1 Key-Terms Meanings: Web Connectivity of Devices and Devices Network

Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1

Table of Contents. Developer Manual...1

Transcription:

LSS Technical Specification Table of contents 1 Introduction... 3 2 Rendering of signature flows... 4 3 Security guidelines... 5 3.1 LSS back-end only accessible via SSL... 5 3.2 Content Security Policy... 5 3.2.1 Inline scripts... 5 3.3 Securing JavaScript Module Pattern... 6 4 XML-DSig structure... 7 4.1 General requirements... 8 4.2 Algorithms... 8 4.3 Signature structure... 9 4.4 SignedInfo structure... 9 4.5 Reference structure... 9 4.6 KeyInfo structure... 9 4.7 Object structure... 10 4.8 SignatureProperty structure... 10 4.9 Signature properties... 11 4.9.1 The action property... 12 4.9.2 The RequestIssuer property... 12 4.9.3 The TimeStamp property... 12 4.9.4 The signtext property... 12 4.9.5 The stylesheetdigest property... 12 4.9.6 The stylesheetidentifier property... 13 5 References... 14 Signaturgruppen 2014 Page 1 of 14

Version history December 16 th 2016 Version 2.0 TSS 4 th April 2014 Version 1.1 TN 28 th March 2014 Version 1.0 MSP 27 th March 2014 Version 0.97 TN 23 rd March 2014 Version 0.96 TSS 20 th March 2014 Version 0.95 TN 13 th March 2014 Version 0.94 BS 4 th March 2014 Version 0.93 TSS 31 th January 2014 Version 0.92 MSP 10 th January 2014 Version 0.91 MSP 20 th December 2013 Version 0.6 MSP 16 th December 2013 Version 0.5 MSP Signaturgruppen 2014 Page 2 of 14

1 Introduction This document is a technical supplement to the document General Technical Specification and is intended for LSS suppliers and their technical staff implementing a LSS for NemID backend. As a supplier of LSS products, it is possible to integrate to the LSS for NemID. This makes it possible for employees in companies with the LSS, to use NemID for business from JavaScript enabled devices such as tablets, smartphones and ordinary computers. Please note, that service providers may or may not choose to support the LSS for NemID functionality in their services. Signaturgruppen 2014 Page 3 of 14

2 Rendering of signature flows It is the responsibility of the LSS back-end to validate that the sign texts received for signing flows conform to the specifications provided in DanID s service provider documentation for the specific signing flows (i.e. plain text, HTML, XML and PDF). A white list of html- and pdf tags allowed can be found in Nets DanID s general service provider documentation. It is required, that the LSS backend perform the same restrictions to signature flows. Rendering of the document to-be-signed is the responsibility of the LSS backend. It is important that the user is presented with the document to-be-signed correctly. In general, it is the responsibility of the LSS backend to enforce the What You See Is What You Sign and by this make sure that the presented document conforms to the signed document returned to the service provider. Signaturgruppen 2014 Page 4 of 14

3 Security guidelines As for service providers, LSS suppliers are recommended to follow the security guidelines found in the general service provider documentation from Nets DanID. The LSS supplier is required to be up-to-date of the security guidelines both from Nets DanID and from the LSS for NemID solution. 3.1 LSS back-end only accessible via SSL It must be enforced that all connections to the LSS back-end are over https/ssl. 3.2 Content Security Policy The most notable recommendation is the content security policy http headers. It is required that the LSS supplier understands and is up-to-date on the current recommendations regarding these headers and take this into account for their LSS back-end implementation. http://www.html5rocks.com/en/tutorials/security/content-security-policy/ http://www.w3.org/tr/csp/ 3.2.1 Inline scripts It can be expected that some service provider s use the content security headers to disable inline scripts completely from their web pages. In this scenario only scripts loaded from files from a domain whitelisted by the service provider are permitted. This implies that all JavaScript (and other scripts) must be included by file reference and hosted under the LSS Client URL to ensure that service providers are able to white-list the scripts. //NOT ALLOWED <script> alert( This is blocked ); </script> //ALLOWED <script src= alert.js /> Signaturgruppen 2014 Page 5 of 14

3.3 Securing JavaScript Module Pattern It is recommended that the JavaScript deployed at the LSS back-end is executed inside a closure as an anonymous function to prevent global access to any variables or methods inside the closure. This is a general pattern referred to as the Module Pattern. //NOT in a closure func1 is accessible from other JS sources var func1 = function(){alert( hey );}; func1(); //In a closure not accessible from other JS sources (function(){alert( hey );})(); Signaturgruppen 2014 Page 6 of 14

4 XML-DSig structure The signed XML document produced by the LSS must comply with a set of requirements. Here we will specify these requirements. Note, that some of these requirements arise from the overall desire, that the document should validate using OOAPI [TU]. When implementing the LSS signing it is strongly recommended that the produced documents are validated using OOAPI. The general form of the signed document the LSS should produce is: <?xml version="1.0" encoding="utf-8"?> <openoces:signature version="0.1"> <ds:signature Id="signature"> <ds:signedinfo> <ds:canonicalizationmethod.. /> <ds:signaturemethod../> <ds:reference URI="#ToBeSigned"> <ds:digestmethod.. /> <ds:digestvalue>8/bu0v8..</ds:digestvalue> </ds:reference> </ds:signedinfo> <ds:signaturevalue> lhpbne... </ds:signaturevalue> <ds:keyinfo> <ds:x509data> <ds:x509certificate>miifqtccay...</ds:x509certificate> </ds:x509data> <ds:x509data> <ds:x509certificate>miifvzccbk...</ds:x509certificate> </ds:x509data> <ds:x509data> <ds:x509certificate>miigsdccbd...</ds:x509certificate> </ds:x509data> </ds:keyinfo> <ds:object Id="ToBeSigned"> <ds:signatureproperties> <ds:signatureproperty Target="signature"> <openoces:name>propertyname</openoces:name> <openoces:value..>propertyvalue</openoces:value> </ds:signatureproperty> <ds:signatureproperty.. </ds:signatureproperty> </ds:signatureproperties> </ds:object> </ds:signature> </openoces:signature> Signaturgruppen 2014 Page 7 of 14

In the following the individual sections in the document will be detailed. For a description of the XML signing mechanism and semantics we refer to the standard [XMLDSIG]. 4.1 General requirements The document MUST utilize UTF-8 encoding. The document MUST NOT use XML comments. The document MUST use namespace prefixes to specify namespaces. The prefixes used MUST be: Namespace prefix Namespace URI ds http://www.w3.org/2000/09/xmldsig# openoces http://www.openoces.org/2006/07/signature# The ds:signature element MUST conform to the XML-DSig standard [XMLDSIG]. The document MUST have a root element, openoces:signature with exactly one child element of type ds:signature. The root element MUST have an attribute version with value 0.1. 4.2 Algorithms This section describes the algorithms allowed in OpenSign signatures. The signatures MUST only use algorithms in this table. Purpose Algorithm Canonicalization http://www.w3.org/tr/2001/rec-xml-c14n-20010315 Signature http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 Signaturgruppen 2014 Page 8 of 14

Digest http://www.w3.org/2001/04/xmlenc#sha256 4.3 Signature structure The ds:signature element MUST have an attribute, Id, with value signature. This element is referred from the SignatureProperty elements - see below. 4.4 SignedInfo structure The ds:signedinfo element specifies exactly which XML-nodes are under signature. This element must therefore have a very specific form, which is specified is this section. The SignedInfo element MUST contain exactly one Reference element must be included. 4.5 Reference structure This Reference element MUST NOT define any transforms, i.e. it MUST have exactly two children, DigestMethod and DigestValue. The reference must be an id-type referring an element with Id ToBeSigned. This means that the URI attribute on the Reference element must have the value #ToBeSigned. No other values are allowed. The referred element having id ToBeSigned MUST be of type ds:object, and must be a child of the ds:signature element. 4.6 KeyInfo structure The ds:keyinfo element contains the signing certificate chain: The signing certificate holds the public key which will decrypt the SignatureValue. KeyInfo contains a sequence of certificates. The sequence MUST be the ordered certificate chain consisting of: 1 1. Root CA certificate 1 OOAPI will validate a signature with only the signing certificate supplied. However, the NemID applets have always supplied the full certificate chain, therefore service providers (TU's) may exist that depend on that behavior. Signaturgruppen 2014 Page 9 of 14

2. Intermediate CA certificate 3. Signing certificate The certificates MUST be ordered as listed above. 4.7 Object structure The ds:object element is the XML node-set that is actually signed. The element MUST define both the ds and the opensign namespaces. The element MUST have an Id attribute with value ToBeSigned. The element MUST have exactly one ds:signatureproperties child element. The ds:signatureproperties element MUST consist of a sequence of ds:signatureproperty elements. 4.8 SignatureProperty structure Each SignatureProperty element MUST have an attribute Target with value signature. Each SignatureProperty element MUST have exactly two children of types opensign:name and opensign:value. The opensign:name element defines the name of the property in its node-text, the opensign:value element defines the property value. Each opensign:value element MUST have exactly two attributes: Value attribute Legal value Encoding base64 xml VisibleToSigner yes no When Encoding="base64" is specified, the node-text MUST be Base64 encoded bytes. If the value should be interpreted as a string (see below), the encoded bytes MUST be a UTF-8 encoding of the string value. Signaturgruppen 2014 Page 10 of 14

When Encoding="xml" is specified, the node-text directly specifies the value of the property. The VisibleToSigner attribute has value yes when the property at hand was shown to the user during the signing process and value no otherwise. How these attribute values should be selected depends on the property specified in opensign:name. These values are specified in detail below. 4.9 Signature properties Most signature properties are directly related to the parameters passed in the "Parameters" call see the General Technical Specification document, Section 5. In the table below this relationship is covered by the Pass-through column. The properties passed in parameter SIGN_PROPERTIES MUST be added as SignatureProperty elements with value-attributes Encoding="base64" and VisibleToSigner="no". The values given in column Flows are a shorthand notation for whether this attribute is used in the logon (L), signing (S) or XML-signing (X) flows, respectively. Here S denote the text-, PDF-, and HTML-signing flows. For example, a property with value SX MUST NOT be specified in a logon flow and MUST be specified in any signing-flow. Columns Encoding and VTS (VisibleToSigner) give the values of the corresponding opensign:value attributes. Property name Flows Pass-through from Encoding VTS action LSX - xml no RequestIssuer LSX REQUESTISSUER base64 yes TimeStamp LSX TIMESTAMP base64 no signtext SX SIGNTEXT base64 yes no Signaturgruppen 2014 Page 11 of 14

stylesheetdigest X SIGNTEXT_TRANSFORMATION 2 base64 no stylesheetidentifier X SIGNTEXT_TRANSFORMATION_ID xml no In the following the semantics of the properties are described. 4.9.1 The action property This property MUST be - logon in a logon flow - sign in a signing flow 4.9.2 The RequestIssuer property The value of this property MUST be taken from the REQUESTISSUER parameter. 4.9.3 The TimeStamp property This value of this property MUST be taken as is from the TIMESTAMP parameter. 4.9.4 The signtext property The value of the signtext property MUST be taken from the SIGNTEXT parameter. Note, that in a PDF-signing flow the value is a Base64 encoding of the PDF-bytes. When the SIGNTEXT_FORMAT is XML the VisibleToSigner attribute MUST ben no, otherwise yes. 4.9.5 The stylesheetdigest property In an XML-signing flow, the LSS MUST compute the value of this property as a SHA256 digest of the UTF-8 encoded XSLT style sheet passed in parameter SIGNTEXT_TRANSFORMATION. 2 The value of stylesheetdigest is a SHA256 digest of the SIGNTEXT_TRANSFORMATION so not direct passthrough. Signaturgruppen 2014 Page 12 of 14

4.9.6 The stylesheetidentifier property The value of this property MUST be taken directly from parameter SIGNTEXT_TRANSFORMATION_ID. If that parameter is not passed, this property MUST be omitted. Signaturgruppen 2014 Page 13 of 14

5 References [TU] [XMLDSIG] DanID TU-pakke https://www.nets-danid.dk/tu-pakke XML Signature Syntax and Processing (Second Edition) http://www.w3.org/tr/xmldsig-core/ Signaturgruppen 2014 Page 14 of 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback