ADSS Verification Service
ADSS Verification Service provides OASIS DSS and DSS-X compliant data and document signature verification services for client applications. In addition, certification validation is supported. All common signature formats can be verified including PDF, XML DSig, PKCS#7, CMS, S/MIME, ETSI PAdES, XAdES and CAdES signatures. Simple and complex path building and path validation methods are supported. Commercially it is sold as ADSS Verification Server, ADSS PDF Server, ADSS XML Server and ADSS PKCS#7 Server.
The verification service interface is compliant with OASIS DSS and DSS-X and a high-speed HTTP/S option. The basic architecture of verification service is explained in the Concepts and Architecture, Verification Service. Requests for verification are sent to ADSS Server by:
Web Services - Create OASIS DSS web-services using the WSDL definitions supplied with ADSS Server.
High Level JAVA or .NET APIs - ADSS Client SDK, a sophisticated client library that handles multiple scenarios, data formats and signature types, and makes integration with various applications very easy, typically adding between 5 and 20 lines of code.
The request and response schema is fully explained in ADSS Server Developers Guide. Business applications can use either approach to request ADSS Server to verify/validate signature/certificate. ADSS Server checks that:
The signature can be cryptographically verified, i.e. the data covered by the signature has not been changed.
The signer’s certificate is trusted, i.e. it is issued by a trusted CA, it is not expired, it is not revoked, contains valid fields and extensions, etc.
Optionally, the signature and the certificate meet the minimum quality levels that are acceptable to the client application.
A key part of signature verification is validating the signature(s) and trusting the digital certificate(s). Client application can specify either it wants signature verification or only certificate validation by setting the relevant flags in the API call through ADSS Client SDK. For more information, see ADSS Server Developer Guide available in the ADSS Client SDK package.
The following image shows the verification service sub-modules, details of which are given in the next sections:
The following sections describe how to configure ADSS Verification Service