ADSS Server has been designed to provide a single platform for trust services, reducing the number of individual traditional products required to form a solution and thus saving considerable overheads in training multiple security administrators, users and auditors.


The following Trust Services can be licensed for use within ADSS Server:


ADSS Trust Service

Service Description

Supported Formats/Standards

Signing Service

For applying digital signatures to electronic documents (either automated signing on the server or browser-based signing using locally held signing keys)

PDF, PDF/A, AdobeĀ® CDS, CMS, PKCS#7, XML DigSig, XAdES, CAdES and S/MIME signatures.
The interface protocol for the Signing Service is OASIS DSS for all signature types.

Certification Service

For generating, certifying and renewing signing keys and certificates using either an internal CA module or an external online or offline CAs. These certificates can later be used by the ADSS Signing Service or other ADSS Services.

X.509 v3.0 Certificates;

RSA 1024, 2048 and 4096 bit keys;

ECDSA keys in terms of their respective curve types are:

  • For NIST P: 160, 192, 224, 256, 384 and 521
  • For SEC2 K: 256
  • For Brainpool R and Brainpool T: 160, 192, 224, 256, 320, 384 and 512 

SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512 hashing algorithms.

Verification Service

For verifying digitally signed documents and certificates

PDF, PDF/A, AdobeĀ® CDS, CMS, PKCS#7, XML DigSig, XAdES, CAdES and S/MIME signatures.

X.509 v1.0 and v3.0 certificates.
The interface protocol for the Verification Service is OASIS DSS for all signature types.

OCSP Service

For providing online certificate revocation status information services for all registered CAs.

IETF RFC6960 (OCSP).
OCSP is supported over the HTTP/S interfaces.

TSA Service

For provision of timestamp services (for timestamping signatures or raw data).

IETF RFC3161 (TSP).
TSP is supported over the HTTP/S interfaces.

XKMS Service

For validating public keys and associated digital certificates based on the XKMS specifications; an XML encoded request/response protocol.

The interface protocol for the XKMS Service is W3C XKMS (XKISS).

SCVP Service

For full delegated certificate path building and path validation based on the SCVP ASN.1 encoded request/response protocol.

Server-based Certificate Validation protocol (SCVP).  Both DPD (Delegated Path Discovery) and DPV (Delegated Path Validation) are supported. 

LTANS Service

For long-term archiving and notary service.  Facilitates the long-term secure archiving of corporate documents, emails and data using digital signature and timestamp technologies.  Provides and manages document retention policies and policy-based refreshing of evidential data.

The evidence information is stored according to the following specification:
IETF draft-ietf-ltans-xmlers-03.txt, 

The interface protocol for the LTANS Service is:
IETF draft-ietf-ltans-ltap-07.txt

Decryption Service

For decrypting encrypted documents.  Supports decryption of documents using default key IDs referenced within the decryption profiles configured on the server; or the key IDs provided by the client within the decryption requests to the server.

Web services interface is based upon:

Encryption Profile from OASIS DSS-X group.

CRL Monitor

For retrieving, verifying, storing and archiving CRLs from registered CAs so that other ADSS Services can utilise a reliable source of certificate status information. Note because of storing historical CRL, ADSS Server is also capable of providing historical signature verification and certificate validation. A local CRL publishing option is also provided, in case local relying parties cannot access the external CRL publication location.

X.509 v1.0 and v2.0 CRLs (supports both direct and indirect CRLs from multiple issuers).

CRLs can be retrieved using LDAP/S and HTTP/S interfaces.


The Trust Services described above can be accessed by automated business applications working independently or on-demand business applications which interact with users over the web.  The interface to ADSS Server can be XML/SOAP based Web Services, optimised HTTP/S interfaces or via email gateways. These integration options are discussed in more detail in the ADSS Server Developer Guide and source code samples (in JAVA and .NET) and demo applications are also provided with the installation of the ADSS Client SDK.

See also

Identity Proven, Trust Delivered

ADSS Server Features and Benefits
ADSS Server Trust Services
ADSS Server Architecture & Interfaces
ADSS Signing Service Overview
ADSS Verification Service Overview
ADSS Certification Service Overview
ADSS OCSP Service Overview
ADSS TSA Service Overview
ADSS XKMS Service Overview
ADSS SCVP Service Overview
ADSS LTANS Service Overview
ADSS Decryption Service Overview
ADSS CRL Monitor Overview