Decentralised Advanced Electronic Signature or Seal
Introduction
DAdES encompasses various signature profiles to attain different levels of assurance. The DAdES will inherit numerous features from JAdES, whilst adapting X.509 concepts to comply with DIDs.
Generic format
DAdES will incorporate JWS Serialisation and header parameters typ
, alg
, cty
, kid
, crit
, b64
defined in IETF RFC 7515 and IETF RFC 7797. The crit
and typ
header parameters delineate the signature profile, where the crit
indicates the utilised extensions and typ
defines the requirements.
JWS protected header parameters will encompass information pertinent to the signature and the signer, whilst the payload is any JSON object. DAdES signed header parameters shall be located in the JWS protected header section.
Media Types
DAdES is compatible with all JWS serialisation formats, though Compact serialisation is suggested for Zero. The JWS Payload should exclusively contain the original payload, with the JWS Payload media type determined by the cty
header parameter. For example, if a VCDM2.0 data model is incorporated into the JWS Payload, the cty
property should be vc+ld+json
.
The serialised output will be identified with a media type, contingent on the utilised serialisation. JWS Compact serialisation will have a media type of application/jose
, while Flattened and General JWS JSON serialisation will have a media type of application/jose+json
.
DAdES Generic Signed Header Parameters
alg
: Shall be a signed header parameter that qualifies the signature, with syntax and semantics defined in IETF RFC 7515.
cty
: Shall be a signed header parameter that qualifies the JWS Payload, with syntax and semantics defined in IETF RFC 7515.
kid
: Shall be a signed header parameter that qualifies the signature, with syntax and semantics defined in IETF RFC 7515. Content of the parameter shall be a DID URI identifying a public key.
crit
: Shall be a signed header parameter that qualifies the signature, with syntax and semantics defined in IETF RFC 7515. The parameter must contain all DAdES defined signed header parameter and optionally b64
, whilst excluding alg
, cty
, kid
, and crit
.
b64
: Shall be a signed header parameter, with syntax and semantics defined in IETF RFC 7515. The parameter is optional.
DAdES Zero Signed Header Parameters
DAdES Zero will define a minimalistic signature profile, which does not contain other extra proofs than signature time.
The following Signed Header Parameter will be amended on top of the Generic Signed Header Parameters:
typ
: Shall be dades-z
.
sigT
: Shall be a signed header parameter that qualifies the signature, where the value shall specify the time at which the signer claims to have performed the signing process. The value shall be formatted as IETF RFC 3339, contain UTC time for date and time, and shall not contain a fraction of seconds. An example is 2023-11-04T10:16:12Z
.
sigPl
: Shall be a signed header parameter that qualifies the signer, where the value shall specify an address associated with the signer at a particular geographical location. The value shall be a JSON Object with syntax and semantics from schema.org definition of PostalAddress type, where at least one property must be defined.
"sigPl": {
"type": "object",
"properties":{
"addressCountry": {"type": "string"},
"addressLocality": {"type": "string"},
"addressRegion": {"type": "string"},
"postOfficeBoxNumber": {"type": "string"},
"postalCode": {"type": "string"},
"streetAddress": {"type": "string"}
},
"minProperties": 1,
"additionalProperties": false
}
DAdES Zero example
eyJhbGciOiJFUzI1NiIsInR5cCI6ImRhZGVzLXoiLCJraWQiOiJkaWQ6ZWJzaTp6dkhXWDM1OUEzQ3ZmSm5DWWFBaUFkZSNGMHI1T3l0X2xhaHZ2ejZNV2xZczNtY1lOS1ppaVFkVWZxdjh0c2hITjl3IiwiY3JpdCI6WyJzaWdUIiwic2lnUGwiXSwic2lnVCI6IjIwMjMtMTEtMDRUMTA6MTY6MTJaIiwic2lnUGwiOnsiYWRkcmVzc0NvdW50cnkiOiJGSSJ9LCJjdHkiOiJ2YytsZCtqc29uIn0.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwiaWQiOiJ1cm46dXVpZDowMDNhMWRkOC1hNWQyLTQyZWYtODE4Mi1lOTIxYzBhOWYzMmEiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIl0sImlzc3VlciI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlIiwidmFsaWRGcm9tIjoiMjAyMy0xMS0wNVQwMDowMDowMFoiLCJ2YWxpZFVudGlsIjoiMjAyNS0xMS0xMFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDprZXk6ejJkbXpEODFjZ1B4OFZraTdKYnV1TW1GWXJXUGdZb3l0eWtVWjNleXFodDFqOUticmt2dWNGRTQyZWhnajhRRXdpUmN1VTlhdVg0b2puN3E3MUhtdFRNVExpMUUycERQenR5RjRRNlNYTHZSb0J3RDR6enhoQXo5dWkyaDlOYVNDU000TVhSS3ZXeEZyV2lZNWh1UDZFMlpiN3FQekFiUW4zbzJHaXRMY1k5VkhKWjE3SiJ9LCJjcmVkZW50aWFsU2NoZW1hIjpbeyJ0eXBlIjoiSnNvblNjaGVtYSIsImlkIjoiaHR0cHM6Ly9hcGktdGVzdC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92My9zY2hlbWFzLzB4ZmY0ZjFmYTRmMGVmZDQzMDZhMjE4ZjY2OWM3NDgyZDhjZmNjN2ExM2JhNDRmMzRhZjY5ZjQxODg5NzA0MDAyYSJ9XSwicmVsYXRlZFJlc291cmNlIjpbeyJpZCI6Imh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy92MiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL2xkK2pzb24iLCJkaWdlc3RTUkkiOiJzaGEzODQtbEhLREhoMG1zYzZwUng4UGhET01rTnRTSThiT2ZzcDRnaU5iVXJ3NzFuWFhMZjEzblRxTkpvUnAzTngrQXJWSyIsImRpZ2VzdE11bHRpYmFzZSI6Im1vTGF5MHV0N0JVTDVJZnZQVGFFMlFocXJ0SDVjVTNtcmY0ZlFiL01ockg1TmhHaCtvRHdkb3FFMEF5bkdSakZKIn1dfQ.bjkwwfXR2bIXn5YB-Jgu9fqX5fG1VkYCDc7L8LSoKxdP5So7qmG7sMDJ7d-wvg2HugomDvpkJfijwXyxrbsh5A