An advanced certificate validation service and architecture based on XKMS

The apparition of some laws that make the electronic signature (e-signature) legally equivalent to handwritten signature (under some circumstances) has favoured its use in different fields such as e-commerce, e-government, etc. In these fields, some signed documents have to be stored and remain valid over long periods of time. For this kind of e-signatures some formats such as CAdES and XAdES have appeared. These formats specify the information to include with the e-signature. Basically, this information comprises signer’s certificates, a set of certificates up to a trust anchor, certificate validation responses, etc. That is, the information needed to determine if an electronic signature is valid. These evidences can be gathered by using different PKI-compliant protocols. However, the support of the different protocols is complex for clients. XKMS appeared with the aim of simplifying the certificate management, but XKMS only supports a simple validation mechanism that does not provide the long term information needed for the CAdES/XAdES signature. As a solution to this problem, we have extended XKMS in order to support the obtaining of long term evidences needed for CAdES/XAdES signatures. With this extension we have also defined the different components that are needed to support this kind of service. Based on the definition provided, the service has been implemented and it has been incorporated to an egovernment infrastructure based on service-oriented architectures, which is able to create and verify this kind of signatures.