[기획-디지털 ID 표준] ⑭산업단체와 포럼

[기획-디지털 ID 표준] ⑭산업단체와 포럼 - 오아시스(OASIS)

박재희 기자

2023-10-30 오후 2:43:16

▲ 디지털 ID 산업의 발전 전략 [출처=iNIS]
디지털 ID(Digital Identity) 분야에서 상호운용(interoperable)이 가능하고 안전한 서비스 보장을 위한 표준에 대한 수요가 증가하고 있다. 다양한 표준 조직 및 산업 기관이 활동하는 이유다.

디지털 ID 표준을 개발하는 곳은 유럽표준화기구(European Standardisation Organistions), 국제표준화기구(International Standardisation Organisations), 상업 포럼 및 컨소시엄, 국가기관 등 다양하다.

산업단체와 포럼은 공식적으로 표준화 조직으로 간주되지 않지만 디지털 ID 영역을 포함한 특정 영역에서는 사실상의 표준을 제공하고 있다.

몇몇의 경우 이들 단체들이 추가 비준을 위해 자신들이 생산한 사양을 ISO/IEC, ITU 통신 표준화 부문(ITU-T), ETSI 등 표준 기관에 제출할 수 있다.

이러한 산업단체 및 포럼에는 △인증기관브라우저 포럼(Certification Authority Browser Forum, CA/Browser Forum) △클라우드 서명 컨소시엄(Cloud Signature Consortium, CSC) △국제자금세탁방지기구(Financial Action Task Force, FATF) △신속온라인인증(Fast Identity Online, FIDO) △국제인터넷표준화기구(Internet Engineering Task Force, IETF) △구조화 정보 표준 개발기구(오아시스)(Organization for the Advancement of Structured Information Standards, OASIS) △오픈ID(OpenID) △SOG-IS(Senior Officials Group-Information Systems Security) △W3C(World Wide Web Consortium) 등이다.

구조화 정보 표준 개발기구(Organization for the Advancement of Structured Information Standards, OASIS)는 공급업체와 사용자의 컨소시엄으로 시작됐다.

오늘날 사이버보안(cybersecurity), 블록체인(blockchain), 사물인터넷(internet of things, IoT), 비상 경영(emergency management), 클라우드 컴퓨팅(cloud computing) 등 프로젝트를 발전시키는 대규모 비영리 표준 조직이다.

오아시스는 '디지털 서명 서비스 핵심 프로토콜, 요소, 바인딩'과 같은 디지털 서명과 관련된 프로토콜, 프로필 등 기술 사양을 개발해왔다.

오아시스는 ISO에 협력하고 있는 조직으로 각 기술위원회(TC) 또는 분과위원회(SC)가 다루는 문제에 대해 기술위원회(TC) 또는 분과위원회(SC)의 업무에 효과적으로 기여하는 조직(A liaisons)이다.

기여하고 있는 기술위원회 및 분과위원회는 다음과 같다.

▷ISO/IEC JTC 1/SC 6 시스템 간 통신 및 정보 교환

▷ISO/IEC JTC 1/SC 34 문서 설명 및 처리 언어

▷ISO/IEC JTC 1/SC 38 클라우드 컴퓨팅 및 분산 플랫폼

▷ISO/IEC JTC 1/SC 40 IT 서비스 관리 및 IT 거버넌스

▷ISO/TC 12 수량 및 단위

▷ISO/TC 37 언어 및 용어

▷ISO/TC 37/SC 5 번역, 통역 및 관련 기술

▷ISO/TC 46/SC 4 기술적 상호 운용성

▷ISO/TC 154 상업, 산업 및 행정 분야의 프로세스, 데이터 요소 및 문서

▷ISO/TC 184/SC 4 산업 데이터

▷ISO/TC 211 지리정보/지리학

또한 오아시스는 2005년 10월 21일 Working Draft 34에서 Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0을 발표했다.

이후 2019년 12월 11일 'Digital Signature Service Core Protocols, Elements, and Bindings Version 2.0 Committee Specification 02'가 발표됐다.

버전 2.0의 목차를 살펴보면 다음과 같다.

■ 목차(Table of Contents)

1 Introduction.........................................................................................................................................10
1.1 IPR Policy .........................................................................................................................................10
1.2 Terminology ......................................................................................................................................10
1.2.1 Terms and Definitions ...............................................................................................................10
1.2.2 Abbreviated Terms ....................................................................................................................10
1.3 Normative References ......................................................................................................................10
1.4 Non-Normative References ..............................................................................................................12
1.5 Typographical Conventions ..............................................................................................................13
1.6 DSS Overview (Non-normative) .......................................................................................................13
2 Design Considerations .......................................................................................................................15
2.1 Version 2.0 goal [non-normative]......................................................................................................15
2.2 Transforming DSS 1.0 into 2.0 .........................................................................................................15
2.2.1 Circumventing xs:any ................................................................................................................15
2.2.2 Substituting the mixed Schema Attribute ..................................................................................16
2.2.3 Introducing the NsPrefixMappingType Component.............................................................16
2.2.4 Imported XML schemes ............................................................................................................16
2.2.5 Syntax variants..........................................................................................................................17
2.2.6 JSON Syntax Extensions ..........................................................................................................17
2.3 Construction Principles .....................................................................................................................17
2.3.1 Multi Syntax approach...............................................................................................................17
2.4 Schema Organization and Namespaces ..........................................................................................18
2.5 DSS Component Overview...............................................................................................................19
2.5.1 Schema Extensions...................................................................................................................19
3 Data Type Models ..............................................................................................................................21
3.1 Boolean Model..................................................................................................................................21
3.2 Integer Model....................................................................................................................................21
3.3 String Model......................................................................................................................................21
3.4 Binary Data Model ............................................................................................................................21
3.5 URI Model.........................................................................................................................................21
3.6 Unique Identifier Model.....................................................................................................................21
3.7 Date and Time Model .......................................................................................................................21
3.8 Lang Model .......................................................................................................................................21
4 Data Structure Models........................................................................................................................22
4.1 Data Structure Models defined in this document..............................................................................22
4.1.1 Component NsPrefixMapping ...................................................................................................22
4.1.1.1 NsPrefixMapping – JSON Syntax ......................................................................................................22
4.1.1.2 NsPrefixMapping – XML Syntax ........................................................................................................22
4.2 Data Structure Models defined in this document..............................................................................23
4.2.1 Component InternationalString..................................................................................................23
4.2.1.1 InternationalString – JSON Syntax ....................................................................................................23
4.2.1.2 InternationalString – XML Syntax.......................................................................................................24
4.2.2 Component DigestInfo...............................................................................................................24
4.2.2.1 DigestInfo – JSON Syntax .................................................................................................................24
4.2.2.2 DigestInfo – XML Syntax ...................................................................................................................25
4.2.3 Component AttachmentReference............................................................................................25
4.2.3.1 AttachmentReference – JSON Syntax...............................................................................................25
4.2.3.2 AttachmentReference – XML Syntax.................................................................................................26
4.2.4 Component Any.........................................................................................................................26
4.2.4.1 Any – JSON Syntax ...........................................................................................................................27
4.2.4.2 Any – XML Syntax .............................................................................................................................27
4.2.5 Component Base64Data ...........................................................................................................27
4.2.5.1 Base64Data – JSON Syntax..............................................................................................................28
4.2.5.2 Base64Data – XML Syntax................................................................................................................29
4.2.6 Component SignaturePtr...........................................................................................................30
4.2.6.1 SignaturePtr – JSON Syntax..............................................................................................................31
4.2.6.2 SignaturePtr – XML Syntax................................................................................................................32
4.2.7 Component Result.....................................................................................................................33
4.2.7.1 Result – JSON Syntax .......................................................................................................................33
4.2.7.2 Result – XML Syntax .........................................................................................................................34
4.2.8 Component OptionalInputs........................................................................................................34
4.2.8.1 OptionalInputs – JSON Syntax ..........................................................................................................35
4.2.8.2 OptionalInputs – XML Syntax.............................................................................................................35
4.2.9 Component OptionalOutputs.....................................................................................................35
4.2.9.1 OptionalOutputs – JSON Syntax........................................................................................................35
4.2.9.2 OptionalOutputs – XML Syntax..........................................................................................................36
4.2.10 Component RequestBase .......................................................................................................36
4.2.10.1 RequestBase – JSON Syntax..........................................................................................................36
4.2.10.2 RequestBase – XML Syntax ............................................................................................................36
4.2.11 Component ResponseBase ....................................................................................................37
4.2.11.1 ResponseBase – JSON Syntax .......................................................................................................37
4.2.11.2 ResponseBase – XML Syntax .........................................................................................................38
4.3 Operation requests and responses ..................................................................................................38
4.3.1 Component SignRequest ..........................................................................................................38
4.3.1.1 SignRequest – JSON Syntax.............................................................................................................38
4.3.1.2 SignRequest – XML Syntax ...............................................................................................................39
4.3.2 Component SignResponse .......................................................................................................39
4.3.2.1 SignResponse – JSON Syntax ..........................................................................................................40
4.3.2.2 SignResponse – XML Syntax ............................................................................................................41
4.3.3 Component VerifyRequest ........................................................................................................41
4.3.3.1 VerifyRequest – JSON Syntax...........................................................................................................41
4.3.3.2 VerifyRequest – XML Syntax .............................................................................................................42
4.3.4 Component VerifyResponse .....................................................................................................43
4.3.4.1 VerifyResponse – JSON Syntax ........................................................................................................43
4.3.4.2 VerifyResponse – XML Syntax ..........................................................................................................43
4.3.5 Component PendingRequest ....................................................................................................44
4.3.5.1 PendingRequest – JSON Syntax.......................................................................................................44
4.3.5.2 PendingRequest – XML Syntax .........................................................................................................45
4.4 Optional data structures defined in this document ...........................................................................45
4.4.1 Component RequestID..............................................................................................................45
4.4.1.1 RequestID – JSON Syntax ................................................................................................................45
4.4.1.2 RequestID – XML Syntax...................................................................................................................45
4.4.2 Component ResponseID ...........................................................................................................45
4.4.2.1 ResponseID – JSON Syntax..............................................................................................................46
4.4.2.2 ResponseID – XML Syntax................................................................................................................46
4.4.3 Component OptionalInputsBase ...............................................................................................46
4.4.3.1 OptionalInputsBase – JSON Syntax ..................................................................................................47
4.4.3.2 OptionalInputsBase – XML Syntax ....................................................................................................47
4.4.4 Component OptionalInputsSign ................................................................................................48
4.4.4.1 OptionalInputsSign – JSON Syntax ...................................................................................................49
4.4.4.2 OptionalInputsSign – XML Syntax .....................................................................................................51
4.4.5 Component OptionalInputsVerify ..............................................................................................52
4.4.5.1 OptionalInputsVerify – JSON Syntax .................................................................................................53
4.4.5.2 OptionalInputsVerify – XML Syntax ...................................................................................................55
4.4.6 Component OptionalOutputsBase ............................................................................................56
4.4.6.1 OptionalOutputsBase – JSON Syntax ...............................................................................................56
4.4.6.2 OptionalOutputsBase – XML Syntax..................................................................................................56
4.4.7 Component OptionalOutputsSign .............................................................................................57
4.4.7.1 OptionalOutputsSign – JSON Syntax ................................................................................................57
4.4.7.2 OptionalOutputsSign – XML Syntax...................................................................................................58
4.4.8 Component OptionalOutputsVerify ...........................................................................................58
4.4.8.1 OptionalOutputsVerify – JSON Syntax ..............................................................................................59
4.4.8.2 OptionalOutputsVerify – XML Syntax.................................................................................................60
4.4.9 Component ClaimedIdentity ......................................................................................................61
4.4.9.1 ClaimedIdentity – JSON Syntax.........................................................................................................61
4.4.9.2 ClaimedIdentity – XML Syntax...........................................................................................................62
4.4.10 Component Schemas..............................................................................................................62
4.4.10.1 Schemas – JSON Syntax ................................................................................................................62
4.4.10.2 Schemas – XML Syntax...................................................................................................................63
4.4.11 Component IntendedAudience................................................................................................63
4.4.11.1 IntendedAudience – JSON Syntax...................................................................................................63
4.4.11.2 IntendedAudience – XML Syntax.....................................................................................................64
4.4.12 Component KeySelector .........................................................................................................64
4.4.12.1 KeySelector – JSON Syntax ............................................................................................................65
4.4.12.2 KeySelector – XML Syntax ..............................................................................................................66
4.4.13 Component X509Digest ..........................................................................................................66
4.4.13.1 X509Digest – JSON Syntax.............................................................................................................66
4.4.13.2 X509Digest – XML Syntax ...............................................................................................................67
4.4.14 Component PropertiesHolder..................................................................................................67
4.4.14.1 PropertiesHolder – JSON Syntax.....................................................................................................67
4.4.14.2 PropertiesHolder – XML Syntax.......................................................................................................68
4.4.15 Component Properties ............................................................................................................68
4.4.15.1 Properties – JSON Syntax ...............................................................................................................68
4.4.15.2 Properties – XML Syntax .................................................................................................................69
4.4.16 Component Property ...............................................................................................................69
4.4.16.1 Property – JSON Syntax..................................................................................................................69
4.4.16.2 Property – XML Syntax ....................................................................................................................70
4.4.17 Component IncludeObject.......................................................................................................70
4.4.17.1 IncludeObject – JSON Syntax..........................................................................................................71
4.4.17.2 IncludeObject – XML Syntax............................................................................................................72
4.4.18 Component SignaturePlacement ............................................................................................72
4.4.18.1 SignaturePlacement – JSON Syntax ...............................................................................................72
4.4.18.2 SignaturePlacement – XML Syntax .................................................................................................73
4.4.19 Component DocumentWithSignature......................................................................................74
4.4.19.1 DocumentWithSignature – JSON Syntax.........................................................................................74
4.4.19.2 DocumentWithSignature – XML Syntax...........................................................................................74
4.4.20 Component SignedReferences ...............................................................................................75
4.4.20.1 SignedReferences – JSON Syntax ..................................................................................................75
4.4.20.2 SignedReferences – XML Syntax ....................................................................................................75
4.4.21 Component SignedReference.................................................................................................76
4.4.21.1 SignedReference – JSON Syntax....................................................................................................76
4.4.21.2 SignedReference – XML Syntax......................................................................................................77
4.4.22 Component VerifyManifestResults ..........................................................................................77
4.4.22.1 VerifyManifestResults – JSON Syntax.............................................................................................77
4.4.22.2 VerifyManifestResults – XML Syntax ...............................................................................................78
4.4.23 Component ManifestResult .....................................................................................................78
4.4.23.1 ManifestResult – JSON Syntax........................................................................................................78
4.4.23.2 ManifestResult – XML Syntax..........................................................................................................79
4.4.24 Component UseVerificationTime.............................................................................................80
4.4.24.1 UseVerificationTime – JSON Syntax ...............................................................................................80
4.4.24.2 UseVerificationTime – XML Syntax..................................................................................................81
4.4.25 Component AdditionalTimeInfo...............................................................................................81
4.4.25.1 AdditionalTimeInfo – JSON Syntax..................................................................................................81
4.4.25.2 AdditionalTimeInfo – XML Syntax....................................................................................................82
4.4.26 Component VerificationTimeInfo.............................................................................................83
4.4.26.1 VerificationTimeInfo – JSON Syntax................................................................................................83
4.4.26.2 VerificationTimeInfo – XML Syntax ..................................................................................................83
4.4.27 Component AdditionalKeyInfo.................................................................................................84
4.4.27.1 AdditionalKeyInfo – JSON Syntax....................................................................................................84
4.4.27.2 AdditionalKeyInfo – XML Syntax......................................................................................................85
4.4.28 Component ProcessingDetails ................................................................................................86
4.4.28.1 ProcessingDetails – JSON Syntax...................................................................................................86
4.4.28.2 ProcessingDetails – XML Syntax.....................................................................................................87
4.4.29 Component Detail....................................................................................................................87
4.4.29.1 Detail – JSON Syntax ......................................................................................................................88
4.4.29.2 Detail – XML Syntax ........................................................................................................................89
4.4.30 Component SigningTimeInfo...................................................................................................89
4.4.30.1 SigningTimeInfo – JSON Syntax......................................................................................................89
4.4.30.2 SigningTimeInfo – XML Syntax........................................................................................................90
4.4.31 Component SigningTimeBoundaries ......................................................................................90
4.4.31.1 SigningTimeBoundaries – JSON Syntax .........................................................................................90
4.4.31.2 SigningTimeBoundaries – XML Syntax............................................................................................91
4.4.32 Component AugmentedSignature...........................................................................................91
4.4.32.1 AugmentedSignature – JSON Syntax..............................................................................................91
4.4.32.2 AugmentedSignature – XML Syntax ................................................................................................92
4.4.33 Component ReturnTransformedDocument .............................................................................93
4.4.33.1 ReturnTransformedDocument – JSON Syntax ................................................................................93
4.4.33.2 ReturnTransformedDocument – XML Syntax ..................................................................................93
4.4.34 Component TransformedDocument........................................................................................93
4.4.34.1 TransformedDocument – JSON Syntax...........................................................................................93
4.4.34.2 TransformedDocument – XML Syntax .............................................................................................93
4.5 Request/Response related data structures defined in this document..............................................94
4.5.1 Component InputDocuments.....................................................................................................94
4.5.1.1 InputDocuments – JSON Syntax .......................................................................................................94
4.5.1.2 InputDocuments – XML Syntax..........................................................................................................95
4.5.2 Component DocumentBase ......................................................................................................96
4.5.2.1 DocumentBase – JSON Syntax.........................................................................................................96
4.5.2.2 DocumentBase – XML Syntax ...........................................................................................................97
4.5.3 Component Document ..............................................................................................................97
4.5.3.1 Document – JSON Syntax .................................................................................................................97
4.5.3.2 Document – XML Syntax ...................................................................................................................98
4.5.4 Component TransformedData...................................................................................................98
4.5.4.1 TransformedData – JSON Syntax......................................................................................................99
4.5.4.2 TransformedData – XML Syntax......................................................................................................100
4.5.5 Component DocumentHash ....................................................................................................100
4.5.5.1 DocumentHash – JSON Syntax.......................................................................................................101
4.5.5.2 DocumentHash – XML Syntax.........................................................................................................102
4.5.6 Component SignatureObject ...................................................................................................102
4.5.6.1 SignatureObject – JSON Syntax......................................................................................................103
4.5.6.2 SignatureObject – XML Syntax........................................................................................................104
4.6 Referenced Data Structure Models from other documents ............................................................104
4.6.1 Component NameID................................................................................................................104
4.6.1.1 NameID – JSON Syntax ..................................................................................................................105
4.6.1.2 NameID – XML Syntax ....................................................................................................................106
4.6.2 Component Transforms...........................................................................................................106
4.6.2.1 Transforms – JSON Syntax .............................................................................................................106
4.6.2.2 Transforms – XML Syntax ...............................................................................................................107
4.6.3 Component Transform ............................................................................................................107
4.6.3.1 Transform – JSON Syntax ...............................................................................................................107
4.6.3.2 Transform – XML Syntax .................................................................................................................108
4.7 Element / JSON name lookup tables..............................................................................................109
5 Data Processing Model for Signing ..................................................................................................118
5.1 Processing for XML Signatures ......................................................................................................118
5.1.1 Sub process ‘process references’...................................................................................118
5.1.2 Sub process ‘create XML signature’ ..............................................................................120
5.1.2.1 XML Signatures Variant Optional Input IncludeObject...............................................................120
5.2 Processing for CMS Signatures......................................................................................................121
5.2.1 Sub process ‘process digest’ ...........................................................................................121
5.2.2 Sub process ‘create CMS signature’ ..............................................................................122
5.3 General Processing ........................................................................................................................123
5.3.1 Multi-Signature Creation..........................................................................................................123
5.3.2 Sub process ‘add Timestamp’..............................................................................................123
5.3.2.1 Processing for CMS signatures time-stamping ................................................................................124
5.3.2.2 Processing for XML Timestamps on XML signatures ......................................................................124
5.3.2.3 Processing for RFC 3161 Timestamps on XML signatures .............................................................125
6 Data Processing Model for Verification ............................................................................................126
6.1 Processing for XML Signature Verification .....................................................................................127
6.1.1 Sub process ‘retrieve XML signature’ ..........................................................................127
6.1.2 Sub process ‘recalculate references’ ..........................................................................128
6.1.3 Sub process ‘verify XML signature’ ..............................................................................129
6.1.3.1 Processing for RFC 3161 timestamp tokens on XML Signatures ....................................................129
6.1.3.2 Processing for XML timestamp tokens on XML signatures..............................................................130
6.2 Processing for CMS Signature Verification ....................................................................................130
6.2.1 Sub process ‘retrieve CMS signature’ ..........................................................................131
6.2.2 Sub process ‘verify CMS signature’ ..............................................................................131
6.2.2.1 Processing for RFC 3161 Timestamp tokens on CMS Signatures...................................................132
6.3 General Processing ........................................................................................................................132
6.3.1 Multi-Signature Verification .....................................................................................................132
6.3.2 Sub process ‘augment Signature’ ...........................................................................................133
6.3.3 Sub process ‘timestamp Signature’.........................................................................................134
6.3.4 Task ‘build VerifyResponse’ ....................................................................................................135
7 Asynchronous Processing Model .....................................................................................................137
7.1 Asynchronous-only Processing ......................................................................................................137
7.2 Enforcing Asynchronous Processing..............................................................................................138
8 DSS Core Bindings...........................................................................................................................139
8.1 HTTP POST Transport Binding ......................................................................................................139
8.2 SOAP 1.2 Transport Binding ..........................................................................................................139
8.3 Security Bindings ............................................................................................................................140
9 DSS-Defined Identifiers ....................................................................................................................141
9.1 Signature Type Identifiers...............................................................................................................141
9.1.1 XML Signature.........................................................................................................................141
9.1.2 XML TimeStampToken............................................................................................................141
9.1.3 RFC 3161 TimeStampToken...................................................................................................141
9.1.4 CMS Signature ........................................................................................................................141
9.1.5 PGP Signature.........................................................................................................................141
9.2 ResultMinors...................................................................................................................................141
10 Security Considerations ...................................................................................................................143
10.1 Well-Known Attack Vectors ..........................................................................................................143
10.1.1 XML Parsing Vulnerabilities [non-normative] ........................................................................143
10.1.2 XML Canonicalization Vulnerabilities [non-normative]..........................................................143
10.1.3 Injection Attacks [non-normative] ..........................................................................................143
10.1.4 JSON Deserialization Through Evaluation Attacks [non-normative].....................................143
11 Conformance ....................................................................................................................................145
11.1 Conformance as a DSS version 2.0 document ............................................................................145
11.1.1 Conformance for JSON format..............................................................................................145
11.1.2 Conformance for XML format ................................................................................................145
11.1.3 Conformance for DSS Server................................................................................................145
11.1.4 Conformance for DSS Client .................................................................................................145
Appendix A. Acknowledgments ................................................................................................................146
Appendix B. Index of Components and Elements ....................................................................................147
Appendix C. List of Figures .......................................................................................................................148
Appendix D. Revision History....................................................................................................................149