ISO 14533-2:2021
(Main)Processes, data elements and documents in commerce, industry and administration — Long term signature — Part 2: Profiles for XML Advanced Electronic Signatures (XAdES)
Processes, data elements and documents in commerce, industry and administration — Long term signature — Part 2: Profiles for XML Advanced Electronic Signatures (XAdES)
This document specifies the elements, among those defined in XAdES digital signatures, that enable verification of a digital signature over a long period of time. It does not give new technical specifications about the digital signature itself, nor new restrictions of usage of the technical specifications about the digital signatures which already exist. NOTE XAdES digital signatures is the widely-used extended specification of “XML-Signature Syntax and Processing”.
Processus, éléments d'informations et documents dans le commerce, l'industrie et l'administration — Signature à long terme — Partie 2: Profils pour les signatures électroniques avancées XML (XAdES)
General Information
Relations
Buy Standard
Standards Content (Sample)
INTERNATIONAL ISO
STANDARD 14533-2
Second edition
2021-08
Processes, data elements and
documents in commerce, industry
and administration — Long term
signature —
Part 2:
Profiles for XML Advanced Electronic
Signatures (XAdES)
Reference number
ISO 14533-2:2021(E)
©
ISO 2021
---------------------- Page: 1 ----------------------
ISO 14533-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 14533-2:2021(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Long term signature profiles . 2
4.1 Defined profile . 2
4.1.1 General. 2
4.1.2 Supplier’s declaration of conformance . 3
4.1.3 XML namespaces . 3
4.1.4 Operation of long term signature . 3
4.2 Representation of the required level . 4
4.3 Standard for setting the required level . 4
4.4 Action to take when an optional element is not implemented . 5
4.5 XAdES-T profile . 5
4.5.1 General. 5
4.5.2 Signature element . 5
4.5.3 Object element, SignedSignatureProperties element . 6
4.5.4 Object element, UnsignedSignatureProperties element . 7
4.6 XAdES-X-Long form . 7
4.6.1 General. 7
4.6.2 Structure of the XAdES-X-Long form . 7
4.6.3 Additional UnsignedSignatureProperties element . 7
4.7 XAdES-A profile . 8
4.7.1 General. 8
4.7.2 Structure of the XAdES-A profile . 9
4.7.3 Additional UnsignedSignatureProperties element for XAdES-A profile . 9
4.8 Timestamp validation data . 9
Annex A (normative) Supplier's declaration of conformity and its attachment .11
Annex B (normative) Structure of timestamp token .16
Annex C (informative) Differences of required level between European EN and ISO specification 18
Bibliography .19
© ISO 2021 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 14533-2:2021(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 154, Processes, data elements and
documents in commerce, industry and administration.
This second edition cancels and replaces the first edition (ISO 14533-2:2012), which has been technically
revised.
The main changes compared to the previous edition are as follows:
— in first edition (ISO 14533-2:2012), XAdES was an abbreviated term for ‘XML Advanced Electronic
Signature’; in this edition, XAdES becomes a proper noun and is used as ‘XAdES digital signature’;
— this edition supports XML namespace XAdES 1.4.1 elements;
— XAdES-A profile level is divided and explained as XAdES-X-Long form level;
— this edition describes the comparison with European EN in Annex C, "Differences of required level
between European EN and ISO specification".
A list of all parts in the ISO 14533 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 14533-2:2021(E)
Introduction
The purpose of this document is to ensure the interoperability of implementations with respect
to long term signatures that make digital signatures verifiable for a long term. Long term signature
specifications referenced by each implementation cover XAdES digital signatures developed by the
European Telecommunications Standards Institute (ETSI).
ETSI EN 319 132 specifies data structures and core elements for XAdES digital signature. This
document profiles ETSI EN 319 132 specification for international long term signature interoperability.
ETSI EN 319 132 specification provides definitions of data structures, data elements and their usage in
detail. To maintain consistency with ETSI EN 319 132 specification, this document avoids quoting and
redefining those components defined in ETSI EN 319 132 specification.
In the first edition (ISO 14533-2:2012), XAdES was an acronym for ‘XML Advanced Electronic Signature’.
In this second edition (ISO 14533-2:2021), XAdES is used as a proper noun and ‘XML Advanced
Electronic Signature’ is changed to ‘XAdES Digital Signature’ in line with the definition change of ETSI
from TS to EN; but it is still used in the document title.
© ISO 2021 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 14533-2:2021(E)
Processes, data elements and documents in commerce,
industry and administration — Long term signature —
Part 2:
Profiles for XML Advanced Electronic Signatures (XAdES)
1 Scope
This document specifies the elements, among those defined in XAdES digital signatures, that enable
verification of a digital signature over a long period of time.
It does not give new technical specifications about the digital signature itself, nor new restrictions of
usage of the technical specifications about the digital signatures which already exist.
NOTE XAdES digital signatures is the widely-used extended specification of “XML-Signature Syntax and
Processing”.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 14533-1, Processes, data elements and documents in commerce, industry and administration — Long
term signature profiles — Part 1: Long term signature profiles for CMS Advanced Electronic Signatures
(CAdES)
1)
ETSI EN 319 132-2 , XAdES digital signatures Part 2: Extended XAdES signatures v1.1.1, (April 2016)
2)
XML Signature Syntax and Processing , W3C Recommendation, 11 April 2013
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 14533-1 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
long term signature
signature that is made verifiable and has the ability to maintain its validity status and to get a proof
of existence of the associated signed data for a long term by implementing measures to enable the
detection of illegal alterations of signature information, including the identification of signing time, the
subject of said signature, and validation data
1) Available from https:// www .etsi .org/ standards -search.
2) Available from https:// www .w3 .org/ TR/ xmldsig -core/ .
© ISO 2021 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO 14533-2:2021(E)
3.2
profile
rule used to ensure interoperability, related to the optional elements of referenced specifications, the
range of values, etc.
3.3
XML signature
XmlDsig
signature syntax and processing for a given message
Note 1 to entry: XML signature shall be as defined in XML Signature Syntax and Processing, W3C Recommendation
11 April 2013.
3.4
XAdES digital signature
XAdES
XML based digital signature defined in ETSI EN 319 132-2 for which the signer can be identified and
any illegal data alteration detected
Note 1 to entry: Digital signatures specified in ETSI documents aim at supporting electronic signatures and
electronic seals.
3.5
XAdES with time
XAdES-T
generic term for the incorporation of all the XAdES digital signature (3.4) defined in ETSI EN 319 132-2
with information to ascertain SigningTime, and intermediate form for long term signature (3.1) profile
(3.2)
3.6
XAdES with validation data
XAdES-X-Long
generic term for the incorporation of all the material required for validating the signature, and
intermediate form for long term signature (3.1) profile (3.2)
3.7
archival XAdES
XAdES-A
generic term for the incorporation of electronic timestamps that allow validation of the digital signature
long time after its generation, and long term signature (3.1) profile (3.2)
4 Long term signature profiles
4.1 Defined profile
4.1.1 General
In order to make digital signatures verifiable for a long term, signing time shall be identifiable, any
illegal alterations of information pertaining to signatures, including the subject of information and
validation data, shall be detectable, and interoperability ensured. To meet these requirements, this
document defines a long term profile for XAdES and forms to construct signature data conforming to
the profile:
a) XAdES-T profile (intermediate form): signature with signature timestamp;
b) XAdES-X-Long form (intermediate form): form added validation information to a);
c) XAdES-A profile: form timestamped or protected for long term availability, which is extended from
b).
2 © ISO 2021 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 14533-2:2021(E)
Table 1 lists the correspondence between of various profiles. See Annex C for differences between
European EN and ISO profiles at each level.
Table 1 — Signature generate profiles
ISO 14533-2:2021 ISO 14533-2:2012 ETSI EN 319 132–2
XAdES ISO profile XAdES ISO profiles Extended signatures
–- –- XAdES-E-BES/EPES
XAdES-T profile XAdES-T profile XAdES-E-T
(XAdES-X-Long form) –- XAdES-E-X-Long
XAdES-A profile XAdES-A profile XAdES-E-A
4.1.2 Supplier’s declaration of conformance
If first-party conformity assessment is used, the implementer shall make a declaration of conformity to
this document by disclosing the supplier's declaration of compliance and its attachment in accordance
with Annex A, containing a description of implementation status (and the specifications for any
elements “Conditional”).
NOTE See ISO/IEC 17050-1.
4.1.3 XML namespaces
This document uses the URI namespaces and prefixes listed below:
— http:// www .w3 .org/ 2000/ 09/ xmldsig # (prefix: ds)
— http:// uri .etsi .org/ 01903/ v1 .3 .2 # (prefix: xs)
— http:// uri .etsi .org/ 01903/ v1 .4 .1 # (prefix: xs141)
4.1.4 Operation of long term signature
Figure 1 shows operation of standard long term signature procedure.
Figure 1 — Operation of long term signature
Figure 2 shows timing of standard long term signature procedure.
© ISO 2021 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO 14533-2:2021(E)
Figure 2 — Timing of long term signature step
4.2 Representation of the required level
This document defines the following representation methods for the required level (as form and profile)
of each element constituting XAdES-T profile data, XAdES-X-Long form data and XAdES-A profile data.
a) Mandatory (M): Elements whose required level is “Mandatory” shall be implemented without fail. If
such an element has optional sub-elements, at least one sub-element shall be selected. Any element
whose required level is “Mandatory” and is one of the sub-elements of an optional element shall be
selected whenever the optional element is selected.
b) Optional (O): Elements whose required level is “Optional” may be implemented at the discretion of
the implementer.
c) Conditional (C): Elements whose required level is “Conditional” may be implemented at the
discretion of the implementer, provided that detailed specifications for the processing thereof are
provided separately.
4.3 Standard for setting the required level
The required level of each element constituting XAdES-T profile data, XAdES-X-Long form data and
XAdES-A profile data shall be set in accordance with the following requirements.
a) The required level shall be “Mandatory” for elements whose required level is “Mandatory” in the
definition of XAdES, and those necessary for the generation and validation of long term signatures.
The elements whose required level is “Optional” in the definition of XAdES are defined as
“Mandatory”, “Optional” or “Conditional”.
b) The required level shall be “Conditional” for externally defined elements.
EXAMPLE 1 OtherCertificateFormat.
c) The required level shall be “Conditional” for elements intended to interact with a certain application.
EXAMPLE 2 DataObjectFormat.
4 © ISO 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 14533-2:2021(E)
d) The required level shall be “Conditional” for elements with an operation-dependent factor.
EXAMPLE 3 Attribute certificate, Time mark.
NOTE The archiving-type timestamp defined in ISO/IEC 18014-2 is included in “Time mark or other
method.”
e) The required level shall be “Optional” for elements only containing reference information.
4.4 Action to take when an optional element is not implemented
The following actions shall be taken when the XAdES data used in a validation transaction contains an
unimplemented element.
a) When the required level of a parent element is "Mandatory" and one or more sub-elements shall
be selected, or one or more relevant optional elements shall be selected, the validator shall be
cautioned that validation requires implementation of element(s); otherwise, validation cannot be
performed.
EXAMPLE In a validation transaction, a OCSPValue element is detected where only the processing of
CRLValue elements, among all other optional elements in RevocationValues, is implemented.
b) When xs: CounterSignature (see 4.5.4) is an unimplemented element, the validator shall be
cautioned that validation requires implementation of said element; otherwise, validation cannot be
performed.
c) Optional elements other than those specified above may be ignored for implementation.
4.5 XAdES-T profile
4.5.1 General
4.5.2, 4.5.3 and 4.5.4 specify the required levels of constituent elements of XAdES-T profile data.
4.5.2 Signature element
Table 2 specifies the required level of each constituent element of XML signature. The required level
shall be “Conditional” for any elements not listed in Table 2.
Table 2 — Signature element
XMLDSig
Element or attribute Required level
reference
a
Id attribute M 4.2
ds: SignedInfo M 4.4
ds: Ca nonicaliza tionMethod M 4.4.1
ds: SignatureMethod M 4.4.2
ds: Reference M 4.4.3
ds: Transforms O 4.4.3.4
ds: DigestMethod M 4.4.3.5
a
“Optional” in an XML signature, but “Mandatory” in ETSI EN 319 132.
b
If the xs: SigningCertificateV2 qualifying property (Table 3) is incorporated to the signature, no restrictions apply to
ds: KeyInfo element. Otherwise, then the following restrictions apply:
— the ds: KeyInfo element shall include a ds: X509Data containing the signing certificate;
— the ds: KeyInfo element may also contain other certificates;
— the ds: SignedInfo element shall contain a ds: Reference element that refers to ds: KeyInfo.
© ISO 2021 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO 14533-2:2021(E)
Table 2 (continued)
XMLDSig
Element or attribute Required level
reference
ds: DigestValue M 4.4.3.6
ds: SignatureValue M 4.3
b
ds: KeyInfo O 4.5
ds: Object M 4.6
a
“Optional” in an XML signature, but “Mandatory” in ETSI EN 319 132.
b
If the xs: SigningCertificateV2 qualifying property (Table 3) is incorporated to the signature, no restrictions apply to
ds: KeyInfo element. Otherwise, then the following restrictions apply:
— the ds: KeyInfo element shall include a ds: X509Data containing the signing certificate;
— the ds: KeyInfo element may also contain other certificates;
— the ds: SignedInfo element shall contain a ds: Reference element that refers to ds: KeyInfo.
4.5.3 Object element, SignedSignatureProperties element
Table 3 specify the required levels of elements that constitute signed properties. The required level
shall be “Conditional” for any signed and unsigned property elements not listed in Table 3.
Table 3 — Object element, SignedSignatureProperties element
ETSI EN 319 132–1
v1.1.1
Element Required level
reference
a
xs: QualifyingProperties M 4.3
xs: SignedProperties M 4.3.2
xs: Signe dSignature Properties M 4.3.4
b
xs: SigningTime O 5.2.1
b,c
xs: SigningCertificateV2 O 5.2.2
d
xs: SigningCertificate C –-
xs: Signa turePolicy Identifier C 5.2.9
xs: Signat ureProduct ionPlaceV2 C 5.2.5
d
xs: Sign atureProdu ctionPlace C –-
xs: SignerRoleV2 C 5.2.6
d
xs: SignerRole C –-
xs: Signed DataObject Properties C 4.3.5
b
xs: DataObjectFormat C 5.2.4
xs: Description C 5.2.4
xs: ObjectIdentifier C 5.2.4
b
xs: MimeType C 5.2.4
xs: Encoding C 5.2.4
xs: Comm itmentType Indication C 5.2.3
xs: All DataObject sTimeStamp C 5.2.8.1
xs: Individual DataObject sTimeStamp C 5.2.8.2
a
The Id attribute value of the signature element shall be entered in the target attribute.
b
Mandatory in ETSI EN 316 132-1 v1.1.1 Baseline Signature.
c
Either xs: SigningCerticicateV2 or ds: KeyInfo (Table 2) is required.
d
These elements are used for past compatibility and reference to ETSI TS 101 903 v1.1.1.
6 © ISO 2021 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 14533-2:2021(E)
4.5.4 Object element, UnsignedSignatureProperties element
Table 4 specify the required levels of elements that constitute unsigned properties. The required level
shall be “Conditional” for any signed and unsigned property elements not listed in Table 4.
Table 4 — Object element, UnsignedSignatureProperties element
ETSI EN 319 132–1
v1.1.1
Element Required level
reference
xs: QualifyingProperties M 4.3
xs: UnsignedProperties M 4.3.2
xs: Unsigne dSignature Properties M 4.3.6
xs: CounterSignature O 5.2.7.2
Trusted time M 5.3
a
xs: SignatureTimeStamp O 5.3
other POE method C –-
xs: Unsigned DataObject Properties C 4.3.7
a
Mandatory in ETSI EN 319 132-1 v1.1.1 Baseline Signature.
4.6 XAdES-X-Long form
4.6.1 General
4.6.2 and 4.6.3 specify the required levels of constituent elements of XAdES-X-Long data.
4.6.2 Structure of the XAdES-X-Long form
The XAdES-X-Long form is defined as an extended form of the XAdES-T profile to which the
unsigned properties specified in Table 5 are added. The required level of each element of the portion
corresponding to XAdES-T shall be as specified in 4.5.
4.6.3 Additional UnsignedSignatureProperties element
The required level of each element added to unsigned properties shall be as stated in Table 5. The
required level shall be “Conditional” for any element not specified in Table 5.
NOTE Unsigned property elements not listed in Table 4, 5 and 6 include, but are not limited to,
CompleteCertificateRefs and CompleteRevocationRefs set forth in Table 5. XAdES-T and XAdES-X-Long data to
which CompleteCertificateRefs and CompleteRevocationRefs are added can be made compliant with the XAdES-T
profile and XAdES-X-Long form by providing these elements separately for the processing of these elements.
Table 5 — Additional UnsignedSignatureProperties for XadES-X-Long form
ETSI EN 319 132–1
v1.1.1
Element or processing method Required level
reference
xs141: Tim eStampVali dationData C 5.5.1
a
These elements are used for past compatibility and reference to ETSI TS 101 903 v1.1.1. These elements are obsolete
and should not be used to create new signatures and should be used only for verification.
b
If a certification authority (CA) or other trusted service is trusted to maintain certificates for the archiving period
there is no need to hold them with the signature.
c
AttrAuthoritiesCertValues and AttributeRevocationValues, and not distributed cases and distributes cases are not
defined in ETSI TS 101 903 v1.1.1 and 1.2.1. AttributeCetrificateRefs and AttributeRevocationRefs are also not defined in
v1.1.1.
© ISO 2021 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO 14533-2:2021(E)
Table 5 (continued)
ETSI EN 319 132–1
v1.1.1
Element or processing method Required level
reference
xs: CertificateValues C 5.4.1
xs: RevocationValues C 5.4.2
xs141: Compl eteCertifi cateRefsV2 O A.1.1
a
xs: Com pleteCerti ficateRefs C –-
a
xs: Co mpleteRevo cationRefs C A.1.2
xs: CRLRef O A.1.2
xs: OCSPRef O A.1.2
xs: OtherRef C A.1.2
xs141: Attrib uteCetrifi cateRefsV2 C A.1.3
c
xs: Attr ibuteCetri ficateRefs C –-
c
xs: Att ributeRevo cationRefs C A.1.4
xs141: S igAndRefsT imeStampV2 C A.1.5.1
not distributed case M A.1.5.1.2
distributed case C A.1.5.1.3
a
xs: SigAndRefsTimeStamp C –-
xs141:R efsOnlyTimeStampV2 C A.1.5.2
not distributed case M A.1.5.2.2
distributed case C A.1.5.2.3
xs: RefsOnlyTimeStamp C –-
xs: CertificateValues M 5.4.1
xs: Encapsu latedX509C ertificate O 5.4.1
xs: OtherCertificate C 5.4.1
b
Certificates maintained by trusted service C –-
xs: RevocationValues M 5.4.2
xs: CRLValues O 5.4.2
xs: OCSPValues O 5.4.2
xs: OtherValues C 5.4.2
b
Revocation informations maintained by trusted service C –-
c
xs: AttrA uthorities CertValues C 5.4.3
c
xs: Attri buteRevoca tionValues C 5.4.4
Any unsigned signature property defined in any other version C –-
of XAdES
a
These elements are used for past compatibility and reference to ETSI TS 101 903 v1.1.1. These elements are obsolete
and should not be used to create new signatures and should be used only for verification.
b
If a certification authority (CA) or other trusted service is trusted to maintain certificates for the archiving period
there is no need to hold them with the signature.
c
AttrAuthoritiesCertValues and AttributeRevocationValues, and not distributed cases and distributes cases are not
defined in ETSI TS 101 903 v1.1.1 and 1.2.1. AttributeCetrificateRefs and AttributeRevocationRefs are also not defined in
v1.1.1.
4.7 XAdES-A profile
4.7.1 General
4.7.2 and 4.7.3 specify the required levels of constituent elements of XAdES-A data.
8 © ISO 2021 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 14533-2:2021(E)
4.7.2 Structure of the XAdES-A profile
The XAdES-A profile is defined as an extended form of the XAdES-X-Long form to which the
unsigned properties specified in Table 6 are added. The required level of each element of the portion
corresponding to XAdES-X-Long shall be as specified in 4.6.
4.7.3 Additional UnsignedSignatureProperties element for XAdES-A profile
The required level of each element added to unsigned properties shall be as stated in Table 6. The
required level shall be “Conditional” for any element not specified in Table 6.
Table 6 — Additional UnsignedSignatureProperties
ETSI EN 319 132–1
v1.1.1
Element or processing method Required level
reference
a
Archiving M –-
xs141: ArchiveTimeStamp O 5.5.2
not distributed case M 5.5.2.2
distributed case C 5.5.2.3
b
Evidence Record C –-
c
xs: ArchiveTimeStamp C –-
a
Other method C –-
d
xs141: Tim eStampVali dationData C 5.5.1
xs: CertificateValues C 5.4.1
xs: RevocationValues C 5.4.2
e
xs141: RenewedDigests C 5.5.3
Any unsigned signature property defined in any other ve
...
INTERNATIONAL ISO
STANDARD 14533-2
Second edition
Processes, data elements and
documents in commerce, industry and
administration — Long term signature
profiles —
Part 2:
profiles for XML Advanced Electronic
Signatures (XAdES)
PROOF/ÉPREUVE
Reference number
ISO 14533-2:2021(E)
©
ISO 2021
---------------------- Page: 1 ----------------------
ISO 14533-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 14533-2:2021(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Long term signature profiles . 2
4.1 Defined profile . 2
4.1.1 General. 2
4.1.2 Supplier’s declaration of conformance . 3
4.1.3 XML namespaces . 3
4.1.4 Operation of long term signature . 3
4.2 Representation of the required level . 4
4.3 Standard for setting the required level . 4
4.4 Action to take when an optional element is not implemented . 5
4.5 XAdES-T profile . 5
4.5.1 General. 5
4.5.2 Signature element . 5
4.5.3 Object element, SignedSignatureProperties element . 6
4.5.4 Object element, UnsignedSignatureProperties element . 7
4.6 XAdES-X-Long form . 7
4.6.1 General. 7
4.6.2 Structure of the XAdES-X-Long form . 7
4.6.3 Additional UnsignedSignatureProperties element . 7
4.7 XAdES-A profile . 8
4.7.1 General. 8
4.7.2 Structure of the XAdES-A profile . 9
4.7.3 Additional UnsignedSignatureProperties element for XAdES-A profile . 9
4.8 Timestamp validation data . 9
Annex A (normative) Supplier's declaration of conformity and its attachment .11
Annex B (normative) Structure of timestamp token .16
Annex C (informative) Differences of required level between European EN and ISO specification 18
Bibliography .19
© ISO 2021 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO 14533-2:2021(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 154, Processes, data elements and
documents in commerce, industry and administration.
This second edition cancels and replaces the first edition (ISO 14533-2:2012), which has been technically
revised.
The main changes compared to the previous edition are as follows:
— in first edition (ISO 14533-2:2012), XAdES was an abbreviated term for ‘XML Advanced Electronic
Signature’; in this edition, XAdES becomes a proper noun and is used as ‘XAdES digital signature’;
— this edition supports XML namespace XAdES 1.4.1 elements;
— XAdES-A profile level is divided and explained as XAdES-X-Long form level;
— this edition describes the comparison with European EN in Annex C, "Differences of required level
between European EN and ISO specification".
A list of all parts in the ISO 14533 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 14533-2:2021(E)
Introduction
The purpose of this document is to ensure the interoperability of implementations with respect
to long term signatures that make digital signatures verifiable for a long term. Long term signature
specifications referenced by each implementation cover XAdES digital signatures developed by the
European Telecommunications Standards Institute (ETSI).
ETSI EN 319 132 specifies data structures and core elements for XAdES digital signature. This
document profiles ETSI EN 319 132 specification for international long term signature interoperability.
ETSI EN 319 132 specification provides definitions of data structures, data elements and their usage in
detail. To maintain consistency with ETSI EN 319 132 specification, this document avoids quoting and
redefining those components defined in ETSI EN 319 132 specification.
In the first edition (ISO 14533-2:2012), XAdES was an acronym for ‘XML Advanced Electronic Signature’.
In this second edition (ISO 14533-2:—), XAdES is used as a proper noun and ‘XML Advanced Electronic
Signature’ is changed to ‘XAdES Digital Signature’ in line with the definition change of ETSI from TS to
EN; but it is still used in the document title.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 14533-2:2021(E)
Processes, data elements and documents in commerce,
industry and administration — Long term signature
profiles —
Part 2:
profiles for XML Advanced Electronic Signatures (XAdES)
1 Scope
This document specifies the elements, among those defined in XAdES digital signatures, that enable
verification of a digital signature over a long period of time.
It does not give new technical specifications about the digital signature itself, nor new restrictions of
usage of the technical specifications about the digital signatures which already exist.
NOTE XAdES digital signatures is the widely-used extended specification of “XML-Signature Syntax and
Processing”.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 14533-1, Processes, data elements and documents in commerce, industry and administration — Long
term signature profiles — Part 1: Long term signature profiles for CMS Advanced Electronic Signatures
(CAdES)
1)
ETSI EN 319 132-2 , XAdES digital signatures Part 2: Extended XAdES signatures v1.1.1, (April 2016)
2)
XML Signature Syntax and Processing , W3C Recommendation, 11 April 2013
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 14533-1 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
long term signature
signature that is made verifiable and has the ability to maintain its validity status and to get a proof
of existence of the associated signed data for a long term by implementing measures to enable the
detection of illegal alterations of signature information, including the identification of signing time, the
subject of said signature, and validation data
1) Available from https:// www .etsi .org/ standards -search.
2) Available from https:// www .w3 .org/ TR/ xmldsig -core/ .
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 6 ----------------------
ISO 14533-2:2021(E)
3.2
profile
rule used to ensure interoperability, related to the optional elements of referenced specifications, the
range of values, etc.
3.3
XML signature
XmlDsig
signature syntax and processing for a given message
Note 1 to entry: XML signature shall be as defined in XML Signature Syntax and Processing, W3C Recommendation
11 April 2013.
3.4
XAdES digital signature
XAdES
XML based digital signature defined in ETSI EN 319 132-2 for which the signer can be identified and
any illegal data alteration detected
Note 1 to entry: Digital signatures specified in ETSI documents aim at supporting electronic signatures and
electronic seals.
3.5
XAdES with time
XAdES-T
generic term for the incorporation of all the XAdES digital signature (3.4) defined in ETSI EN 319 132-2
with information to ascertain SigningTime, and intermediate form for long term signature (3.1) profile
(3.2)
3.6
XAdES with validation data
XAdES-X-Long
generic term for the incorporation of all the material required for validating the signature, and
intermediate form for long term signature (3.1) profile (3.2)
3.7
archival XAdES
XAdES-A
generic term for the incorporation of electronic timestamps that allow validation of the digital signature
long time after its generation, and long term signature (3.1) profile (3.2)
4 Long term signature profiles
4.1 Defined profile
4.1.1 General
In order to make digital signatures verifiable for a long term, signing time shall be identifiable, any
illegal alterations of information pertaining to signatures, including the subject of information and
validation data, shall be detectable, and interoperability ensured. To meet these requirements, this
document defines a long term profile for XAdES and forms to construct signature data conforming to
the profile:
a) XAdES-T profile (intermediate form): signature with signature timestamp;
b) XAdES-X-Long form (intermediate form): form added validation information to a);
c) XAdES-A profile: form timestamped or protected for long term availability, which is extended from
b).
2 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 14533-2:2021(E)
Table 1 lists the correspondence between of various profiles. See Annex C for differences between
European EN and ISO profiles at each level.
Table 1 — Signature genarate profiles
ISO 14533-2:— ISO 14533-2:2012 ETSI EN 319 132–2
XAdES ISO profile XAdES ISO profiles Extended signatures
–- –- XAdES-E-BES/EPES
XAdES-T profile XAdES-T profile XAdES-E-T
(XAdES-X-Long form) –- XAdES-E-X-Long
XAdES-A profile XAdES-A profile XAdES-E-A
4.1.2 Supplier’s declaration of conformance
If first-party conformity assessment is used, the implementer shall make a declaration of conformity to
this document by disclosing the supplier's declaration of compliance and its attachment in accordance
with Annex A, containing a description of implementation status (and the specifications for any
elements “Conditional”).
NOTE See ISO/IEC 17050-1.
4.1.3 XML namespaces
This document uses the URI namespaces and prefixes listed below:
— http:// www .w3 .org/ 2000/ 09/ xmldsig # (prefix: ds)
— http:// uri .etsi .org/ 01903/ v1 .3 .2 # (prefix: xs)
— http:// uri .etsi .org/ 01903/ v1 .4 .1 # (prefix: xs141)
4.1.4 Operation of long term signature
Figure 1 shows operation of standard long term signature procedure.
Figure 1 — Operation of long term signature
Figure 2 shows timing of standard long term signature procedure.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 8 ----------------------
ISO 14533-2:2021(E)
Figure 2 — Timing of long term signature step
4.2 Representation of the required level
This document defines the following representation methods for the required level (as form and profile)
of each element constituting XAdES-T profile data, XAdES-X-Long form data and XAdES-A profile data.
a) Mandatory (M): Elements whose required level is “Mandatory” shall be implemented without fail. If
such an element has optional sub-elements, at least one sub-element shall be selected. Any element
whose required level is “Mandatory” and is one of the sub-elements of an optional element shall be
selected whenever the optional element is selected.
b) Optional (O): Elements whose required level is “Optional” may be implemented at the discretion of
the implementer.
c) Conditional (C): Elements whose required level is “Conditional” may be implemented at the
discretion of the implementer, provided that detailed specifications for the processing thereof are
provided separately.
4.3 Standard for setting the required level
The required level of each element constituting XAdES-T profile data, XAdES-X-Long form data and
XAdES-A profile data shall be set in accordance with the following requirements.
a) The required level shall be “Mandatory” for elements whose required level is “Mandatory” in the
definition of XAdES, and those necessary for the generation and validation of long term signatures.
The elements whose required level is “Optional” in the definition of XAdES are defined as
“Mandatory”, “Optional” or “Conditional”.
b) The required level shall be “Conditional” for externally defined elements.
EXAMPLE 1 OtherCertificateFormat.
c) The required level shall be “Conditional” for elements intended to interact with a certain application.
EXAMPLE 2 DataObjectFormat.
4 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 14533-2:2021(E)
d) The required level shall be “Conditional” for elements with an operation-dependent factor.
EXAMPLE 3 Attribute certificate, Time mark.
NOTE The archiving-type timestamp defined in ISO/IEC 18014-2 is included in “Time mark or other
method.”
e) The required level shall be “Optional” for elements only containing reference information.
4.4 Action to take when an optional element is not implemented
The following actions shall be taken when the XAdES data used in a validation transaction contains an
unimplemented element.
a) When the required level of a parent element is "Mandatory" and one or more sub-elements shall
be selected, or one or more relevant optional elements shall be selected, the validator shall be
cautioned that validation requires implementation of element(s); otherwise, validation cannot be
performed.
EXAMPLE In a validation transaction, a OCSPValue element is detected where only the processing of
CRLValue elements, among all other optional elements in RevocationValues, is implemented.
b) When xs: CounterSignature (see 4.5.4) is an unimplemented element, the validator shall be
cautioned that validation requires implementation of said element; otherwise, validation cannot be
performed.
c) Optional elements other than those specified above may be ignored for implementation.
4.5 XAdES-T profile
4.5.1 General
4.5.2, 4.5.3 and 4.5.4 specify the required levels of constituent elements of XAdES-T profile data.
4.5.2 Signature element
Table 2 specifies the required level of each constituent element of XML signature. The required level
shall be “Conditional” for any elements not listed in Table 2.
Table 2 — Signature element
XMLDSig
Element or attribute Required level
reference
a
Id attribute M 4.2
ds: SignedInfo M 4.4
ds: Ca nonicaliza tionMethod M 4.4.1
ds: SignatureMethod M 4.4.2
ds:R eference M 4.4.3
ds: Transforms O 4.4.3.4
ds: DigestMethod M 4.4.3.5
a
“Optional” in an XML signature, but “Mandatory” in ETSI EN 319 132.
b
If the xs: SigningCertificateV2 qualifying property (Table 3) is incorporated to the signature, no restrictions apply to
ds: KeyInfo element. Otherwise, then the following restrictions apply:
— the ds: KeyInfo element shall include a ds: X509Data containing the signing certificate;
— the ds: KeyInfo element may also contain other certificates;
— the ds: SignedInfo element shall contain a ds: Reference element that refers to ds: KeyInfo.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 5
---------------------- Page: 10 ----------------------
ISO 14533-2:2021(E)
Table 2 (continued)
XMLDSig
Element or attribute Required level
reference
ds: DigestValue M 4.4.3.6
ds: SignatureValue M 4.3
b
ds: KeyInfo O 4.5
ds: Object M 4.6
a
“Optional” in an XML signature, but “Mandatory” in ETSI EN 319 132.
b
If the xs: SigningCertificateV2 qualifying property (Table 3) is incorporated to the signature, no restrictions apply to
ds: KeyInfo element. Otherwise, then the following restrictions apply:
— the ds: KeyInfo element shall include a ds: X509Data containing the signing certificate;
— the ds: KeyInfo element may also contain other certificates;
— the ds: SignedInfo element shall contain a ds: Reference element that refers to ds: KeyInfo.
4.5.3 Object element, SignedSignatureProperties element
Table 3 specify the required levels of elements that constitute signed properties. The required level
shall be “Conditional” for any signed and unsigned property elements not listed in Table 3.
Table 3 — Object element, SignedSignatureProperties element
ETSI EN 319 132–1
v1.1.1
Element Required level
reference
a
xs: QualifyingProperties M 4.3
xs: SignedProperties M 4.3.2
xs: Signe dSignature Properties M 4.3.4
b
xs: SigningTime O 5.2.1
b,c
xs: SigningCertificateV2 O 5.2.2
d
xs: SigningCertificate C –-
xs: Signa turePolicy Identifier C 5.2.9
xs: Signat ureProduct ionPlaceV2 C 5.2.5
d
xs: Sign atureProdu ctionPlace C –-
xs: SignerRoleV2 C 5.2.6
d
xs: SignerRole C –-
xs: Signed DataObject Properties C 4.3.5
b
xs: DataObjectFormat C 5.2.4
xs: Description C 5.2.4
xs: ObjectIdentifier C 5.2.4
b
xs: MimeType C 5.2.4
xs: Encoding C 5.2.4
xs: Comm itmentType Indication C 5.2.3
xs: All DataObject sTimeStamp C 5.2.8.1
xs: Individual DataObject sTimeStamp C 5.2.8.2
a
The Id attribute value of the signature element shall be entered in the target attribute.
b
Mandatory in ETSI EN 316 132-1 v1.1.1 Baseline Signature.
c
Either xs: SigningCerticicateV2 or ds: KeyInfo (Table 2) is required.
d
These elements are used for past compatibility and reference to ETSI TS 101 903 v1.1.1.
6 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 14533-2:2021(E)
4.5.4 Object element, UnsignedSignatureProperties element
Table 4 specify the required levels of elements that constitute unsigned properties. The required level
shall be “Conditional” for any signed and unsigned property elements not listed in Table 4.
Table 4 — Object element, UnsignedSignatureProperties element
ETSI EN 319 132–1
v1.1.1
Element Required level
reference
xs: QualifyingProperties M 4.3
xs: UnsignedProperties M 4.3.2
xs: Unsigne dSignature Properties M 4.3.6
xs: CounterSignature O 5.2.7.2
Trusted time M 5.3
a
xs: SignatureTimeStamp O 5.3
other POE method C –-
xs: Unsigned DataObject Properties C 4.3.7
a
Mandatory in ETSI EN 319 132-1 v1.1.1 Baseline Signature.
4.6 XAdES-X-Long form
4.6.1 General
4.6.2 and 4.6.3 specify the required levels of constituent elements of XAdES-X-Long data.
4.6.2 Structure of the XAdES-X-Long form
The XAdES-X-Long form is defined as an extended form of the XAdES-T profile to which the
unsigned properties specified in Table 5 are added. The required level of each element of the portion
corresponding to XAdES-T shall be as specified in 4.5.
4.6.3 Additional UnsignedSignatureProperties element
The required level of each element added to unsigned properties shall be as stated in Table 5. The
required level shall be “Conditional” for any element not specified in Table 5.
NOTE Unsigned property elements not listed in Table 4, 5 and 6 include, but are not limited to,
CompleteCertificateRefs and CompleteRevocationRefs set forth in Table 5. XAdES-T and XAdES-X-Long data to
which CompleteCertificateRefs and CompleteRevocationRefs are added can be made compliant with the XAdES-T
profile and XAdES-X-Long form by providing these elements separately for the processing of these elements.
Table 5 — Additional UnsignedSignatureProperties for XadES-X-Long form
ETSI EN 319 132–1
v1.1.1
Element or processing method Required level
reference
xs141: Tim eStampVali dationData C 5.5.1
a
These elements are used for past compatibility and reference to ETSI TS 101 903 v1.1.1. These elements are obsolete
and should not be used to create new signatures and should be used only for verification.
b
If a certification authority (CA) or other trusted service is trusted to maintain certificates for the archiving period
there is no need to hold them with the signature.
c
AttrAuthoritiesCertValues and AttributeRevocationValues, and not distributed cases and distributes cases are not
defined in ETSI TS 101 903 v1.1.1 and 1.2.1. AttributeCetrificateRefs and AttributeRevocationRefs are also not defined in
v1.1.1.
© ISO 2021 – All rights reserved PROOF/ÉPREUVE 7
---------------------- Page: 12 ----------------------
ISO 14533-2:2021(E)
Table 5 (continued)
ETSI EN 319 132–1
v1.1.1
Element or processing method Required level
reference
xs: CertificateValues C 5.4.1
xs: RevocationValues C 5.4.2
xs141: Compl eteCertifi cateRefsV2 O A.1.1
a
xs: Com pleteCerti ficateRefs C –-
a
xs: Co mpleteRevo cationRefs C A.1.2
xs: CRLRef O A.1.2
xs: OCSPRef O A.1.2
xs: OtherRef C A.1.2
xs141: Attrib uteCetrifi cateRefsV2 C A.1.3
c
xs: Attr ibuteCetri ficateRefs C –-
c
xs: Att ributeRevo cationRefs C A.1.4
xs141: S igAndRefsT imeStampV2 C A.1.5.1
not distributed case M A.1.5.1.2
distributed case C A.1.5.1.3
a
xs: SigAndRefsTimeStamp C –-
xs141:R efsOnlyTimeStampV2 C A.1.5.2
not distributed case M A.1.5.2.2
distributed case C A.1.5.2.3
xs: RefsOnlyTimeStamp C –-
xs: CertificateValues M 5.4.1
xs: Encapsu latedX509C ertificate O 5.4.1
xs: OtherCertificate C 5.4.1
b
Certificates maintained by trusted service C –-
xs: RevocationValues M 5.4.2
xs: CRLValues O 5.4.2
xs: OCSPValues O 5.4.2
xs: OtherValues C 5.4.2
b
Certificates maintained by trusted service C –-
c
xs: AttrA uthorities CertValues C 5.4.3
c
xs: Attri buteRevoca tionValues C 5.4.4
Any unsigned signature property defined in any other version C –-
of XAdES
a
These elements are used for past compatibility and reference to ETSI TS 101 903 v1.1.1. These elements are obsolete
and should not be used to create new signatures and should be used only for verification.
b
If a certification authority (CA) or other trusted service is trusted to maintain certificates for the archiving period
there is no need to hold them with the signature.
c
AttrAuthoritiesCertValues and AttributeRevocationValues, and not distributed cases and distributes cases are not
defined in ETSI TS 101 903 v1.1.1 and 1.2.1. AttributeCetrificateRefs and AttributeRevocationRefs are also not defined in
v1.1.1.
4.7 XAdES-A profile
4.7.1 General
4.7.2 and 4.7.3 specify the required levels of constituent elements of XAdES-A data.
8 PROOF/ÉPREUVE © ISO 2021 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 14533-2:2021(E)
4.7.2 Structure of the XAdES-A profile
The XAdES-A profile is defined as an extended form of the XAdES-X-Long form to which the
unsigned properties specified in Table 6 are added. The required level of each element of the portion
corresponding to XAdES-X-Long shall be as specified in 4.6.
4.7.3 Additional UnsignedSignatureProperties element for XAdES-A profile
The required level of each element added to unsigned properties shall be as stated in Table 6. The
required level shall be “Conditional” for any element not specified in Table 6.
Table 6 — Additional UnsignedSignatureProperties
ETSI EN 319 132–1
v1.1.1
Element or processing method Required level
reference
a
Archiving M –-
xs141: ArchiveTimeStamp O 5.5.2
not distributed case M 5.5.2.2
distributed case C 5.5.2.3
b
Evidence Record C –-
c
xs: ArchiveTimeStamp C –-
a
Other method C –-
d
xs141: Tim eSt
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.