Description
Early draft extension of: The core OASIS Digital Signature Service webservice [DSSCore] supports the creation of signatures on behalf of applications and / or users by utilizing server-based signature keys.
This Local Signature Computation profile extends the core functionality such that end users can bring (use) their own (secure) signature-creation device. Examples of such devices are smartcards or usb-tokens but also smartphones, mobile phones, tablets, pc's or laptops with privately held signature keys.
Three solutions are presented to support the varying capabilities of applications and different use cases. The first solution is useful for web-applications where web browsers can access the (secure) signature-creation device that is available at the desktop (e.g. a smartcard connected via USB). The second solution is useful for applications that can access the (secure) signature- creation device themselve, for instance desktop applications or smartphone apps. The third solution is useful for any application where the (secure) signature-creation device can only be accessed via a separate channel, for instance a mobile device, through a third-party.