An advanced certificate validation service and architecture based on XKMS

The appearance of some laws that make the electronic signature (e‐signature) legally equivalent to the handwritten signature (under some circumstances) has favoured its use in different fields, such as e‐commerce and e‐government. In these fields, the e‐signatures associated to some documents have to remain valid over long periods of time. For these kinds of e‐signatures, Advanced Electronic Signature (AdES) forms have appeared. These forms specify the information to include along with the e‐signature so that it remains valid for a long time after its creation. Basically, this information comprises signers' certificates, a set of certificates up to a trust anchor, certificate validation responses, etc. These data can be gathered by using different Public Key Infrastructure‐compliant protocols. However, the support of different protocols is complex for clients. XML Key Management Specification (XKMS) appeared with the aim of simplifying the certificate management, but it only supports a simple validation mechanism that does not provide the information needed for long‐term validation. As a solution to this problem, we have extended XKMS by defining an advanced certificate validation service to support the obtaining of validation data needed for different scenarios, such as the building of AdES forms or validation data registries. This extension also defines the different components needed to support this kind of a service. Furthermore, the defined service has been implemented and incorporated into an e‐government infrastructure. Copyright © 2010 John Wiley & Sons, Ltd.