Download BSI TR-ESOR C.1

Functional Conformity Test Specification
5.4.13 M.3-13 – ArchiSig-Module supports time stamp renewal and hash tree renewal......................97
5.4.14 M.3-14 – Time stamp renewal creates initial archive time stamps.............................................99
5.4.15 M.3-15 – ArchiSig-Module shall verify requested time stamps...............................................100
5.4.16 M.3-16 – Time stamps shall be verified prior to renewal.........................................................102
5.4.17 M.3-17 – Time stamp renewal can only be requested by authorised users through administrative
interfaces..................................................................................................................................104
5.4.18 M.3-18 – Hash tree renewal can only be requested through administrative interface..............105
5.4.19 M.3-19 – Authenticity and integrity of ArchiSig-Module needs to be guaranteed...................107
5.4.20 M.3-20 – ArchiSig-Module should be able to maintain parallel hash-trees.............................108
5.4.21 M.3-21 – Resigning-procedure is efficient and produces Evidence Records...........................109
5.4.22 M.3-22 – Deletion of an archive object shall not impair the conclusiveness of others.............110
5.5 Interface functions........................................................................................................................112
5.5.1 Interface S.1...............................................................................................................................112
5.5.1.1 Verify Request..............................................................................................................112
5.5.1.1.1 S.1.1-01 Verify Request – Verification of signature includes certificate path
validation...............................................................................................................................112
5.5.1.1.2 S.1.1-02 Verify Request - Unavailable CRL results in invalid certificate...............114
5.5.1.2 Sign Request.................................................................................................................115
5.5.2 Interface S.2...............................................................................................................................115
5.5.3 Interface S.3...............................................................................................................................115
5.5.3.1 Timestamp Request.......................................................................................................115
5.5.3.2 Verify Request..............................................................................................................116
5.5.3.3 Hash Request................................................................................................................116
5.5.4 Interface S4................................................................................................................................116
5.5.4.1 Archive Submission Request.........................................................................................117
5.5.4.1.1 S.4.1-01 – Archive Submission Request supports storage of XML-based Archival
Information Packages............................................................................................................117
5.5.4.1.2 S.4.1-02 – Archive Submission yields unique AOID..............................................119
5.5.4.1.3 S.4.1-03 – Archive Submission with valid binary object is possible.......................121
5.5.4.1.4 S.4.1-04 – Archive Submission is always possible.................................................122
5.5.4.1.5 S.4.1-05 – Archive Submission includes signature verification and storage of results
...............................................................................................................................................123
5.5.4.1.6 S.4.1-06 – Archive Submission Request does not change the data objects within the
XAIP or BIN..........................................................................................................................125
5.5.4.1.7 S.4.1-07 – Archive Submission of invalid XML data is not possible......................126
5.5.4.1.8 S.4.1-08 – Application protocol uses request-response-message-exchange pattern
...............................................................................................................................................127
5.5.4.1.9 S.4.1-09 – Application protocol is routing capable ................................................128
5.5.4.1.10 S.4.1-10 – WSDL and Document literal encoding for SOAP should be used ......129
5.5.4.2 Archive Update Request................................................................................................130
5.5.4.2.1 S.4.2-01 – Archive Update Request is possible and ArchiSig immediately secures the
Federal Office for Information Security
5