European CommissionISA Joinup SoftwareSpocs › Starter Kit

SPOCS TL Module - Overview

TSL module is a Java library that offers a simple way to access the information about the Trusted Services Provider and Services contained in a SPOCS-compliant TSL list. The full reference for the specific TSL extension defined are contained in the D3.2-a2, Trust-Service status List profiling. The TL module is tightly integrated with the verification library, that performs all the requested signature and certificate validity checks. The "base of trust" for the process is built from the user-selected signed/unsigned TSLs objects.

SPOCS TL MODULE

The TL module take as input one or more pointers to the target TSLs, fecthes the TSL objects from the selected sources, performs the validation of the TSLs signatures and signature certificates (discarding the content of the ones that does not successfully pass the validation) and then processes the TSLs content to create a searchable objects collection, that maps the TSPs and Services definitions contained in the input.

A graphical representation of the TL Module functionalities is shown below

SPOCS TL MODULE DETAIL

The module is used by the signature verification library, JDesign, to build the needed trusts chain when performing signer's certificates verification.

More in detail the main functionalities of the module can be summarized as below:

  • TSL Source configuration: support for one or more TSL data sources supplied through http/https URI or from local filesystem resource pointer.
  • TSL as “List of lists”: if working in a distributed environment with several TSLs linked together by a “master list”, the module can read recursively all the “Other TSL Pointers” contained in the master TSL and add the processed objects from each “slave-TSL” in the local objects repository.
  • TSL signature validation: the module is configurable to enable and disable the verification of the signature and the online revocation status control over the SchemeOperator certificate using CRL/OCSP services A negative signature verification will cause the discard of the TSL.
  • TSL search functions: the collection of TSL objects can be searched through a set of parametric functions, allowing searchs for ServiceName, ServiceType, TrustedDomain,... The resulting objects will still retain all their hierarchical relations (TSL,TSP,Service,Extension)
The present documentation consist of following sections: