Qualified Products List Join the Ecosystem Buy a SAFE Certified Credential Get in Touch FAQ’s

SAFE Identity PDF Digital Signature Products Testing

The SAFE Identity QPL Lab tests software that creates/validates digital signatures against world leading digital signature standards developed by high level PKI and digital signature experts to make sure that it can interoperate with other digital signature systems. The tests are adapted from leading digital signature and related PKI standards like RFC 3852, ISO 32000-1, NIST Public Key Infrastructure Test Suite and NIST Path Discovery Test Suite.

Vendors who choose to have their products tested for certification on the SAFE QPL, are taking the first step toward confirming that their product(s) uses digital identities in the way the holders, issuers and Relying Parties expect.

Master Services Agreement (MSA)

Initial engagements with the SAFE QPL Lab begin with execution of the MSA and the payment required for testing and certification fees. After the MSA has been executed and payments have been made, the product vendor may then proceed with submitting the product for certification.

How does the testing process work?


Step 1:

Initial Engagement and application form package submission.


Step 2:

Application form is vetted and approved for testing.


Step 3:

The product enters the testing que and awaits the next available time slot for testing. *This phase could have multiple cycles.


Step 4:

The Vendor Product gets published to the SAFE Qualified Products List (QPL).

Testing Certificates


The QPL Lab offers applicants testing artifacts, which includes signed PDFs and test certificates, to enable them to perform testing internally before submitting their product to the SAFE QPL Lab. Though self-testing is optional, it will increase the likelihood of a vendor passing our test suite on the first try.

Test Specifications


The PKI Infrastructure used in the QPL Lab includes all certification paths used in the test suite.

Seeded PDFs


A set of PDF files signed with digital signatures tied to the test cases used in the QPL Lab.

Long Term Validation (LTV)
Processing Support

Non-LTV

The product allows the end user to create signatures using PKI credentials either installed locally on the user's device or stored on a remote location securely accessible to the product during signature creation. As part of the signing process, the product does not embed the long- term validation information in the signature.

LTV

Long Term Validation. LTV signatures are designed for circumstances where the validity period of the signature goes beyond the life of the credential used to sign the data. They include fields that support embedding a full certificate chain back to a Trust Anchor and all revocation data associated with the certificate chain.

Testing Tracks and Test Specification Mapping

Testing Track Description Installation Activities
Non-LTV Signature Creation

The product allows the end user to create signatures using PKI credentials either installed locally on the user’s device or stored on a remote location securely accessible to the product during signature creation. As part of the signing process, the product does not embed the long- term validation information in the signature.

LTV Signature Creation

The product allows the end user to create signatures using PKI credentials either installed locally on the user’s device or stored on a remote location securely accessible to the product during signature creation. As part of the signing process, the product will embed long-term validation data related to the PKI credentials in the signature.

Non-LTV Signature Validation

The product allows the end user to view a signed document and lets the user know about the validity of each signature on the document. The product does real-time path discovery and validation if the signature does not contain LTV information.

LTV Signature Validation

Long Term Validation (LTV) signatures are designed for circumstances where the validity period of the signature goes beyond the life of the credential used to sign the data. They include fields that support embedding a full certificate chain back to a Trust Anchor and all revocation data associated with the certificate chain. During signature validation, the software relies on the included LTV information instead of doing real-time path discovery and validation over the internet.

Usability

This track verifies the product’s ability to make it easy for the end user to select the right certificate for signing. For instance, if the end user has multiple certificates to choose from, the product should offer the ones where the key usage indicates digital signature and give preference to the ones having SAFE policy OIDs in its chain.

CSC RSSP Compatibility

Compatibility with Cloud Signature Consortium’s Remote Signature Service Provider Specification.

Advanced PKI Support

The product allows either the end user or an administrator to configure certificate policies and/or path discovery options. This track includes extreme PKI edge cases which even though are not common yet remain valid PKI scenarios.



After the application has been approved, the SAFE QPL Lab will contact the product vendor to schedule an installation date.
Once scheduled, the Lab will provide a virtual environment for host servers and clients.

Installation is considered complete once the QPL Lab is able to perform basic operations using the vendor’s software. Depending on the testing queue, installation may precede testing by several weeks.

If QPL Lab personnel have problems or anomalies that seem indicative of operator error rather than a system error, they will reach out to the vendor’s Technical Point of Contact for support. If configuration changes are needed, the QPL Lab will schedule a meeting where screens are shared so that the vendor can guide Lab personnel on what updates are needed.

Please Note: The product vendor may not update software post-installation or during testing.

Apply Now to have your product on the Qualified Products List

Fill the QPL PDF Digital Signature application form and send it over to
QPL-Lab@makeidentitysafe.com.

SAFE QPL LAB APPLICATION

Rely on the SAFE Trust Framework

The integrity of digital credentials varies widely from one provider to the next. Figuring out who to trust, why to trust them and how their security aligns with your needs can be a challenge. This makes trust hard.

The SAFE Identity Trust Framework, carefully cultivated over 15 years, can make trust much easier. The Trust Framework defines the policies and standards necessary to use secure and interoperable digital credentials that meet your needs. Issuers certified by SAFE are compliant with these policies and standards, ensuring this same security and interoperability across the ecosystem – and making trust a lot simpler for you.

Are you ready to consider your next steps ?

Rely on SAFE


Get in touch with
DirectTrust Identity

...
Address

1629 K Street Northwest #300
Washington, DC 20006

Email

Admin@DirectTrust.org