The Foundation for Digital Trust
The Visible Digital Seal (VDS) technology provides a secure, interoperable, and globally recognized method for ensuring data authenticity and integrity. This reliability is built upon a robust framework of technical specifications published by the VDS International Council (VDSIC) and close alignment with key international standards, particularly from ISO. Understanding these standards is essential for implementing, verifying, and trusting VDS solutions.
ISO Standards for VDS
ISO 22376:2023 – Security and resilience – Authenticity, integrity and trust for products and documents – Specification and usage of visible digital seal (VDS) data format for authentication, verification and acquisition of data carried by a document or object.ISO 22376:2023 defining the core data structure of the Visible Digital Seal itself – the arrangement of the Header, Payload, Signature, and optional Auxiliary Data blocks. It provides the basis for ensuring VDS data can be consistently parsed and understood globally.
ISO 22385:2023 – Security and resilience – Authenticity, integrity and trust for products and documents – Guidelines for establishing a framework for trust and interoperability. ISO 22385:2023 outlines the essential principles and guidelines for creating a trustworthy and interoperable ecosystem for technologies like VDS. The VDSIC governance structure, the roles within the ecosystem (Scheme Operators, TSPs, Issuers), and the reliance on Trust Lists directly implement the concepts described in ISO 22385 to build verifiable trust.
Core Specification (VDSIC KB036 – Specification and Usage)
Access: Due to the detailed technical nature and ongoing development, access to the full VDSIC specifications (like KB036) is typically provided to VDSIC members and partners under appropriate Non-Disclosure Agreements (NDAs). Please [Link to Contact Page] to inquire about access or partnership opportunities.
Scope: This central document provides the definitive technical details managed by VDSIC, covering:
The detailed VDS Ecosystem roles and responsibilities.
Precise VDS data structures (Header versions, Payload encoding via MessagePack, Signature calculation).
Structure and usage of Manifest Files (XML format, schema definition, constraints, policy extensions, RFF).
Structure and usage of Trust Lists (TSLs, LoTLs) based on ETSI standards, including VDSIC-specific XML extensions (e.g., VDSManifestScope, VDSCertResource, VDSManifestResource).
Required Certificate Profiles for VDS signing certificates (X.509 requirements, Key Usage, VDS-specific OIDs and extensions).
Detailed Production (issuance) and Verification processes.
Specifications for the Response Formatting Function (RFF) for secure data presentation.
Trust Services & Lists
ETSI TS 119 612: The European Telecommunications Standards Institute standard for Trusted Lists (TSLs), forming the basis for the VDS trust anchor hierarchy (Root LoTL, Scheme LoTL, TSLs).
ETSI EN 319 411-1: Policy and security requirements for Trust Service Providers issuing certificates, relevant for VDS CAs.
ETSI TS 102 853: Signature verification procedures and policies, informing the VDS verification process.
PKI & Certificates
IETF RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile – the standard for digital certificate structure.
IETF RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol (OCSP) – for certificate revocation checking.
NIST FIPS PUB 186-4: Digital Signature Standard (DSS), defining algorithms like ECDSA used in VDS.
NIST FIPS PUB 180-4: Secure Hash Standard (SHS), defining algorithms like SHA-256 used in VDS.
Data Encoding & Symbology
MessagePack: A binary serialization format used for efficient encoding of the VDS Payload.
ISO/IEC 16022: Data Matrix barcode symbology specification (relevant for C40 encoding).
C40 Encoding: A character encoding scheme defined in ISO/IEC 16022 used for efficiently encoding alphanumeric data within VDS, especially for constrained carriers like specific 2D barcodes.
IETF RFC 4648: Base16, Base32, and Base64 Data Encodings (used for representing binary VDS data in text-based environments like URLs).
IETF RFC 2397: The “data” URL scheme (used for embedding resources like images and fonts within the HTML RFF).
Identifiers & Codes
ISO/IEC 3166-1: Codes for the representation of names of countries (used in CA identifiers).
ISO/IEC 9834-8: Procedures for generating Universally Unique Identifiers (UUIDs) and their use in Object Identifiers (OIDs) (relevant for AuthorizedUsage policy).
ISO/IEC 15459-2: Unique identification – Registration procedures (relevant for Issuing Agency Codes – IACs used for Scheme Operator IDs).
