European Federated Validation Service Study. Solution Profile Safelayer TrustedX Platform

Transcription

1 European Federated Validation Service Study Solution Profile Safelayer TrustedX Platform

2 This report / paper was prepared for the IDABC programme by: Author s name: Indicated in the solution profile below, under contact information Coordinated by: Hans Graux (time.lex), Christian Staffe (Siemens), Eric Meyvis (Siemens) Contract No. 1, Framework contract ENTR/05/58-SECURITY, Specific contract N 14 Disclaimer The views expressed in this document are purely those of the writer and may not, in any circumstances, be interpreted as stating an official position of the European Commission. The European Commission does not guarantee the accuracy of the information included in this study, nor does it accept any responsibility for any use thereof. Reference herein to any specific products, specifications, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favouring by the European Commission. All care has been taken by the author to ensure that s/he has obtained, where necessary, permission to use any parts of manuscripts including illustrations, maps, and graphs, on which intellectual property rights already exist from the titular holder(s) of such rights or from her/his or their legal representative. This paper can be downloaded from the IDABC website: European Communities, 2009 Reproduction is authorised, except for commercial purposes, provided the source is acknowledged. 2

3 Executive summary The European Federated Validation Service (EFVS) Study was initiated by IDABC in order to assess the feasibility of specific measures to ensure the availability of a European scale federated electronic signature verification functionality. As a first step in the EFVS Study, information has been collected on twenty existing solutions that already provide all or some of the functionalities associated with European signature verification functionality, or that could provide valuable insights on how such an EFVS could be organised. This has been done by drafting standardised profiles of the identified solutions, focusing specifically on how each of these solutions (a) determine the validity of signature certificates; (b) verify electronic signatures created using these certificates; and (c) provide specific guarantees to their customers on the outcomes of these processes. The present document contains the solution profile for: the TrustedX platform, a product of Safelayer Secure Communications S.A.. 3

4 Table of Contents EXECUTIVE SUMMARY 3 1 DOCUMENTS APPLICABLE DOCUMENTS REFERENCE DOCUMENTS 5 2 GLOSSARY DEFINITIONS ACRONYMS 8 SOLUTION PROFILE SAFELAYER TRUSTEDX PLATFORM 9 4

5 1 Documents 1.1 Applicable Documents [AD1] Framework Contract ENTR/05/58-SECURITY 1.2 Reference Documents [RD1] [RD2] [RD3] Project Management and Quality Plan (EFVS SC14 PMQP) DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures n.pdf Preliminary Study on Mutual Recognition of esignatures for egovernment applications 5

6 2 Glossary 2.1 Definitions In the course of this report, a number of key notions are frequently referred to. To avoid any ambiguity, the following definitions apply to these notions and should also be used by the correspondents. o Entity: anyone or anything that is characterised through the measurement of its attributes in an eidm system. This includes natural persons, legal persons and associations without legal personality; it includes both nationals and non-nationals of any given country. o eidm system: the organisational and technical infrastructure used for the definition, designation and administration of identity attributes of entities. This Profile will only elaborate on eidm systems that are considered a key part of the national eidm strategy. Decentralised solutions (state/region/province/commune ) can be included in the scope of this Profile if they are considered a key part of the national eidm strategy. o eidm token (or token ): any hardware or software or combination thereof that contains credentials, i.e. information attesting to the integrity of identity attributes. Examples include smart cards/usb sticks/cell phones containing PKI certificates, o Authentication 1 : the corroboration of the claimed identity of an entity and a set of its observed attributes. (i.e. the notion is used as a synonym of entity authentication ). o Authorisation: the process of determining, by evaluation of applicable permissions, whether an authenticated entity is allowed to have access to a particular resource. o Unique identifiers: an attribute or a set of attributes of an entity which uniquely identifies the entity within a certain context. Examples may include national numbers, certificate numbers, etc. o Official registers: data collections held and maintained by public authorities, in which the identity attributes of a clearly defined subset of entities is managed, and to which a particular legal of factual trust is attached (i.e. which are generally assumed to be correct). This includes National Registers, tax registers, company registers, etc. o egovernment application: any interactive public service using electronic means which is offered entirely or partially by or on the authority of a public administration, for the mutual 1 For the purposes of this Profile, the notion of authentication is considered to be synonymous with entity authentication, as opposed to data authentication. The notion of identification should be avoided to avoid confusion. 6

7 benefit of the end user (which may include citizens, legal persons and/or other administrations) and the public administration. Any form of electronic service (including stand-alone software, web applications, and proprietary interfaces offered locally (e.g. at a local office counter using an electronic device)) can be considered an egovernment application, provided that a certain degree of interactivity is included. Interactivity requires that a transaction between the parties must be involved; one-way communication by a public administration (such as the publication of standardised forms on a website) does not suffice. o esignature: data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication with regard to this data. Note that this also includes non-pki solutions. o Advanced electronic signature: an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable; Again, this definition may cover non-pki solutions. o Qualified electronic signature: advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device, as defined in the esignatures Directive 2. o Validation: the corroboration of whether an esignature was valid at the time of signing. 2 See 7

8 2.2 Acronyms A2A... Administration to Administration A2B... Administration to Businesses A2C... Administration to Citizens CA... Certification Authority CRL... Certificate Revocation Lists CSP... Certificate Service Provider eid... Electronic Identity eidm... Electronic Identity Management IAM... Identity and Authentication Management IDM... Identity Management OCSP... Online Certificate Status Protocol OTP... One-Time Password PKCS... Public-Key Cryptography Standards PKI... Public Key Infrastructure SA... Supervision Authority SOAP... Simple Object Access Protocol SCVP... Server-based Certificate Validation Protocol SSCD... Secure Signature Creation Device USB... Universal Serial Bus TTP... Trusted Third Party XAdES... XML Advanced Electronic Signature XML... extensible Markup Language XML-DSIG... XML Digital Signature 8

9 Solution Profile Safelayer TrustedX Platform Name and organisation (Name of the solution and of the organisation managing it) TrustedX platform is a product of Safelayer Secure Communications S.A. Reference (on-line source) (Preferably a link to the relevant website, if available) TrustedX product information: Knowledge, demos and testing Labs: Contact information (Contact info of the person who provided the information) Jordi Buch Safelayer Secure Communications S.A. jbt@safelayer.com /

10 Scope of the solution Services offered (What services does the solution offer to a relying party? This should include most notably the three basic services above validation of certificates, verification of the signature, and ensuring trustworthiness and legal liability but may also cover additional services e.g. semantic services, archiving of documents/signatures, maintenance, time stamping, security/reliability metrics for the security level of the signature and the certificate, Services that are not currently available but which are planned for the future may also be indicated. ) TrustedX is a Trust Development Platform that provides trust and security mechanisms in Service-Oriented Architectures (SOA). In a plethora of existing security and trust domains, TrustedX emerges as the key component for governments and corporations to centrally, policybased, define, deploy and enforce what they exactly trust. TrustedX is designed to: Provide a complete and uniform group of authentication, electronic signature and encryption services, based on and governed by policies. Provide a common web service access, based on OASIS DSS standard, in a data, format and protocol independent fashion, specially, for digital certificate validation, digital signature verification, digital signature creation and digital signature preservation. Provide a common trust and interoperability framework for different external security domains (i.e, for all the recognized CAs, AAs, TSAs and/or VAs). Provide the capacity to define Level of Assurance (LoA) of i) authentication mechanisms, ii) trusted entities (i.e. CAs, AAs, VAs and/or TSAs) and iii) digital signatures, allowing the classification and interpretation of the information trust level. LoA management is based on the well-known OMB/NIST metric from USA, which has also been adopted by IDABC and other initiatives in Europe. Provide a common semantic trust framework for authentication and digital signature. Centrally control event auditing. Incorporate electronic time-stamping and digital signature archive and custody services to guarantee the non repudiation of data. Conform to maximum levels of security awareness and assurance. TrustedX platform is currently being certified Common Criteria EAL 4+. The functions of TrustedX (accessible from the SOAP/WS or REST/WS protocols) are grouped in different services: Authentication and authorization services, to exchange authentication and authorization information between the corporate applications and/or the external security domains. This provides a single sign-on (SSO) mechanism under the OASIS defined standards. Digital certificate validation service, allowing the trust management of multiple CAs and 10

11 providing uniform semantic parsing of certificates. Standard certificate validation and customized mechanisms are also supported. Electronic signature service, that supports most signature formats for electronic documents, s and web messaging. Supported formats include: multiple signatures, signatures with time stamps and long-term signatures (for validating a signature past the expiry date of the digital certificates). The key management service guarantees the secure administration of user/application keystores (on disk or HSM). This administration includes generating and importing keys, generating the certification requests and importing certificates. The auditing and accounting service uniformly and securely centralizes log information (generated by the platform's service components through the consumption of services). The entity and object management service provides a uniform view (in XML format) of the objects and entities managed by the platform. Therefore, the data formats (XML, ASN.1, Text, etc.) and the information sources (LDAP, SQL, files, etc.) used by the platform are completely masked. The integration gateway defines and connects successive XML data transformations (through interacting with platform services). The platform acts then as a trust gateway (between processes, application and networks) integrating applications in a non-intrusive manner. The following service components are also available: The data encryption service provides asymmetric key encryption for protecting electronic documents, s and Web Messaging. This service can also incorporate the key custody function to control access to encrypted data. The archiving and electronic signature custody component protects documents and maintains cryptographic reliability for later verification and retrieval. The archiving functions automatically process electronic signature metadata. Application domain (e.g. sector or application types) (Is the solution usable in any sector or application field (i.e. is it generic in scope), or is it currently limited to a specific sector, application or domain? If it is currently restricted, would it be possible to extend the solution to other sectors, applications or domains? What would need to be changed?) TrustedX is a horizontal and sector independent platform used in large corporations, the administration, insurance and health, defence, banking/finance and certificate services providers (CSPs) or Trusted Third Parties (TTP) that are located in various markets and provide trust services to other entities. TrustedX is suitable for providing security and trust in all application fields (i.e. e-procurement, e-contracting, e-invoicing, e-banking, e-government, e-learning, etc ). CAs covered by the solution (How many CAs are presently covered by the solution, and which ones? Do they include CAs 11

12 established in multiple countries or states?) TrustedX supports any CA that follows ITU-T X.509v3 and certificate profiles specified by IETF and ETSI. Regarding the verification of the status of the digital certificates, ITU-T CRLs, IETF OCSP protocol and customized mechanisms are supported. Interoperability of our technology with global CAs and third party technologies has been extensively proven in different sector implementations, as well as in different R&D and interoperability projects at European and International/Global level. Extensibility of the solution (Can additional CAs be integrated into the solution? If so, are there restrictions? Have such extensions been done in the past yet, or are any extensions currently planned?) By design, TrustedX does not limit the number or any other aspect of CAs, or the semantics or policies of CAs in any way either. TrustedX has a powerful GUI and framework to manage (define, add, edit and remove) CAs, as well as to define trust rules and policies around these CAs. TrustedX integrates off-the-shelf a sophisticated trust manager based on PKI digital certificates, which provides the capacity to define different validation policies and to classify the recognized CAs (providing a level of assurance for each one, together with a labelled description). Business model/cost model of the solution (How is the solution funded? Is it envisaged as a for-profit model? Who pays contributions, and for what type of services? What profits (if any) are made with the services provided by the solution? Upon request of the correspondent, any communicated price information or other commercially sensitive information will not be disclosed.) The product can be licensed at corporate level (to secure information exchange of the company and entities that have a relationship -employees, customers, partners, providers, etc.-), for certificate services providers (to provide electronic signature services and act as a trusted thirdparty for two or more entities) or for governments and administrations to secure the information exchange among agencies and/or citizens. 12

13 Technical approach Validation approach (Does the solution validate signature certificates, electronic signatures based on a hash value of the signed document(s), or signed documents with embedded signatures (attached signatures - enveloping or enveloped signatures detached signatures)? What is the maturity of the solution i.e. can it be classified as a known technical approach, such as a trusted list, bridge, or validation platform?) TrustedX supports electronic signature services as specified in the OASIS Digital Signature Service (DSS) standard, contemplating a series of profiles adapted to the following scenarios: Verification of electronic signatures Generation of electronic signatures Non-repudiation of electronic signatures Archive and custody of electronic signatures Note that TrustedX also incorporates a series of authentication and data protection services, extending the OASIS Digital Signature Service (DSS) specifications through an additional series of profiles (see below). The input data will depend on the format of signature one wants to verify or generate. The data can be the document (or digital certificate) or the document hash. All standardized signature formats and types are supported: (i) attached signatures - enveloping or enveloped signatures detached signatures, (ii) simple signatures, sequential signatures or parallel signatures. Architecture: TrustedX platform consists of a set of service components that handles, among other, a complete set of validation functionality. The validation service components are as follows (some of them are optional): TrustedX Digital Signature Verification. Digital signature verification service (including advanced or long-term digital signatures) regardless of the supplier, or the certificate and signature format verification mechanisms. This service includes signature certificate validation. TrustedX Digital non-repudiation. Advanced digital signature service adding reliable time and revocation information to previously signed documents as a basis for long-term digital signatures, in accordance with ETSI Advanced Electronic Signature (AdES) recommendations. TrustedX Digital Signature Custody. Archiving and custody service for the digital 13

14 signatures of documents that maintains their validity for long periods of time, thus implementing long-term digital signatures. TrustedX Digital Signature. Document digital signature service allowing the generation of standardized signature formats. TrustedX is considered an advanced validation platform that can be used to manage different trust models. As said before, additional service components are included in the platform (some of them are optional). Minimal configuration requirements are needed for TrustedX Authentication & Authorization, Key Management, Entity Profiler and Integration Gateway. The services of the platform can be extended with Digital Encryption and Data Encryption Custody With regard to certificates (How does the validation of certificates work based on OCSP, CRLs, or both? What certificate profiles are supported by the solution?) When validating digital certificates and signatures, TrustedX determines the level of trust of the certificate based on the diagnostic of the underlying certificate chain. This diagnosis is expressed using LoA levels as decimal values (i.e. 0-3) and LoA labels as strings (i.e. Government, Corporative, Finance, etc...), considering the overall strength of a chain is equal to the strength of its weakest link. Thus, applications can avoid any indication of complexity associated with the signature s trust (certificates, CRLs, OCSPs, etc.) and simply and exclusively focus on a decimal value and text string. As said before, TrustedX can be configured to trust any number of CAs, Vas and TSAs, following any structure, whether hierarchical or crossed/federated. It supports standard validation mechanisms based on CRL, OCSP and customised mechanisms (for example, federated validation platforms, a query to a local information service, etc..) and establishes different trust levels for each of the different CAs, VAs or TSAs. Furthermore, TrustedX allows defining different certificate validation policies enabling the management of different groups of recognized CAs and/or the certification policies. TrustedX extends the ITU-T X509v3 certificate validation procedure allowing the complete definition of the semantic parsing of certificates and revocation information. The flexibility of this system enables the provision of information required for the business process, including the data not contained in certificates (for example, in LDAP or external databases), in a uniform way, regardless of the type of certificate (abstracting the applications from any different X.509 profiles peculiarities that are usually present in the various certification service providers). Any semantic information extraction from security objects, namely: certificates, CRLs, OCSP responses and TimeStamp objects, is conducted in XML/XSL from a configuration panel and without the need of programming, updating or upgrading the platforms. For instance, a typical use-case is the extraction of the fiscal identification code from a certificate. For any CA, this code is usually located in a different place in the certificate: any attribute in the subject DN, private extensions, etc. In TrustedX this scenario is very easily handled without a line of code. 14

15 With regard to signatures (What signature formats are supported by the solution - PKCS #7, CMS, XML signatures, PDF signatures, XAdES, CAdES, or others?) The signature formats supported by TrustedX are: Generic XML documents. Supports XML-DSig, XML-Encryption and XAdES (advanced digital signature format standardised by W3C and ETSI). Allows enveloping, embedded or separated signatures including signatures by reference of any node of an XML document. OASIS WS-Security (SOAP message security) is also supported by TrustedX. Documents with generic format. Supports PKCS#7/CMS and CAdES (advanced digital signature format standardised by ETSI). The S/MIME format used to protect s, also supported by TrustedX, is an example of PKCS#7/CMS use. Allows simple and multiple signatures (sequential or parallel), in enveloping or separated signature format. PDF documents. Supports the signature format that is natively embedded in PDF documents (PDF Signature). Support for TS (PAdES) will be included soon. When verifying signatures, the TrustedX certificate policy verification is applied (see previous section for more information). Signature verification/generation is also policy based, being possible to restrict the signature policy, signature type, the cryptographic algorisms, the updating policy (i.e. to incorporate a time stamp or archive format) and to define additional semantics parsing parameters. Interoperability of ETSI signature formats has been tested in different ECOM and ETSI CAdES/XAdES PLUGTEST INTEROP events. Multi-signatures (Is the solution capable of validating multiple signatures on a document? Does it support independent signatures (co-signatures) and/or overall countersignatures?) Based on the type of signature to be verified, the processes performed are as follows: For PKCS #7/CMS and CAdES signatures, simple and multiple signatures (sequential or parallel) are allowed in enveloped or detached signature format. For XML-DSig and XAdES signatures, enveloped, enveloping and detached signatures may be produced, including signatures by reference at any node of an XML document. 15

16 Logging and auditing (Is the use of the solution logged, and if so, to what extent? Do users of the solution have the possibility to perform audits or to gain access to independent auditing reports?) The product incorporates a central logs and audits management system for all the events generated by all the platform s service components. The system log can be extended to external log modules. The TrustedX log information can be accessed by external applications for auditing or monitoring purposes or by its own GUI console. TrustedX integrates of-the-shell an authorization and control access system than enforces authorization policies to any entity/user that access TrustedX services. In particular, the access to auditing information is also controlled by the system and reporting can be tailored as a per user granularity. Restrictions imposed on CAs (What technical requirements are imposed on CAs, e.g. with regard to standards, formats or certificate profiles that they need to adopt? This includes e.g. the inclusion of certain information in signature certificates that is necessary in specific sectors.) There are no restrictions in ITU-T X.509v3 certificate profiles, supporting also the extensions defined by IETF and ETSI for qualified certificates or for proprietary uses. As detailed before, in addition TrustedX provides full semantic processing capabilities of the certificates. Usage of the solution by relying parties (How do relying parties use the solution? Are there software components which they need to integrate into their own systems, is it a web service, etc.) TrustedX has been conceived, designed and implemented as a business component (service) within the SOA architecture. By presenting itself with this philosophy, any business process will take advantage of the security and trust functionalities provided by TrustedX, which can be used either as service provider (request/response) or as Gateway (reception/resending). The following figure shows TrustedX in an SOA architecture: 16

17 The following access interfaces are provided: SOAP/WS: As a direct web service, or for example using AXIS or.net tools and/or manipulating the requests and responses using XPath and XSLT. Support for the OASIS DSS standard is one of its outstanding features. REST/WS, SOAP/WS: Using the integration gateway that enables XML traffic to be processed, delegating in TrustedX the usual data processing capacity (to transform, sign, verify, encipher, decipher, authenticate, authorise, etc.) which will be executed in pipeline to achieve the required data output. TrustedX API: Through an integration API so that applications can use the TrustedX services transparently, using both the Web Services standards and the OASIS DSS standard. Technical flexibility (Given the technical characteristics outlined above, could the technical requirements of the 17

18 solution be changed to increase its flexibility (e.g. by supporting other signature standards, validation methods, certificate profiles, etc...))? TrustedX is one of the most comprehensive security platforms in the market, offering not only a complete support of digital signature functionality, but also authentication and encryption functionality. The product supports most of the standards and has the possibility to incorporate new functionality with new service components. New versions of the product are regularly provided; incorporating new standards versions, new functionality and new service components. Status of the project/actual usage of the solution (What is the status of the project (e.g. in development, prototyped, in production, etc.). What is the actual usage of the solution (e.g. in terms of relying parties adopting the solution to validate electronic signatures) and what are the impacts of its use? How many transactions, how many certificates does it handle?) The first commercial version of TrustedX (version 2.1) was introduced 3Q-2005 into the Spanish market, starting the distribution through a selected set of partners and presenting the solution to strategic Safelayer customers. Currently TrustedX is used in applications for egovernment, ehealth, efinance/einsurance and large corporations, including signature services applications by Certificate Service Providers. Safelayer is the Spanish market leader and has partners across EMEA and LATAM markets. TrustedX platform is a mature solution that is in production by large relying parties since It handles thousands of transactions per day including signature generation and verification for einvoice, eprocurement, protecting messages and documents among corporations, and semantically validating different eids (certificates) issued by multiple CAs, among them, DNIe (Spanish eid), CERES/FNMT for fiscal electronic transactions, etc. TrustedX was laureated with The TeleTrusT Innovation Award 2007, for providing an innovative and trustworthy solution for electronic business connections that achieves real benefit and takes up a pioneering task in the diffusion of applications with integrated security. At present the product is up and running in more that 20 administration, finance and large corporation s projects, in Spain and other countries. As remark, performance of the solution depends mainly on processor capacity, PKI characteristics and type/size of documents. In a 2 x Quad Core (2.66GHz) in a high availability environments the performance is approximately 200 signature/verifications per second for 100KB documents. NOTE. Each transaction includes the time for authentication, authorization, service policy evaluation, service execution and audit logging. 18

19 Legal approach Relationship with the CAs 3 (What requirements does a CA need to meet before being able to accede to the solution? Specifically, which processes and procedures have been foreseen to vet CAs? What kind of agreements are put in place with the CAs, and what are the main issues addressed in these agreements?) The legal requirements that a CA needs to meet must be established by the operator/user of the solution based on TrustedX. From the product perspective, TrustedX allows implementing the required security policies regarding certification validation and digital signature, among others, and offers the possibility to manage the level of trust of each CA, and in general of each trust entity like VAs or TSAs. Relationship with the relying parties (How does a relying party get the right to use the solution? What kind of agreements are put in place in relation with the relying parties, and which services can be offered to the relying parties via these agreements?) From the legal perspective, the relationship with the relying parties has to be established by the operator/user of the solution based on TrustedX. From the technical perspective, TrustedX facilitates the implementation of established agreements, providing a powerful and flexible policy based system. Using the TrustedX policy manager, PKI parameters for each relying party can be fully established. Reliability of the signature certificates (What procedures does the solution put in place to determine the reliability of signature certificates? Are certificate policies checked? Are supervision/accreditation schemes considered? Have specific security criteria been defined, and does the solution support multiple levels of reliability? If so, can the solution distinguish between qualified and nonqualified signature certificates?) 3 Within the EU, the term CA should be taken to mean a certification service provider as defined in article 2.11 of the esignatures Directive (Directive 1999/93/EC) and outside the EU, this means a Certification Authority in the technical sense, i.e. an entity issuing signature certificates to third parties. 19

20 Please, see next section. Legal value of the signatures (Can the solution make a statement on the legal value of signatures? If so, what factors are taken into account? If multiple degrees of validity are supported by the system (i.e. a statement on the reliability of the signature as a whole is provided), then how are these reliability levels defined and communicated to the relying party? Can the solution identify if a signature can be considered a qualified signature (i.e. if it is an advanced electronic signature based on a qualified certificate created by using a secure signature creation device, as defined in the esignatures Directive)? Finally, if the certificate policies contain restrictions on the use of the signatures (e.g. limitation to transactions of a certain amount or exclusion of certain sectors), then are these restrictions taken into account when communicating the legal value of the signature?) TrustedX implements the technical procedures and can be configured to provide the information necessary to declare the validity of the signature of the certificate. The product is not preset to declare the legality of the signatures of signature certificates, it will depend on how it is configured and how it is used by the operator/user of the solution based on TrustedX. As described in previous sections, the trust management is one of the main benefits provided by TrustedX. Once a set of CAs are recognized, policies can be defined to specify the certificate validation mechanism (CRL, OCSP or other), check the certificate policy (i.e. to force qualified certificates), the signature policy or the cryptographic algorithms. Additional controls, like the role of the signer, commitment and places of signature can also be checked. Furthermore, TrustedX will provide applications with the trust information regarding all the CAs, indicating to business processes which the trust level of the certificate or the signature is, and providing labelled information (i.e. qualified certificate). Based on the well-known OMB/NIST LoA levels and now adopted by IDABC and other European initiatives, TrustedX extends this concept to digital signatures in order to classify the perceived trust and reliability of the signatures. TrustedX validation and verification policies can be configured to summarize signature trust and reliability in four levels: level 0, for low assurance, level 1, for intermediate assurance, level 2, for high assurance, and level 3, for very high assurance. For instance, qualified signatures are usually at level 3. Concerning restrictions in certificate policies or any other information included in the certificates, all this data can be configured to be handled by TrustedX and further transferred to the application as additional information concerning the digital signature. However, applications must be aware of the syntax and semantics of this information. Furthermore, TrustedX can resolve the long-term preservation of electronic signatures solving the problem of the loss of evidential information related to the passing of time (evidence that was once valid ceases to be so at a certain time). For this, TrustedX adopts the recommendations of ETSI XAdES/CAdES which are based on ensuring electronic evidences (certificates, CRL or OCSP) using time-stamps. 20

21 Liability of the solution provider (What liability (if any) does the solution provider accept with regard to its services? Specifically, if the signatures rely on qualified certificates as defined under the European esignatures Directive (if this is applicable to the solution), then how does the solution address its liability for providing guarantees to the public in relation to such certificates?) Safelayer only guarantees that the product will work according to technical specifications described in the instructions manuals and under the terms described in the licence agreement. Safelayer also guarantees the product interoperability and assurance through interoperability reports, and Quality and Common Criteria certifications. TrustedX is already being certified CC EAL4+. Quality of service and availability (Does the solution provide any guarantees with regard to the quality of its service (i.e. the reliability of the information it provides) and its availability to relying parties, other than already mentioned above?) In addition to the quarantines outlined in the licence agreement, Safelayer provides support programs contemplating different SLAs. Additionally, Safelayer s VARs could offer his own SLAs. Since Safelayer is the technology providers, the quality and availability must be guaranteed by the operator/user who operates and provides the service, and optionally configures the technology. Independence of the solution (Is the solution fully unaffiliated (legally unrelated) with all of the CAs that are integrated into the solution? If not, then how is trust created towards the relying party for affiliated CAs?) The product is fully unaffiliated with any of the CAs that are integrated into the solution. Compliance with the provisions of the esignatures Directive (Does the solution support signatures from CAs established in countries that are not subjected to the provisions of the esignatures Directive (Directive1999/93/EC)? If so, how are they integrated and how does the solution address their legal value?) Yes, the product accepts any CA provided it fits the ITU-T X.509 v3 standards. It is up to the 21

22 product operator/service provider to decide which CAs are going to be recognized or not. As stated in previous sections, the trust and policy management that the product offers facilitates managing CAs with different legal value. 22

23 Suitability of the solution at the European level Assessment of the solution owner (Does the solution owner feel that the solution could be adapted to operate at the European level not applicable if the solution already functions at the European level?) The product already functions at the European level. Issues to be addressed (Which issues does the solution owner feel would still need to be addressed before the solution could be made to operate at the European level?) TrustedX is currently the most advanced and sophisticated trust manager based on PKI digital certificates. Its powerful use of certificate validation policies enables the configuration of any model of trust based on CAs, VAs and TSAs. Different trust models can also be deployed, following any structure whether hierarchical or crossed/federated. From the technical perspective evolution, among others, new standards like ETSI TSL - TSL Trusted Service List will facilitate the federation of the services and progressively provide more advanced trust services not only at European Level. Possibly, issues that need to be solved for cross-border validations are not technical related. Integration with other validation solutions (Is there any strategy to allow the solution to interoperate with other validation solutions, i.e. can the solution connect to other islands of trust?) Regarding digital signature verification and certificate validation, TrustedX can be configured to interoperate with VAs provided by CAs as well as with global VAs and Validation Platforms. For example, TrustedX has been configured to use Spanish Validation Platforms like or CATCert PSIS. As a conclusion, it is worth to remark that TrustedX has been designed and implemented to connect islands of trust. Market Impacts 23

24 (How could the solution impact or influence the European market?) TrustedX is the answer to the market s urgent demand for a way of dealing with all kind of applications that need validation of several Certification Services Providers applications, such as electronic signature of invoices, etc. Furthermore, new citizen cards and the need to provide a citizen eid will foster this kind of applications. TrustedX favours the e-government and e- Business development through the promotion and ease of use of eid and electronic signature. TrustedX was laureated with The TeleTrusT Innovation Award 2007, for providing an innovative and trustworthy solution for electronic business connections that achieves real benefit and takes up a pioneering task in the diffusion of applications with integrated security. At present the product is up and running in more that 20 administration, finance and large corporation s projects, in Spain and other countries. Any other comments? (The solution owner can provide any other comments that (s)he feels were not adequately covered elsewhere) It is worth to note that TrustedX is provided as a COTS solution that is shipped in an appliance format (either physical o virtual). As a 100% SOA solution, it is easily integrated in the corporate, governmental or administrative business processes, and can be scaled at any level by simply adding any number of units. In short, Safelayer releases to the public a simple, modular, easy-to-use, secure, interoperable, scalable, and powerful functional unit that mask all the complexities that can make PKI and esignatures to success. 24