ETSI ESI Electronic Signature Activities Cornerstone for interoperability of Digital Documents in Europe Riccardo Genghini TB ESI Chairperson ETSI 2008. All rights reserved 4th ETSI Security Workshop
ETSI ESI ACTIVITY OVERVIEW STF 351 XAdES (and QAdES) Interoperability PLUGTEST Participants not only from Europe, but also from Asia Next event on 26th February 2009: STF 318 Registered Email (REM) Active participation of global players like Universal Postal Union (UPU) and most of the developers of REM solutions TS 102 640 has been approved in 2008. Dissemination ongoing STF 364 Advanced Signatures for PDF Global solution for seamless and easy interoperability of signed digital documents Liaison with ISO 32000 Active participation by Adobe
STF 351 XAdES Interoperability Plugtest At the 3rd ETSI Security Workshop the initial work on the provision of a Plugtest Portal for supporting interoperability events on XAdES and CAdES signatures was presented. Since then, the STF-351 for developing further the portal was set up. With the outcome of this STF-351 project ETSI is able NOW to provide an infrastructure allowing the implementers to conduct interoperability tests remotely, suppressing the requirement of traveling to ETSI headquarters. This Plugtest Portal on CAdES and XAdES will also become the reference site for these standards, as it will include guiding material and news on the international deployment. 3
The Plugtest portal: Reminding Functional view 3 1 Plugtest Portal 1 2 2 4 4 5 6 3 Subscribers to the events: 1 get from the portal the required cryptographic material using the PKI deployed within the portal; 2 download the pregenerated test cases set (a comprehensive set of signatures, each one testing a relevant aspect of the specification); 3 perform verification of this set of signatures locally on their equipments and with their tools; 4 upload results of verifications and share them. Subscribers may also 5 upload their own set of X(C)AdES signatures. After review and acceptance, the rest of the participants will be able to 6 download and verify. 4
The Plugtest portal: Reminding Functional view 1 1 2 2 At present the Plugtest portal incorporates remote PKI services in support of X(C)AdES interoperability tests, namely: CA related services, OCSP servers, and Time-stamp services. XAdES Plugtest portal will provide support for remote meetings to discuss the event. Subscribers will access to the ETSI phone bridge for speaking and to 1 an IRC server where they will share written information during the meetings. 2 5
Plugtest portal relevant news First remote XAdES interoperability events 3rd to 7th March 2008. 28 different companies. One from Macao and one from Japan. Second remote XAdES interoperability events 8th to 18th September 2008. 20 different companies, of which two Japanese and one from Macao; Around 70 different test cases (XAdES signatures) have been specified. Hundreds of signatures have been exchanged between the participants, who have had the occasion of identify and discuss a number of relevant issues. A relevant number of comments (up to 22) that will feedback further standardization of XAdES, have been raised. The ESI TC is now implementing resolutions on these comments in the new version of XAdES. 6
Plugtest portal relevant news Benefits for attendees: IMPLEMENTERS may assess their tools and provide feedback to ESI TC on XAdES specification from the implementers point of view. SERVICES PROVIDERS may ensure that the tools in their systems actually are aligned with standards, and may also impact in the direction that future standardization activities will go. 7
Plugtest portal relevant news NEXT SCHEDULED PLUGTEST : 16th to 27th February 2009. This plugtest will cover both formats of signatures: XAdES and CAdES. EVERYBODY IS INVITED TO PARTICIPATE http://www.etsi.org/plugtests/xades/xades.htm 8
STF 318 REM All known types of REM have been considered: Store & Forward Store & Notify Witnessed email World Class Standards TS 102 640 published Phase 3 ongoing: dissemination and integration into other existing standards Input to MIME IETF Committee 9
STF 364 PDF Signature World Class Standards PDF format generally recognized as a secure and open document format (ISO 32000) Germany, Italy, Austria, ecc. recognize PDF/A as a secure format for digitally signed documents PDF Signature as-it-is already accepted as a qualified signature in several EU Member States Functionalities, security features and formats of PDF signatures are mapped and organized in a way that makes them comparable and interoperable with QAdES and XAdES ISO 32000 and ETSI signature format standards (TS101733, TS101903, TS102734, TS102904) will cross-refer and integrate 10
ETSI ESI and COM(2008) 798 World Class Standards ESI s experience with Plugtest has already demonstrated that Electronic Signature interoperability is feasable, but should be now become an operative effort: enough theoretical discussions! Key to interoperability are standards already adopted worldwide: TSL (ETSI TS 102231 v2), CRL (X509) Signature Formats (TSs 101733 and 101903, ISO 32000) Most part of the work has been (and will be) administrative: to get users/producers, to test their IT solutions on the Plugtest Platform too many talk about interoperability but do few or nothing interoperability verification within applicative environments (STORK PEPPOL) is a very good (and necessary) idea. But there is also the need for an applicative independent testing environment...... An ongoing Plugtest Platform for signature verification...? 11
ETSI ESI and COM(2008) 798 World Class Standards ESI has produced a series of guidances in how to use and implement Electronic Signatures, security policies, etc. TS102734, TS102904, TR102437, TR102041, TR102458, TR102038,TR102041, TR102045, TR102272, TR102153, etc. but such TSs and TRs always had to be realized with limited budgets in short timeframes, often based on mostly voluntary work no dissemination budget so an impressive amount of specific guidances is available, but not sufficiently organized and disseminated in order to boost interoperability 12
ETSI ESI and COM(2008) 798 COM(2008)798 provides new opportunities: extend the scope of the STF 351 Plugtest using ETSI TS 102 231 World Class Standards also to TSLs work on a reasoned mapping of the existing ETSI TSs, CEN CWAs and Ens related to signatures and disseminate it to be published on a dedicated website, to be maintained also through peer review support for some years an ongoing technical interoperability verification facility (of the like of ETSI Plugtest ) which has a moderate cost and high impact on interoperability which should (also) monitor EU funded projects related/using Electronic Signatures, inviting them to participate to the Plugtest : EU funds should not have the unwanted consequence, to make interoperability more difficult 13
THANK YOU VERY MUCH FOR YOUR ATTENTION ANY QUESTION OR COMMENT? 14