ETSI ESI Electronic Signature Activities

Similar documents
ETSI Electronic Signatures and Infrastructures (ESI) TC

UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES

ETSI ESI and Signature Validation Services

EU e-signature standardisation mandate m460

The current status of Esi TC and the future of electronic signatures

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions?

ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL

Session 1. esignature and eseal validation landscape. Presented by Sylvie Lacroix esignature and eseal validation workshop, Jan

ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader

1. Document Information. 2. Related documents / References. 3. Version control

ETSI TR V1.1.1 ( )

Bridging the gap. New initiatives at ETSI. World Class Standards. between research and standardisation

esignature Infrastructure Marketing Model

SSL/TSL EV Certificates

Electronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015

ETSI Introduction. Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2. ETSI Technical Officer ETSI Standardisation Projects

Figure 1: Testsite at the Livorno harbour

The Go4IT project. Toward a TTCN-3 open environment for IPv6 protocols testing. Project identity card

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014

ETSI CENTRE OF TESTING & INTEROPERABILITY JANUARY 2011

ETSI TS V1.1.1 ( )

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

eidas-compliant signing of PDF

eidas Regulation eid and assurance levels Outcome of eias study

European Framework for C-ITS Security 6 th of March 2018 Gerhard Menzel European Commission

ETSI TC ITS WORKSHOP February 2011 Venice Italy. ETSI All rights reserved

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

ISO/IEC INTERNATIONAL STANDARD

Draft EN V0.0.3 ( )

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

Standardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization

EUROPEAN COMMISSION Enterprise Directorate-General

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

NIS Standardisation ENISA view

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

ISO/IEC INTERNATIONAL STANDARD

ETSI STF 412 AUDIT GUIDELINES FOR EVC (24 TH JAN 2012)

Making Security & Privacy Protection Open Source. Christophe Jouvray, Michel Sall , Stockholm

Version Date Description / Status Responsible V0.1 20/12/2004 TOC KVA V0.2 10/01/2005 First Draft JBL V1.0 25/01/2005 Final version WCL

IPv6 Task Force - Phase II. Welcome

FOR QTSPs BASED ON STANDARDS

INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER

ETSI TS V1.1.1 ( )

Gateway Certification Authority pilot project

Test Signature Policy Version 1.0

Electronic signature framework

Standards for C-ITS ESF GmbH, Dr. Hans-Joachim Fischer Fichtenweg 9, D Blaubeuren, Germany

Trust Services: building blocks for secondary legislation

ISO/IEC INTERNATIONAL STANDARD

ETSI TC GRID in 5mn!

Prof. Dr. Ralf Guido Herrtwich, Daimler AG, Sindelfingen, Germany

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

Public. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2

Standardization of Knowledge and Skills for IT Security

ISO/IEC INTERNATIONAL STANDARD. Information technology EAN/UCC Application Identifiers and Fact Data Identifiers and Maintenance

ISO/IEC INTERNATIONAL STANDARD

Update on Security, Privacy and Safety Standards

SLAS Special Interest Group Charter Application

1- ASECAP participation

ETSI TS V1.1.1 ( )

New CEN-CENELEC Technical Committees for Infosec and Data Protection Standardization (TC8) Brussels - 19 September 2017 Alessandro GUARINO Chair,

ISO/IEC TR TECHNICAL REPORT. Systems and software engineering Life cycle management Part 1: Guide for life cycle management

Cooperative, Connected and Automated Mobility

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

ISO/IEC TR TECHNICAL REPORT. Information technology Dynamic adaptive streaming over HTTP (DASH) Part 3: Implementation Guidelines

Directive on security of network and information systems (NIS): State of Play

INTERNATIONAL STANDARD

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

Draft ETSI EN V ( )

This document is a preview generated by EVS

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données

Draft ETSI EN V1.0.0 ( )

ETSI LI Standards Overview

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Regional TSM&O Vision and ITS Architecture Update

eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA

KeyOne. Certification Authority

ISO/TR TECHNICAL REPORT. Financial services Information security guidelines

Overview & Specification

HPE Partner Ready Digital Marketing Program

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles

CEN Workshop Standards Compliant Formats for Fatigue Test Data (FaTeDa) Project Plan

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

Digital signatures: How it s done in PDF

TESTING OF C-ITS PROTOCOLS

Electronic Signature Format. ECOM Interoperability Plug Test 2005

Information technology Security techniques Telebiometric authentication framework using biometric hardware security module

The Africa-EU Energy Partnership (AEEP) The Role of Civil Society and the Private Sector. 12 February, Brussels. Hein Winnubst

WORKSHOP CWA AGREEMENT November 2001

ETSI TC STQ Speech and multimedia Transmission Quality

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); XAdES digital signatures; Part 2: Extended XAdES signatures

ISO/IEC TR TECHNICAL REPORT

Coordination Meeting of Standardisation Activities for assessing the Environmental Impact of ICT

Standardization Trend for Super 3G (LTE)

The IECEx Ticket to Global Markets

Transcription:

ETSI ESI Electronic Signature Activities Cornerstone for interoperability of Digital Documents in Europe Riccardo Genghini TB ESI Chairperson ETSI 2008. All rights reserved 4th ETSI Security Workshop

ETSI ESI ACTIVITY OVERVIEW STF 351 XAdES (and QAdES) Interoperability PLUGTEST Participants not only from Europe, but also from Asia Next event on 26th February 2009: STF 318 Registered Email (REM) Active participation of global players like Universal Postal Union (UPU) and most of the developers of REM solutions TS 102 640 has been approved in 2008. Dissemination ongoing STF 364 Advanced Signatures for PDF Global solution for seamless and easy interoperability of signed digital documents Liaison with ISO 32000 Active participation by Adobe

STF 351 XAdES Interoperability Plugtest At the 3rd ETSI Security Workshop the initial work on the provision of a Plugtest Portal for supporting interoperability events on XAdES and CAdES signatures was presented. Since then, the STF-351 for developing further the portal was set up. With the outcome of this STF-351 project ETSI is able NOW to provide an infrastructure allowing the implementers to conduct interoperability tests remotely, suppressing the requirement of traveling to ETSI headquarters. This Plugtest Portal on CAdES and XAdES will also become the reference site for these standards, as it will include guiding material and news on the international deployment. 3

The Plugtest portal: Reminding Functional view 3 1 Plugtest Portal 1 2 2 4 4 5 6 3 Subscribers to the events: 1 get from the portal the required cryptographic material using the PKI deployed within the portal; 2 download the pregenerated test cases set (a comprehensive set of signatures, each one testing a relevant aspect of the specification); 3 perform verification of this set of signatures locally on their equipments and with their tools; 4 upload results of verifications and share them. Subscribers may also 5 upload their own set of X(C)AdES signatures. After review and acceptance, the rest of the participants will be able to 6 download and verify. 4

The Plugtest portal: Reminding Functional view 1 1 2 2 At present the Plugtest portal incorporates remote PKI services in support of X(C)AdES interoperability tests, namely: CA related services, OCSP servers, and Time-stamp services. XAdES Plugtest portal will provide support for remote meetings to discuss the event. Subscribers will access to the ETSI phone bridge for speaking and to 1 an IRC server where they will share written information during the meetings. 2 5

Plugtest portal relevant news First remote XAdES interoperability events 3rd to 7th March 2008. 28 different companies. One from Macao and one from Japan. Second remote XAdES interoperability events 8th to 18th September 2008. 20 different companies, of which two Japanese and one from Macao; Around 70 different test cases (XAdES signatures) have been specified. Hundreds of signatures have been exchanged between the participants, who have had the occasion of identify and discuss a number of relevant issues. A relevant number of comments (up to 22) that will feedback further standardization of XAdES, have been raised. The ESI TC is now implementing resolutions on these comments in the new version of XAdES. 6

Plugtest portal relevant news Benefits for attendees: IMPLEMENTERS may assess their tools and provide feedback to ESI TC on XAdES specification from the implementers point of view. SERVICES PROVIDERS may ensure that the tools in their systems actually are aligned with standards, and may also impact in the direction that future standardization activities will go. 7

Plugtest portal relevant news NEXT SCHEDULED PLUGTEST : 16th to 27th February 2009. This plugtest will cover both formats of signatures: XAdES and CAdES. EVERYBODY IS INVITED TO PARTICIPATE http://www.etsi.org/plugtests/xades/xades.htm 8

STF 318 REM All known types of REM have been considered: Store & Forward Store & Notify Witnessed email World Class Standards TS 102 640 published Phase 3 ongoing: dissemination and integration into other existing standards Input to MIME IETF Committee 9

STF 364 PDF Signature World Class Standards PDF format generally recognized as a secure and open document format (ISO 32000) Germany, Italy, Austria, ecc. recognize PDF/A as a secure format for digitally signed documents PDF Signature as-it-is already accepted as a qualified signature in several EU Member States Functionalities, security features and formats of PDF signatures are mapped and organized in a way that makes them comparable and interoperable with QAdES and XAdES ISO 32000 and ETSI signature format standards (TS101733, TS101903, TS102734, TS102904) will cross-refer and integrate 10

ETSI ESI and COM(2008) 798 World Class Standards ESI s experience with Plugtest has already demonstrated that Electronic Signature interoperability is feasable, but should be now become an operative effort: enough theoretical discussions! Key to interoperability are standards already adopted worldwide: TSL (ETSI TS 102231 v2), CRL (X509) Signature Formats (TSs 101733 and 101903, ISO 32000) Most part of the work has been (and will be) administrative: to get users/producers, to test their IT solutions on the Plugtest Platform too many talk about interoperability but do few or nothing interoperability verification within applicative environments (STORK PEPPOL) is a very good (and necessary) idea. But there is also the need for an applicative independent testing environment...... An ongoing Plugtest Platform for signature verification...? 11

ETSI ESI and COM(2008) 798 World Class Standards ESI has produced a series of guidances in how to use and implement Electronic Signatures, security policies, etc. TS102734, TS102904, TR102437, TR102041, TR102458, TR102038,TR102041, TR102045, TR102272, TR102153, etc. but such TSs and TRs always had to be realized with limited budgets in short timeframes, often based on mostly voluntary work no dissemination budget so an impressive amount of specific guidances is available, but not sufficiently organized and disseminated in order to boost interoperability 12

ETSI ESI and COM(2008) 798 COM(2008)798 provides new opportunities: extend the scope of the STF 351 Plugtest using ETSI TS 102 231 World Class Standards also to TSLs work on a reasoned mapping of the existing ETSI TSs, CEN CWAs and Ens related to signatures and disseminate it to be published on a dedicated website, to be maintained also through peer review support for some years an ongoing technical interoperability verification facility (of the like of ETSI Plugtest ) which has a moderate cost and high impact on interoperability which should (also) monitor EU funded projects related/using Electronic Signatures, inviting them to participate to the Plugtest : EU funds should not have the unwanted consequence, to make interoperability more difficult 13

THANK YOU VERY MUCH FOR YOUR ATTENTION ANY QUESTION OR COMMENT? 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback