ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL

Similar documents
UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES

ETSI ESI and Signature Validation Services

ETSI Electronic Signatures and Infrastructures (ESI) TC

Session 1. esignature and eseal validation landscape. Presented by Sylvie Lacroix esignature and eseal validation workshop, Jan

CEN & ETSI standards & eidas Compliance

EU e-signature standardisation mandate m460

ETSI TR V1.1.1 ( )

Draft ETSI EN V1.0.0 ( )

Draft ETSI EN V1.0.0 ( )

ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader

Technical guidelines implementing eidas

Electronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015

SSL/TSL EV Certificates

ETSI ESI Electronic Signature Activities

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

Utimaco eidas Update. June Thorsten Groetker CTO. Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1

ILNAS/PSCQ/Pr004 Qualification of technical assessors

The current status of Esi TC and the future of electronic signatures

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

IAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :

TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites

eidas-compliant signing of PDF

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp profiles

Test Signature Policy Version 1.0

Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 1: Architecture

eidas Regulation (EU) 910/2014 eidas implementation State of Play

eidas & e-delivery CE Midsummer Conference "The role of policy decisions in the postal & delivery industry", Copenhagen (DK), 12 June 2017

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles

Countdown to eidas. Date: 19/04/2016 Auteur: CTIE Révision: 1.0 Ref: EIDAS_CTIE_4 Page 1

eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares BALTSTAMP HEADQUARTER : DARIAUS IR GIRENO STR. 40, LT VILNIUS - LITHUANIA

Draft EN V0.0.3 ( )

FOR QTSPs BASED ON STANDARDS

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA

ETSI TS V1.1.1 ( )

EXBO e-signing Automated for scanned invoices

Identity Documents Personalisation Centre. Conformity Assessment Report: Conformity Certificate and Summary. T-Systems

ETSI STF 412 AUDIT GUIDELINES FOR EVC (24 TH JAN 2012)

Electronic signature framework

Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 5: REM-MD Interoperability Profiles

ASSESSMENT SUMMARY XHTML 1.1 (W3C) Date: 27/03/ / 6 Doc.Version: 0.90

BE INVEST INTERNATIONAL SA

ETSI TS V1.1.1 ( )

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions?

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares UNIVERSIGN HEADQUARTER: 40 RUE DES ANCIENS ETANGS , FOREST BELGIQUE

Digital Certificates. PKI and other TTPs. 3.3

EVROTRUST TECHNOLOGIES AD

eidas Regulation eid and assurance levels Outcome of eias study

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles

Final draft ETSI EN V1.1.0 ( )

Cosmos POFESSIONALS OF SAFETY ENGINEERING

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary

NOBLE presentation of the project

EVROTRUST TECHNOLOGIES JSC

ETSI documents published or circulated for vote/comment in May 2018

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

CORPME- COLEGIO DE REGISTRADORES DE LA PROPIEDAD, MERCANTILES Y DE BIENES MUEBLES DE ESPAÑA

Raising standards for consumers

eidas compliant Trust Services with Utimaco HSMs

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

Krajowa Izba Rozliczeniowa S.A.

INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER

SAREF ONTOLOGY & ROADMAP

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

ETSI TS V1.1.1 ( )

eidas Interoperability Architecture Version November 2015

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares LUXTRUST SA IVY BUILDING L-8308 CAPELLEN - LUXEMBOURG

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

Agenda. 1. The LoU between EC-CEF and OpenPEPPOL about transition and migration to AS4 - Niels

Conformity Assessment Report: Conformity Certificate and Summary. T-Systems Trust Service Provider: Connect Solutions

Electronic fee collection Information exchange between service provision and toll charging

Security Standardization

ENISA s Position on the NIS Directive

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

Spanish Information Technology Security Evaluation and Certification Scheme

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY

European Standards & Community Specifications

PSD2/EIDAS DEMONSTRATIONS

ehealth action in the EU

NavCert GmbH ecall Days 2016 Hamburg Martin Grzebellus NavCert 1

Krajowa Izba Rozliczeniowa S.A.

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Protection Profiles for Signing Devices

ISO/IEC INTERNATIONAL STANDARD

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

IFY e-signing Automated for scanned invoices

The OCP Registration Guide

Interoperability Challenge of Certified Communication Systems via Internet

Invitation to the workshop on. Personalization and user profile standardization

ETSI CTI INTRODUCTION

BS EN :2017. Electronic Invoicing and associated PDs (TSs and TRs) Copyright 2017 BSI. All rights reserved 06/10/2017

BRITISH TELECOMMUNICATIONS PLC

SOFTWARE IN RADIO AND SOFTWARE DEFINED RADIOS TECHNOLOGY AND DECLARATION OF CONFORMITY

ETSI CTI INTRODUCTION

TS SIGNATURE VALIDATION REPORT

Standardization and Regulations in the EU/EFTA

DLV02.01 Business processes. Study on functional, technical and semantic interoperability requirements for the Single Digital Gateway implementation

Transcription:

ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL Luca Boldrin, Juan Carlos Cruellas, Santino Foti, Paloma Llaneza, Kornél Réti

Agenda STF 523 concept and context STF 523 Goals STF 523 foreseen calendar Some details on EN 319 521 and en 319 531 Some details on EN 319 522 Some details on EN 319 532 Some details TS 119 524 and TS 119 534 Some details on TR 119 500 (business guidance) Stakeholders involvement STF 523 contacts, comments and more info Additional Information on ETSI documents 2

Context (1) eidas Standards Framework: Published Standards Trust services for: Issuing certificates Time Stamping Signature creation services Validation services Procedures for AdES creation & validation x19 4xx TSPs supporting digital signatures 119 6xx Trust service status lists x19 1xx Signature Creation & Validation x19 5xx Trust application service providers List of approved QTSPs & services supervised by National Bodies Trust services for: Registered edelivery / email Long term preservation Formats: XAdES (XML) CAdES (CMS) PAdES (PDF) ASiC (containers) CC Protection Profiles QSCD Smart Cards HSM used as QSCD HSM used by TSPs Remote QSCD 419 2xx Signing Devices 119 0xx General Framework 119 3xx Signature suites Cryptographic suites Hash Asymmetric crypto Key generation Lifetime Standards framework Common definitions Guides 3

Context (2) STF 523 Specific context: ERDS To support articles 43 and 44 of eidas Regulation, TC ESI started working on standards for Electronic registered delivery Registered electronic email This work is funded by an EC/EFTA grant (SA/ETSI/ENTR/000/2015 08) TC ESI is assisted by a Specialist Task Force (STF 523) to perform the work. A Specialist Task Force is a team established to support the ETSI Technical structure to accelerate the production of standards urgently required by the ETSI Members or the European Commission (EC) and the European Free Trade Association (EFTA). 4

STF 523 Goals (1) Produce the following standards (1): EN 319 522: Electronic Registered Delivery Services. Four parts: Framework and architecture, semantic contents, formats, and bindings. EN 319 532: Registered Electronic Mail (REM) Services. Four parts: Framework and architecture, semantic contents, formats, and interoperability profiles EN 319 521: Policy and security requirements for Electronic Registered Delivery Service Providers. EN 319 531: Policy and security requirements for Registered Electronic Mail Service Providers. TS 119 524: Testing Conformance and Interoperability of Electronic Registered Delivery Services. Two parts: testing conformance, and test suites for interoperability testing. TS 119 534: Testing Conformance and Interoperability of Registered Electronic Mail Services. Two parts: testing conformance, and test suites for interoperability testing. 5

STF 523 Goals (and 2) Produce the following standards (and 2): TR 119 500: Guidance on the use of standards for Trust Application Service Providers. Conduct this open workshop for presenting to stakeholders mature versions of the aforementioned documents and get their feedback. These activities will be done in liaison with a number of relevant stakeholders in the area. Started 31/10/2016. End scheduled for 28/02/2019. 6

STF 523 foreseen calendar Calendar for EN 319 521, EN 319 531, EN 319 522, and EN 319 532: Stable drafts ready for public review: 31/10/2017 Final drafts approved by ETSI ESI for EN Approval Process (ENAP): 30/4/2018. Start voting for ENs: 1/12/2018. End voting for ENs: 31/1/2019. Calendar for ETSI TS 119 524, ETSI TS 119 534: Final drafts approved by ETSI ESI: 30/11/2018. Calendar for ETSI TR 119 500: Final draft approved by ETSI ESI: 30/11/2018. ALL DELIVERABLES PUBLISHED: 28/2/2019 7

SOME DETAILS ON ETSI EN 319 521 AND ETSI EN 319 531 8

STF 523 STF 523 is producing, among others, the following standards: EN 319 521: Policy and security requirements for Electronic Registered Delivery Service Providers: stable draft EN 319 531: Policy and security requirements for Registered Electronic Mail Service Providers: pending TR 119 500: Guidance on the use of standards for Trust Application Service Providers: pending 9

STF 523 One standing along provider scheme Aligned with EN 319 401 Conformity assessment requirements for QERDSP and QERDS. Contains ERDSP specifics requirements based on Section 7 of EN 319 401 Contains cumulative requirements for NonQERDSP and QERDSP Addressed legal requirements from article 44 eidas Regulation: conformity assessment criteria 10

SOME DETAILS ON ETSI EN 319 522 11

Some details on EN 319 522 Technical specifications for (Qualified) Electronic Registered Delivery Services Includes technical specifications for Conformance interoperability Structure: Part 1: Framework and Architecture Part 2: Semantic Contents Part 3: Formats Part 4 1: Bindings Sub part 1: message delivery binding Sub part 2: evidence and identification binding Sub part 3: capability/requirements binding 12

Some details on EN 319 522 Part 1: Framework and Architecture: Overview and general model for (Q)ERDS components, data, abstract APIs) 13

Some details on EN 319 522 Part 2: Semantic Contents: detailed description of data managed by ERDS Metadata Evidences Service discovery metadata 14

Some details on EN 319 522 Part 3: Formats: specific formats for data RFC 5322, S/MIME formats for metadata pointer to EN 319 532 ebms AS4 formats for metadata XML format for evidences SMP format for service discovery metadata 15

Some details on EN 319 522 Part 4 1: Bindings Sub part 1: message delivery binding Sub part 2: evidence and identification binding Sub part 3: capability/requirements binding Message flow Identification of specific protocols for ERDS RI interface packaging of content, metadata, evidence in protocol specific constructs Capability flow Identification of specific protocol for CSI interface packaging of discovery metadata in protocol specific constructs 16

SOME DETAILS ON ETSI EN 319 532 17

Some details on EN 319 532 Definition of a registered e delivery service, which builds on the protocols used in regular email messaging (SMTP, IMAP, POP) All general requirements of EN 319 522 apply to REM. The EN 319 532 only defines the specifics. TS 102 640 was taken as a basis, although full compatibility is not ensured. Structure: Part 1 Framework and architecture: explains how the general model defined in EN 319 522 1 applies to the specific case of REM Part 2 Semantic content: defines the types and content of the objects that flow through the interfaces of REM services Part 3 Formats: defines the format of messages and metadata based on the MIME structure and SMTP transport protocol Part 4 Interoperability profiles: defines the interoperability requirements between REM providers and a gateway approach of interoperability with PReM services. 18

Some details on EN 319 532 Multi hop forwarding is allowed to facilitate protocol gateway, policy gateway or trust gateway (in general edelivery) Outer interface of the service is the same regardless of the number of Service Providers in the chain: 1, 2, 5, etc. (in general edelivery) REM goal: Email user agent (+browser) should be usable as client (address format is email, email protocols, DNS based routing, etc.) Acceptance/rejection of a message prior to delivery in general edelivery S&F, S&N styles of operation are kept in REM (as in TS 102 640) If acceptance/rejection is not supported by R REMSP, in REM it can be S&N to S&F interaction Evidence format and evidence set (event types) will be exactly the same as in general edelivery Message structures: Original message, REM Dispatch, REMS Notification, REMS Receipt ASN.1 evidence format will not be specified 19

Some details on EN 319 532 Sequence Diagram with messages and evidence 20

Some details on EN 319 532 REM Dispatch Evidence attachment and Signature using standard email 21

SOME DETAILS ON ETSI TS 119 524 AND ETSI TS 119 534 22

Details on ETSI TS 119 524 and ETSI TS 119 534 ETSI TS 119 524: Part 1: will specify test assertions for testing technical conformance against relevant parts of ETSI EN 319 522. The STF team will identify these relevant parts and the actual scope of the test assertions set to be defined. Part 2: will specify test suites for supporting interoperability tests among providers of Electronic Registered Delivery services. These test suites will not overlap with any already existing test suites but will complement them. The STF team will identify what parts of the EN 319 522 will be the suitable targets for these test suites. ETSI TS 119 534: Part 1: Same goal and methodology as for ETSI TS 119 524, but now for relevant parts of ETSI EN 319 532. Part 2: Same goal and methodology as for ETSI TS 119 534 but for relevant parts of ETSI EN 319 532. This task will start from the already existing ETSI TR 103 071: Test suite for future REM interoperability test events 23

SOME DETAILS ON ETSI TR 119 500 24

Business Driven Guidance for Trust Application Service Providers It takes into consideration previous works on STF 457 It will provide guidance for the selection of standards for Electronic Registered Delivery services for given business requirements. To be completed when the other standards are stabilized or completed. 25

STAKEHOLDERS INVOLVEMENT 26

Stakeholders involvement ESI intends that the STF work is done in close contact with stakeholders: Contacts and liaisons initiated with relevant stakeholders in the area, including EC funded Large Scale Projects, and standardisation organisations for ensuring fluent exchange of information and views. Consolidated drafts will go through a public comment phase, where stakeholders will be kindly requested to put their comments, which will be suitably processed by the STF and ESI. Creation of a Steering Group on Electronic Registered Delivery Services for facilitating easy exchange of views with those members of ETSI specially interested in this topic. Invitation to relevant stakeholders to join ETSI and attend ESI and the Steering Group on Electronic Registered Delivery Services meetings and provide feedback to ESI and STF. 27

STF 523 contacts, comments and more info Contact Details: Public web page: https://portal.etsi.org/stf/stfs/stfhomepages/stf523 Electronic mail: Juan Carlos Cruellas: cruellas@ac.upc.edu Comments also to: E SIGNATURES_COMMENTS@LIST.ETSI.ORG 28

Additional information on ETSI documents ETSI Documents: Free download http://www.etsi.org/standards search E Signature news: http://list.etsi.org/scripts/wa.exe?subed1=e signatures_news&a=1 Further information: https://portal.etsi.org/tbsitemap/esi/trustserviceproviders.aspx Thank you! 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback