Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Download ReportTranscript Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author ETSI - European Telecommunications Standards Institute produce globally applicable standards for Information & Communications Technologies is recognised as an official European Standards Organisation by the European Union international reputation is built on openness, discussion, consensus and direct input from members Agreements with External Bodies • CAB (Certification Authority/Browser) Forum: Letter of Intent • ENISA (European Network and Information Security Agency): Memorandum of • • • • 2 Understanding ISO: Liaison Category A with ISO TC 154 (Processes, data elements and documents in commerce, industry and administration), Liaison Category D with ISO TC171/SC 2/WG 8 (PDF specification) ISOC/IETF: Active working relationships OASIS: Memorandum of Understanding UPU (Universal Postal Union): Memorandum of Understanding ETSI Electronic Signatures and Infrastructures (ESI) TC TC ESI is responsible for Electronic Signatures and Infrastructures standardization within ETSI ETSI/ESI plays a key role in the development of electronic signature related standards: • Signature formats: XAdES (TS 101 903) ->ISO, CAdES (TS 101 733) ->ISO, PAdES (TS 102 778) ->ISO and ASiC (TS 102 918) and related profiles Trust Service Provider (TSP) Status Information (TSL, TS 102 231) Policy requirements for CAs: TS 102 042, TS 101 456 (Qual. Cert.) TSA policy requirements: TS 102 023 Certificate profiles: TS 101 862 (Qual. Cert.), TS 102 280 (Nat. Persons) Registered Electronic Mail (eDelivery): TS 102 640 (multipart) Data preservation: TS 101 533-1, TR 101 533-2 Algo paper: TS 102 176 • • • • • • • Collaborates with ETSI CTI, Centre for Testing and Interoperability for Plugtests events 3 M460 European Commission mandate EC founded eSignatures standardization activities 4 years: 2011-2014 1st phase (executed) definition of a rationalized standardization framework, in collaboration with CEN several specifications upgrades primarily aimed at providing quick technical fixes to existing electronic signatures standards, and definition of test specifications 2nd phase (starting by end 2012) implement the rationalized standardization framework support the new EU Regulation on electronic identification and trust services for electronic transactions in the internal market (exp. approval by end 2013) 4 Details on M460 phase 1 Rationalised Framework definition (STF 425) • Inventory of eSignature Standards (worldwide) • Rationalised Framework Definition • Gap Analysis & Work Plan Quick Fixes • STF 427 (CSP Conformity Assessment, QC profile, Sig. Validation Procedures, Sig. algorithms maintenance) • STF 426 (X/C/PAdES & ASiC baseline profiles) • STF 428 (XAdES conformance testing, PAdES & ASiC interoperability tests) • CEN (Update CWA 14169 & CWA 14167 towards EN’s) Stakeholders Workshop 5 M460 Phase2: the new standardization framework Trust Service Status Lists Providers Guidance Policy & Security Requirements Technical Specifications Conformance Assessment Testing Compliance & Interoperability TSPs supporting eSignature Trust Application Service Providers Guidance Guidance Policy & Security Requirements Policy & Security Requirements Technical Specifications Technical Specifications Conformance Assessment Conformance Assessment Testing Compliance & Interoperability Testing Compliance & Interoperability TSPCertificates TSSP SGSP Registered eMail SVSP Guidance Guidance Guidance Guidance Policy & Security Requirements Policy & Security Requirements Policy & Security Requirements Information Preservation Guidance Guidance Policy & Security Requirements Policy & Security Requirements Policy & Security Requirements Technical Specifications Technical Specifications Technical Specifications Technical Specifications Technical Specifications Technical Specifications Conformance Assessment Conformance Assessment Conformance Assessment Conformance Assessment Testing Compliance & Interoperability Testing Compliance & Interoperability Testing Compliance & Interoperability Testing Compliance & Interoperability Conformance Assessment Conformance Assessment Testing Compliance & Interoperability Testing Compliance & Interoperability Signature Creation & Validation Guidance Policy & Security Requirements Technical Specifications Conformance Assessment Testing Compliance & Interoperability CAdES CEN XAdES PAdES ASiC … Guidance Guidance Guidance Guidance Guidance Policy & Security Requirements Policy & Security Requirements Policy & Security Requirements Policy & Security Requirements Policy & Security Requirements Technical Specifications Technical Specifications Technical Specifications Technical Specifications Technical Specifications Conformance Assessment Conformance Assessment Conformance Assessment Conformance Assessment Conformance Assessment Testing Compliance & Interoperability Testing Compliance & Interoperability Testing Compliance & Interoperability Testing Compliance & Interoperability Testing Compliance & Interoperability Signature Creation & other related Devices Cryptographic Suites Guidance Policy & Security Requirements Technical Specifications Conformance Assessment Guidance Testing Compliance & Interoperability SSCD Guidance Policy & Security Requirements Policy & Security Requirements Technical Specifications 6 Other SCDs Guidance Technical Specifications Conformance Assessment Conformance Assessment Testing Compliance & Interoperability Testing Compliance & Interoperability Suites Requirements ETSI REM TS 102 640 overview Registered Electronic Mail: Secure Electronic Mail service able to generate trusted electronic evidence attesting that certain relevant events (submission by sender, delivery to the recipient, right fowarding, etc) have actually occurred. Added value: Electronic evidences, which, when supported by legislation, have also legal value Technical Specification for achieving interoperability on evidential services based on S/MIME on SMTP and services built on SOAP on HTTP (UPU Postal Registered Electronic Mail, BUSDOX networks) Electronic Evidence Sender and REM Management Domain related events: original message acceptance/rejection, object relay acceptance/rejection, etc. Recipient related events: delivery/non delivery to recipient, download/non download by recipient, etc. Interaction with non REM systems. Specified evidence core components. Syntaxes: XML, ASN.1 and PDF. May be individually signed (each one in its own format) or/and collectively signed through a S/MIME signature. Specified signature profile. References General information: • http://portal.etsi.org/esi/esi_activities.asp Stakeholders involvement • http://www.e-signatures-standards.eu • Mailing list 9