On Interoperability Issues of Electronic Signature. Pavol Frič
Size: px
Start display at page:

Download "On Interoperability Issues of Electronic Signature. Pavol Frič"

Transcription

1 O Iteroperability Issues of Electroic Sigature Pavol Frič

2 O Iteroperability Issues of Electroic Sigature Cotet Motivatio The past What has bee achieved The Preset What problems we are facig The Future What should be doe Straa 2

3 O Iteroperability Issues of Electroic Sigature 1. Motivatio Strategic goals stated at the EU Level Buildig of iformatio society should:» provide a basis for competetiveess ad ecoomic growth» build better place for livig ad higher quality of life Europe is aimig towards a itegrated service market ad pa-europea e-servicese» Digital Ageda for Europe this goal strogly depeds o the possibility of performig legal acts electroically» usually based o electroic sigature,, as defied by legislatio Straa 3

4 O Iteroperability Issues of Electroic Sigature 2. The Past What has bee achieved Legislative codificatio of electroic sigature Directive 1999/93/EC o a Commuity framework for electroic sigatures (13 December 1999) Other acts related to electroic sigature at the Europea level stadardisatio activities of EU bodies Directive 2006/123/EC o services i the iteral market (12 December 2006)» 2009/767/ES facilitatig the use of procedures by electroic meas through the poits of sigle cotact (publishig of TSL) Straa 4

5 O Iteroperability Issues of Electroic Sigature Directive 1999/93/EC Purpose to promote cross-border legal recogitio of electroic sigatures to esure a free circulatio withi the iteral market of e-sigature e products ad services Busiess model allow legal admissibility of ay kid of electroic sigature whilst allowig legal equivalece of QES with a hadwritte sigature have the market decide o the techical fulfillmet of requiremets ad presume compliace with requiremets ad stadards Straa 5

6 O Iteroperability Issues of Electroic Sigature Types of electroic sigature Basic electroic sigature Advaced electroic sigature Qualified electroic sigature» havig the same legal value as a had-writte sigature Role of Commissio Par two years after its implemetatio the Commissio will carry out a review of this Directive» to esure that the advace of techology or chages i the legal eviromet have ot created barriers» to examie the implicatios of associated techical areas Art make proposals to achieve the effective implemetatio of stadards ad iteratioal agreemets applicable to certificatio services Straa 6

7 O Iteroperability Issues of Electroic Sigature Role of Member States Art Member States may make the use of electroic sigatures i the public sector subject to possible additioal requiremets.. Such requiremets shall be objective, trasparet, proportioate ad o-discrimiatory discrimiatory. Art Member States shall brig ito force the laws, regulatios ad admiistrative provisios ecessary to comply with this Directive before 19 July 2001 Straa 7

8 O Iteroperability Issues of Electroic Sigature Cosequeces of Directive approach Member states adopted atioal law based o the Directive» Directive too geeral, local provisios are coutry specific Positive ad egative poits Positive» it t exists» is importat foudatio to work o as a commo legal ad techical set of practices allowig legal recogitio of esigatures all over Europe Negative» lack of precise requiremets (Directive or set of stadards) leadig to differet iterpretatios i Member States» result - icompatible applicatios ad iteroperability problems Straa 8

9 O Iteroperability Issues of Electroic Sigature Stadardisatio activities Stadardisatio activities o EU level: CEN Europea Committee for Stadardisatio» CWA-CEN CEN workshop agreemet ETSI Europea Telecommuicatios Stadards Istitute» ETSI TS ETSI techical specificatio EESSI Europea Electroic Stadardisatio Iitiative Commisio decisio 2003/511/EC O publicatio of referece umbers of geerally recogised stadards for electroic sigature products Straa 9

10 O Iteroperability Issues of Electroic Sigature Straa 10

11 O Iteroperability Issues of Electroic Sigature Results of stadardisatio activities lots of stadards that are ot orgaised i a cosistet ad comprehesive way» problems whe implemetig electroic sigature products mai problems idetified» stadards rather complex» too may stadards (evertheless some gaps remai)» If/though providig ecessary iformatio, it is hard to fid it practical problems» too much flexibility e.g. E-sigature E formats ad profiles implemetatio requires to support may variatios, with sigificat impact o implemetatio costs Straa 11

12 Directive 2006/123/EC Purpose O Iteroperability Issues of Electroic Sigature to create a commo ad ope market for services i EU Basics 52 - Member States should provide meas of completig procedures ad formalities by electroic meas.. The fact that it must be possible to complete those procedures ad formalities at a distace meas, i particular, that Member States must esure that they may be completed across borders Straa 12

13 O Iteroperability Issues of Electroic Sigature Member states shall: Art MS shall esure that it is possible for providers to complete procedures ad formalities through poits of sigle cotact Art 8.1. MS shall esure that all procedures ad formalities related ed to access to a service activity ad to the exercise thereof may be easily completed, at a distace ad by electroic meas, through the relevat poit of sigle cotact Art The Commissio, i cooperatio with MS, shall establish a electroic system for the exchage of iformatio betwee MS,, takig ito accout existig iformatio systems Straa 13

14 Member states shall O Iteroperability Issues of Electroic Sigature Commisio decisio 2009/767/EC Art 1.1. MS may require, for the completio of certai procedures ad formalities through the poits of sigle cotact, MS may require use of advaced electroic sigatures based o a qualified certificate by the service provider Art MS shall accept ay AES based o a qualified certificate, for the completio of the procedures ad formalities, without prejudice to the possibility for MSM to limit this acceptace to AES based o a qualified certificate if this is i accordace with the risk assessmet Straa 14

15 O Iteroperability Issues of Electroic Sigature Art 1.3. MS shall ot make the acceptace of AES based o a qualified certificate, subject to requiremets which create obstacles to the use,, by service providers, of procedures by electroic meas through the poits of sigle cotact Art each MS shall establish, maitai ad publish a trusted list cotaiig the miimum iformatio related to the certificatio service providers issuig qualified certificates to the public who are supervised/accredited by them What does this mea QES should be accepted BUT QES is used to represet electroic legal documet or legal act are these valid accordig to legislatio eviromet? Straa 15

16 O Iteroperability Issues of Electroic Sigature 3. The Preset Problems to be faced Relevat assessmet documets Study o stadardisatio aspects of esigature (2007) IDABC Prelimiary study o mutual Recogitio of esigatures for egovermetal applicatios Mai problems idetified iteroperability both o legislative ad techical level Straa 16

17 O Iteroperability Issues of Electroic Sigature Legislative level Directive heritage too geeral formulatios resultig i various iterpretatio i atioal legislatio legislative icopatibility what is cosidered as a valid QES i oe MS might ot be cosidered as valid QES i aother MS» Slovakia for QES a certified SSCD is required ad oly QES-EPES EPES (with sigature policy statemet) is accepted» other coutries (e.g. Czech republic) o certificatio is required, EPES might ot be required) Result» ucertaiity resultig from possible disputig the validity» Digital Ageda for Europe Directive should be revised i 2011!!! Straa 17

18 O Iteroperability Issues of Electroic Sigature Broader scope electroic sigature is a tool for assurig legal validity of docuumets ad acts, it is ot a goal formal requiremets for validity of such act defied by atioal legislatio» requiremets o madate or authorisatio of actig perso» declaratio of perso idetity (e.g. Official sigature certificatio by otary, citize ID i certificate, etc.) result problems with legal act validatio whe electroic form (of a legal act or documet) with electroic sigature is used» solely validatig perso/body is resposible for cosequeces of such validatio (possitive or egative) result ad further actig based o that Straa 18

19 Techical level O Iteroperability Issues of Electroic Sigature Stadardisatio activities heritage too may stadards ad too may optios i stadards which optios should be really supported?» problem is ot sigature creatio, but sigature validatio curret activities ot headig towards reducig abudat variability, but to stadardise everythig that is o the market» ufouded ad high fiacial costs for buildig solutios supportig all possible optios Straa 19

20 O Iteroperability Issues of Electroic Sigature AdES referece format (proposal for a meetig of TG o e-procedures) e MS will support QES ad AdES based o QC referece format should facilitate cross-border iteroperability proposed referece format:» CAdES/XAdES/PAdES BES or EPES as miimum» MS ca choose betwee three above metioed formats for creatio of QES, but have to support all three formats for verificatio the problem is ot oly i sigature format, but i sigature profiles,, as the format defiitio provides eormous flexibility» sigature profile is importat for sigature validatio Straa 20

21 O Iteroperability Issues of Electroic Sigature XAdES iteroperability examples Sigature policy - BES vs. EPES» i some coutries BES is ot accepted as a equivalet of had-writte sigature (e.g. Slovakia) Sigature topology» referece format requires support for Eveloped, Evelopig ad Detached» Eveloped (sigature withi siged documet) is documet type specific!!! Caoicalisatio method, Trasforms» several methods have to be supported cocurretly Digest method, Sigature method» a referece to atioal laws» problem with iteroperability (e.g. trasitio period from SHA1 to SHA2, or RSA 1K to RSA 2K differet i MS) Straa 21

22 O Iteroperability Issues of Electroic Sigature XAdES iteroperability examples ZIP cotaier used for detached sigature for iteroperability purposes?» Represetig real eeds? multiple sigatures for multiple documets? ZIP is file orieted, problems with structurig more complex relatios» Effective for real usage? Results XAdES maily used for XML documets XML documet ad detached XAdES should be wrapped ito ZIP ZIP cotaier tramsformed ito XML message that is commoly used i busiess processes stadards defiitios do ot always reflect real busiess requiremets who will pay for it? Straa 22

23 O Iteroperability Issues of Electroic Sigature 4. The Future What should be doe Problems idetified the priority of their solutio establishig iteroperability at legislative level preparig real iteroperable stadards solvig real problems related with digital sigature practical usage Straa 23

24 at EU level legal act iteroperability O Iteroperability Issues of Electroic Sigature Iteroperability at legislative level» legal act valid o oe member state should/must have a prove validity also i aother member state qualified electroic sigature iteroperability (harmoisatio of e-sigature e Directive cosequeces)» Defiitio of clear iteroperability requiremets i Directive fudametal revisio at MS level adoptig correspodig chages ito MS legislatio Straa 24

25 Stadardisatio O Iteroperability Issues of Electroic Sigature Chagig the approach towards stadardisatio prioritisig real busiess eeds, ivolvig experts from differet busiess areas sigificatly lowerig the complexity of what has to be supported aimig towards a clear uified stadard» ot stadardisig everythig what is available ad coform to the wishes of busiess lobbyists (PAdES?) Straa 25

26 O Iteroperability Issues of Electroic Sigature What should be the stadardisatio aims: stadardisatio deliverables should» support the process of desigig, developig, operatig ad maagig ES applicatios or services» cover requiremets of all types of ES stakeholders (ed- users, applicatio/ service provider, supportig idustry) provide a sufficiet set of requiremets, criteria or guidelies to esure:» a correct implemetatio meetig the Directive requiremets agaist the targeted type of electroic sigature» correct implemetatio that is iteroperable at the atioal, Europea ad iteratioal levels eablig cross-borders ad cross-applicatios secure commuicatios, whatever is the appropriate or chose techology Straa 26

27 Solve real problems O Iteroperability Issues of Electroic Sigature Addressig real busiess problems log-term archivatio of electroic documets with electroic sigature Supportig all ivolved subjects providig methodical guidelies for effective electroic sigature implemetatio stadardisatio i other busiess areas (e.g. Ivoicig) Straa 27

28 O Iteroperability Issues of Electroic Sigature Thak you. Questios? Straa 28

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information