An Electronic Signature Service Infrastructure for the European Commission

Transcription

1 An Electronic Signature Service Infrastructure for the European Commission ETSI, 3 December 2013 Philippe Schneider European Commission, DG Informatics I.T.

2 Contents t What is ESSI ESSI offering and orientation Generic services ESSI front-end web application Current applications Challenges 2

3 What is ESSI? In some aspects, the European Commission is an administration for some 29th member state in EU Regarding esignature, the European Commission must eat its own dogfood Decision 2004/563/EC on electronic and digitised documents and its implementing rules SEC(2009)1643 provide the legal basis for electronic signatures at EC DIGIT.A (Corporate Infrastructure IT Solutions & Services) was put in charge of setting up an Electronic Signature Service Infrastructure to facilitate the integration of electronic signature in the Information Systems of the European Commission. 3

4 ESSI orientations ti Wherever a choice is possible, favor - standard vs. ad-hoc signature formats - open-source software components - corporate (generic) vs. ad-hoc solutions Keep up with EU legal context and state of the art. 4

5 COMMON TRUST SCHEME External signatory EC as relying party EC as signatory External Relying party 5

6 Could the same esignature work with all parties? in all (EU) countries? and in all sectors of activity? 6

7 Comparing signature contexts t For member state administrationsations Public initiatives usually lead the deployment of nationwide trust schemes But (cross-border) interoperability was not a primary concern For EC Deployment of similar (ad-hoc) trust scheme not conceivable Leveraging of MS-level trust schemes conditioned by their interoperability 7

8 Support for interoperable esignatures (formats and trust schemes) isconsidered essentialat at ESSI for the rationalisation of EC's own processes 8

9 ESSI offering to EC system owners: from common signature software to corporate signature services 9

10 Components of the ESSI service Geared to support AdES formats for the most demanding business processes expert consultancy Redundant HSMs central signature creation services E S S I central validation & extension services EU TSLs ETSI policies Preconfigured for baseline profiles client-side toolkit trusted timestamping services Redundant providers 10

11 4 generic e services for esignatures EC: Physical person outgoing signatures => create QES Legal person outgoing signatures => create AdES QC Physical person internal signatures => create AdES EC Received signatures => validate QES, AdES QC or AdES EC 11

12 ESSI generic signature policy Sets out the responsibility of the various actors in each type of generic signature flow To avoid the proliferation of variants in trust models and formats, esignature projects are asked to examine early the adoption or adaptation of existing generic services. To help business process owners figure out key features of these services and AdES formats, a web application front-end with tutorial features is offered. 12

13

14

15

16 Some ESSI applications Qualified outgoing signatures MARKT - List of trusted lists SG Day Note OP - Official Journal OLAF ecase-handling EC signing as a legal person (AdES/QC) MARKT - IMI (Professional certificate) DIGIT - eprior-preaward ARES ERIS seals Validation of received signatures OP - Official Journal DIGIT eprior-preaward TAXUD UUM&DS DIGIT esig 16

17 Challenges A business owner is required signature policy board is required A corporate certificate management system is required The generic esignature challenge is more organisational and legal than technical 17

18 Thank you! 18