Eurpean Federated Validatin Service Study Slutin Prfile CNUE Verificatin platfrm
This reprt / paper was prepared fr the IDABC prgramme by: Authr s name: Indicated in the slutin prfile belw, under cntact infrmatin Crdinated by: Hans Graux (time.lex), Christian Staffe (Siemens), Eric Meyvis (Siemens) Cntract N. 1, Framewrk cntract ENTR/05/58-SECURITY, Specific cntract N 14 Disclaimer The views expressed in this dcument are purely thse f the writer and may nt, in any circumstances, be interpreted as stating an fficial psitin f the Eurpean Cmmissin. The Eurpean Cmmissin des nt guarantee the accuracy f the infrmatin included in this study, nr des it accept any respnsibility fr any use theref. Reference herein t any specific prducts, specificatins, prcess, r service by trade name, trademark, manufacturer, r therwise, des nt necessarily cnstitute r imply its endrsement, recmmendatin, r favuring by the Eurpean Cmmissin. All care has been taken by the authr t ensure that s/he has btained, where necessary, permissin t use any parts f manuscripts including illustratins, maps, and graphs, n which intellectual prperty rights already exist frm the titular hlder(s) f such rights r frm her/his r their legal representative. This paper can be dwnladed frm the IDABC website: http://eurpa.eu.int/idabc/ http://ec.eurpa.eu/idabc/en/dcument/7764 Eurpean Cmmunities, 2009 Reprductin is authrised, except fr cmmercial purpses, prvided the surce is acknwledged. 2
Executive summary The Eurpean Federated Validatin Service (EFVS) Study was initiated by IDABC in rder t assess the feasibility f specific measures t ensure the availability f a Eurpean scale federated electrnic signature verificatin functinality. As a first step in the EFVS Study, infrmatin has been cllected n twenty existing slutins that already prvide all r sme f the functinalities assciated with Eurpean signature verificatin functinality, r that culd prvide valuable insights n hw such an EFVS culd be rganised. This has been dne by drafting standardised prfiles f the identified slutins, fcusing specifically n hw each f these slutins (a) determine the validity f signature certificates; (b) verify electrnic signatures created using these certificates; and (c) prvide specific guarantees t their custmers n the utcmes f these prcesses. The present dcument cntains the slutin prfile fr: CNUE Verificatin platfrm. 3
Table f Cntents EXECUTIVE SUMMARY 3 1 DOCUMENTS 5 1.1 APPLICABLE DOCUMENTS 5 1.2 REFERENCE DOCUMENTS 5 2 GLOSSARY 6 2.1 DEFINITIONS 6 2.2 ACRONYMS 8 3 SOLUTION PROFILE CNUE VERIFICATION PLATFORM 9 4
1 Dcuments 1.1 Applicable Dcuments [AD1] Framewrk Cntract ENTR/05/58-SECURITY 1.2 Reference Dcuments [RD1] [RD2] [RD3] Prject Management and Quality Plan (EFVS SC14 PMQP) DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL f 13 December 1999 n a Cmmunity framewrk fr electrnic signatures http://eurpa.eu/infrmatin_sciety/eeurpe/i2010/dcs/esignatures/esignatures_e n.pdf Preliminary Study n Mutual Recgnitin f esignatures fr egvernment applicatins http://ec.eurpa.eu/idabc/en/dcument/6485/5938 5
2 Glssary 2.1 Definitins In the curse f this reprt, a number f key ntins are frequently referred t. T avid any ambiguity, the fllwing definitins apply t these ntins and shuld als be used by the crrespndents. Entity: anyne r anything that is characterised thrugh the measurement f its attributes in an eidm system. This includes natural persns, legal persns and assciatins withut legal persnality; it includes bth natinals and nn-natinals f any given cuntry. eidm system: the rganisatinal and technical infrastructure used fr the definitin, designatin and administratin f identity attributes f entities. This Prfile will nly elabrate n eidm systems that are cnsidered a key part f the natinal eidm strategy. Decentralised slutins (state/regin/prvince/cmmune ) can be included in the scpe f this Prfile if they are cnsidered a key part f the natinal eidm strategy. eidm tken (r tken ): any hardware r sftware r cmbinatin theref that cntains credentials, i.e. infrmatin attesting t the integrity f identity attributes. Examples include smart cards/usb sticks/cell phnes cntaining PKI certificates, Authenticatin 1 : the crrbratin f the claimed identity f an entity and a set f its bserved attributes. (i.e. the ntin is used as a synnym f entity authenticatin ). Authrisatin: the prcess f determining, by evaluatin f applicable permissins, whether an authenticated entity is allwed t have access t a particular resurce. Unique identifiers: an attribute r a set f attributes f an entity which uniquely identifies the entity within a certain cntext. Examples may include natinal numbers, certificate numbers, etc. Official registers: data cllectins held and maintained by public authrities, in which the identity attributes f a clearly defined subset f entities is managed, and t which a particular legal f factual trust is attached (i.e. which are generally assumed t be crrect). This includes Natinal Registers, tax registers, cmpany registers, etc. egvernment applicatin: any interactive public service using electrnic means which is ffered entirely r partially by r n the authrity f a public administratin, fr the mutual 1 Fr the purpses f this Prfile, the ntin f authenticatin is cnsidered t be synnymus with entity authenticatin, as ppsed t data authenticatin. The ntin f identificatin shuld be avided t avid cnfusin. 6
benefit f the end user (which may include citizens, legal persns and/r ther administratins) and the public administratin. Any frm f electrnic service (including stand-alne sftware, web applicatins, and prprietary interfaces ffered lcally (e.g. at a lcal ffice cunter using an electrnic device)) can be cnsidered an egvernment applicatin, prvided that a certain degree f interactivity is included. Interactivity requires that a transactin between the parties must be invlved; ne-way cmmunicatin by a public administratin (such as the publicatin f standardised frms n a website) des nt suffice. esignature: data in electrnic frm which are attached t r lgically assciated with ther electrnic data and which serve as a methd f authenticatin with regard t this data. Nte that this als includes nn-pki slutins. Advanced electrnic signature: an electrnic signature which meets the fllwing requirements: (a) it is uniquely linked t the signatry; (b) it is capable f identifying the signatry; (c) it is created using means that the signatry can maintain under his sle cntrl; and (d) it is linked t the data t which it relates in such a manner that any subsequent change f the data is detectable; Again, this definitin may cver nn-pki slutins. Qualified electrnic signature: advanced electrnic signatures which are based n a qualified certificate and which are created by a secure-signature-creatin device, as defined in the esignatures Directive 2. Validatin: the crrbratin f whether an esignature was valid at the time f signing. 2 See http://eur-lex.eurpa.eu/lexuriserv/lexuriserv.d?uri=celex:31999l0093:en:html 7
2.2 Acrnyms A2A...Administratin t Administratin A2B...Administratin t Businesses A2C...Administratin t Citizens CA...Certificatin Authrity CRL...Certificate Revcatin Lists CSP...Certificate Service Prvider eid...electrnic Identity eidm...electrnic Identity Management IAM...Identity and Authenticatin Management IDM...Identity Management OCSP...Online Certificate Status Prtcl OTP...One-Time Passwrd PKCS...Public-Key Cryptgraphy Standards PKI...Public Key Infrastructure SA...Supervisin Authrity SOAP...Simple Object Access Prtcl SCVP...Server-based Certificate Validatin Prtcl SSCD...Secure Signature Creatin Device USB...Universal Serial Bus TTP...Trusted Third Party XAdES...XML Advanced Electrnic Signature XML...eXtensible Markup Language XML-DSIG...XML Digital Signature 8
3 Slutin Prfile CNUE Verificatin platfrm General identificatin infrmatin Name and rganisatin Name: Verificatin platfrm fr Ntarial Signatures Organisatin: CNUE (Cuncil f the Ntariats f the Eurpean Unin) Reference (n-line surce) N public nline resurce (prject is in internal beta testing) Cntact infrmatin Dr. Dminik Gassen Ntary in Bnn Thmas-Mann-Str. 37 53111 Bnn Tel.: +49-228-98394-0 E-Mail: d.gassen@ntarnet.de 9
Scpe f the slutin Services ffered (What services des the slutin ffer t a relying party? This shuld include mst ntably the three basic services abve validatin f certificates, verificatin f the signature, and ensuring trustwrthiness and legal liability but may als cver additinal services e.g. semantic services, archiving f dcuments/signatures, maintenance, time stamping, security/reliability metrics fr the security level f the signature and the certificate, Services that are nt currently available but which are planned fr the future may als be indicated. ) Verificatin f signatures Validatin f certificates (nly by relaying certificate infrmatin frm issuing CA i.e. revcatin, etc.) Interpretatin f cntained r implied infrmatin n prfessinal status (ntary) f the wner f the certificate (service can recgnize the methds cnnected CAs use t indicate that the certificate has been issued t a ntary in public ffice) Applicatin dmain (e.g. sectr r applicatin types) (Is the slutin usable in any sectr r applicatin field (i.e. is it generic in scpe), r is it currently limited t a specific sectr, applicatin r dmain? If it is currently restricted, wuld it be pssible t extend the slutin t ther sectrs, applicatins r dmains? What wuld need t be changed?) At the mment the service is intended nly fr use amng ntaries t facilitate their crss-brder transactins. Opening the service t ther interested users might be an ptin fr the future, it is nt in the scpe f the prject tday. There are currently n plans t extend the service t any ther CAs than the nes that issue certificates t ntaries. CAs cvered by the slutin (Hw many CAs are presently cvered by the slutin, and which nes? D they include CAs established in multiple cuntries r states?) CAs included are Ancert (Spain), real.nt (France), Cnsigli Nazinale del Ntariat (Italy) and Bundesntarkammer CA (Germany). All are ffering their services in the respective cuntries. Extensibility f the slutin 10
(Can additinal CAs be integrated int the slutin? If s, are there restrictins? Have such extensins been dne in the past yet, r are any extensins currently planned?) Additinal CAs can be integrated, right nw limited t thse ffering Ntary Certificates. There are plans t include mre CAs perated by the respective cuntries ntarial rganisatins in the near future. Business mdel/cst mdel f the slutin (Hw is the slutin funded? Is it envisaged as a fr-prfit mdel? Wh pays cntributins, and fr what type f services? What prfits (if any) are made with the services prvided by the slutin? Upn request f the crrespndent, any cmmunicated price infrmatin r ther cmmercially sensitive infrmatin will nt be disclsed.) In its prttype stage, the service is funded by the CAs included and their respective ntarial rganisatins wh are sharing the technical services. At this mment, there is n plan fr a prfit-driven business mdel fr the platfrm. Participants are evaluating if and hw it can be ffered as a service t Eurpean ntaries. 11
Technical apprach Validatin apprach (Des the slutin validate signature certificates, electrnic signatures based n a hash value f the signed dcument(s), r signed dcuments with embedded signatures (attached signatures - envelping r envelped signatures detached signatures)? What is the maturity f the slutin i.e. can it be classified as a knwn technical apprach, such as a trusted list, bridge, r validatin platfrm?) The service validates signed dcuments (based n a hash value) with embedded and detached signatures. Certificates are validated with the CA s directry service r revcatin list. Verificatin f timestamps cnnected t the signatures is a pssible future extensin. It can be classified as a validatin platfrm. With regard t certificates (Hw des the validatin f certificates wrk based n OCSP, CRLs, r bth? What certificate prfiles are supprted by the slutin?) The Service wrks with OCSP servers and CRLs. With regard t signatures (What signature frmats are supprted by the slutin - PKCS #7, CMS, XML signatures, PDF signatures, XAdES, CAdES, r thers?) PKCS #7, XML signatures, XAdES. Multi-signatures (Is the slutin capable f validating multiple signatures n a dcument? Des it supprt independent signatures (c-signatures) and/r verall cuntersignatures?) Multi-Signatures are nt supprted as f nw. 12
Lgging and auditing (Is the use f the slutin lgged, and if s, t what extent? D users f the slutin have the pssibility t perfrm audits r t gain access t independent auditing reprts?) The use f the platfrm is nt lgged as f nw. Auditing might be an issue nce the service cmes ut f the beta stage. The cnnected CAs are audited accrding t their natinal laws. Restrictins impsed n CAs (What technical requirements are impsed n CAs, e.g. with regard t standards, frmats r certificate prfiles that they need t adpt? This includes e.g. the inclusin f certain infrmatin in signature certificates that is necessary in specific sectrs.) The slutin aims t supprt any technical frmat that is used by the cnnected CAs r that is cmmn amng ntaries in electrnic prceedings in the respective cuntries. Because all attached CAs specialize in the ntary market, any frmat that needs t be supprted is knwn amng them and can be included in the platfrm s framewrk with their help. Usage f the slutin by relying parties (Hw d relying parties use the slutin? Are there sftware cmpnents which they need t integrate int their wn systems, is it a web service, etc.) As f nw, the main access ptin is a webpage with an uplad frm. T avid the uplad, the user can utilise a java applet t perfrm parts f the verificatin prcess lcally. A web service interface that allws inclusin int applicatin is ne f the technical extensins that is being discussed. 13
Technical flexibility (Given the technical characteristics utlined abve, culd the technical requirements f the slutin be changed t increase its flexibility (e.g. by supprting ther signature standards, validatin methds, certificate prfiles, etc...))? With respect t the limited scpe f the platfrm, the expectatin f the parties invlved is that any and all standards and prfiles will be included that are f significant imprtance t ntarial electrnic dcuments in any participating cuntry. Status f the prject/actual usage f the slutin (What is the status f the prject (e.g. in develpment, prttyped, in prductin, etc.). What is the actual usage f the slutin (e.g. in terms f relying parties adpting the slutin t validate electrnic signatures) and what are the impacts f its use? Hw many transactins, hw many certificates des it handle?) The platfrm has been psitively prttyped and in clsed beta testing with a select grup f ntaries. As f tday it is difficult t predict hw large the demand fr the service will be amng ntaries. Electrnic ntarial dcuments are still very much a develping area but it is t be expected that their use will becme mre widespread in a natinal cntext and in crss-brder-scenaris. The users are bund by preliminary terms f service nw. The final versin is nt yet cmpleted and under legal review. 14
Legal apprach Relatinship with the CAs 3 (What requirements des a CA need t meet befre being able t accede t the slutin? Specifically, which prcesses and prcedures have been freseen t vet CAs? What kind f agreements are put in place with the CAs, and what are the main issues addressed in these agreements?) Only CAs that are wrking with ntarial rganisatins in prviding certificates t ntaries are cnsidered fr inclusin. Relatinship with the relying parties (Hw des a relying party get the right t use the slutin? What kind f agreements are put in place in relatin with the relying parties, and which services can be ffered t the relying parties via these agreements?) The terms under which ntaries as relying parties can make use f the abvementined services have nt been fixed yet. Reliability f the signature certificates (What prcedures des the slutin put in place t determine the reliability f signature certificates? Are certificate plicies checked? Are supervisin/accreditatin schemes cnsidered? Have specific security criteria been defined, and des the slutin supprt multiple levels f reliability? If s, can the slutin distinguish between qualified and nnqualified signature certificates?) As f nw, all included CAs are cnnected t the ntarial rganisatins in their cuntries. Fr prfessinal reasns, these CAs nly use the highest level f security available in their jurisdictin and are accredited where this ptin is ffered. Certificatin practices and plicies are knwn frm every CA. Fr that reasn there is n need t distinguish between levels f reliability because there is n discernible difference between the quality f the service ffered by the different prviders. Nnqualified signatures will nt be verified by the service because they are nt used in 3 Within the EU, the term CA shuld be taken t mean a certificatin service prvider as defined in article 2.11 f the esignatures Directive (Directive 1999/93/EC) and utside the EU, this means a Certificatin Authrity in the technical sense, i.e. an entity issuing signature certificates t third parties. 15
ntarial practices. Legal value f the signatures (Can the slutin make a statement n the legal value f signatures? If s, what factrs are taken int accunt? If multiple degrees f validity are supprted by the system (i.e. a statement n the reliability f the signature as a whle is prvided), then hw are these reliability levels defined and cmmunicated t the relying party? Can the slutin identify if a signature can be cnsidered a qualified signature (i.e. if it is an advanced electrnic signature based n a qualified certificate created by using a secure signature creatin device, as defined in the esignatures Directive)? Finally, if the certificate plicies cntain restrictins n the use f the signatures (e.g. limitatin t transactins f a certain amunt r exclusin f certain sectrs), then are these restrictins taken int accunt when cmmunicating the legal value f the signature?) The platfrm will certify that a signature can be cnsidered qualified and it will determine if the certificate has been issued t a ntary in ffice accrding t the rules f the respective prfessinal bdy. Further statements f the legal value will nt be ffered because the legal situatin (regarding electrnic ntarial dcuments) is different in the participating cuntries. Other restrictins r attributes are nt supprted because they play n rle in ntarial electrnic prceedings (in regard t signatures). Liability f the slutin prvider (What liability (if any) des the slutin prvider accept with regard t its services? Specifically, if the signatures rely n qualified certificates as defined under the Eurpean esignatures Directive (if this is applicable t the slutin), then hw des the slutin address its liability fr prviding guarantees t the public in relatin t such certificates?) N final decisins have been made in regards t liability. A limitatin is t be expected. Quality f service and availability (Des the slutin prvide any guarantees with regard t the quality f its service (i.e. the reliability f the infrmatin it prvides) and its availability t relying parties, ther than already mentined abve?) N plans in this directin yet Independence f the slutin (Is the slutin fully unaffiliated (legally unrelated) with all f the CAs that are integrated int the 16
slutin? If nt, then hw is trust created twards the relying party fr affiliated CAs?) See abve All CAs are affiliated. Cmpliance with the prvisins f the esignatures Directive (Des the slutin supprt signatures frm CAs established in cuntries that are nt subjected t the prvisins f the esignatures Directive (Directive1999/93/EC)? If s, hw are they integrated and hw des the slutin address their legal value?) N plans in this directin yet. 17
Suitability f the slutin at the Eurpean level Assessment f the slutin wner (Des the slutin wner feel that the slutin culd be adapted t perate at the Eurpean level nt applicable if the slutin already functins at the Eurpean level?) N.A. Issues t be addressed (Which issues des the slutin wner feel wuld still need t be addressed befre the slutin culd be made t perate at the Eurpean level?) N.A. Integratin with ther validatin slutins (Is there any strategy t allw the slutin t interperate with ther validatin slutins, i.e. can the slutin cnnect t ther islands f trust?) As f nw n. Market Impacts (Hw culd the slutin impact r influence the Eurpean market?) It is intended t facilitate internatinal legal prceedings that invlve ntaries and ntarial dcuments. The Service is especially geared twards the prfessin f civil law ntary and his/her fficial status. The fact that the service is aware f and certifies the signer s status as an active civil law ntary makes exchanges that invlve the participatin f a ntary mre secure. T this end, the platfrm certifies: 18
that the signer is a practising civil law ntary currently in ffice the signer s identity and cuntry f rigin the fact that the signed dcument has nt been altered. The primary use case envisined is the electrnic transfer f ntarised pwers f attrney that have t be used in a qualified frm (ntarial deed f certificatin) in public prceedings. Any ther cmments? (The slutin wner can prvide any ther cmments that (s)he feels were nt adequately cvered elsewhere) N further cmments. 19
20