1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005.

Slides:



Advertisements
Similar presentations
Universal Electronic Signatures Tarvi Martens ESTONIA.
Advertisements

Israel, 10th and 11th of December 2003 Italy Israel Bi-national Seminar on Digital Access to Scientific and Cultural Heritage Antonella Fresa MINERVA Technical.
1 European Interoperability Framework for pan-European eGovernment Services Paulo Lopes European Commission, Directorate General Information Society Presentation.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.
CEF Building Blocks Joao RODRIGUES FRADE
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.
European Electronic Identity Practices Country Update of …………… Speaker: Date:
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
August 2004 Providing Industry-wide Security and Identity Management Solutions.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,
Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
21 mai 2015 Bridges between Certification Authorities.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
European Bridge/Gateway CA Pilot Project Reykjavik, 27-May-2005 Kris Van Aken Trust Solutions, Certipost.
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
Workshop on registered electronic mail policies and implementation Ankara, March 2015 Davide Mula REM country practice in legal infrastructure,
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.
ISA programme: Secure-related initiatives Miguel Alvarez Rodríguez.
National Smartcard Project Work Package 8 – Security Issues Report.
European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.
Ray Collins27th September 2005LGfL Project – workshop report1 LGfL Project Report Proof of Principle of the Shibboleth Authentication & Authorisation Infrastructure.
Dr. Renke Fahl-Spiewack ]init[ AG für digitale Kommunikation SEMIC.EU – Semantic Interoperability Centre Europe.
European Life Sciences Infrastructure for Biological Information ELIXIR
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
1 IDABC – promoting Open Document Formats for European eGoverment services OASIS Adoption Forum – London, October 2005 Barbara Held IDABC Enterprise.
E-SENS Electronic Simple European Networked Services WP2 kick off Berlin, Germany Apr 10th 2013.
+1 (801) Standards for Registration Practices Statements IGTF Considerations.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
New Implementing Regulation DG Enterprise on the Administrative Requirements for the approval and market surveillance of 2- or 3-wheel vehicles and quadricycles.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.
Creating a European entity Management Architecture for eGovernment CUB - corvinus.hu Id Réka Vas
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Information Security Systems Cost Effective Authenticity & Integrity in CEN/FISCALIS eInvoicing Good Practice Guidelines Nick Pope – Principal Consultant,
PKI Policy Determination Process Input from PKI Decision Process PKI Policy Determination Process Application(s) Workflows Players.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
Conference Pan-European eGovernment services for citizens & enterprises E.3 Services for enterprises Development and improvement of Information Systems.
DG CONNECT NIPS Study – CONSULTATION CONFERENCE 13 November 2013
ISSS 2001, Hradec Králové, Czech Republic, 26/3/01 IDA for e-Europe & e-Government Dawn Galletly DG Enterprise/D5 European Commission.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Frank Schipplick Work Package Coordinator WP1 - eSignatures.
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
HellasGrid CA & euGridPMA
SWIM Common PKI and policies & procedures for establishing a Trust Framework                           Kick-off meeting Patrick MANA Project lead 29 November.
Public Key Infrastructure (PKI)
The ePhyto Solution A Guide to implement the ePhyto System
e-Invoicing – e-Ordering 20/11/2008
Session 1.6a: PRESENTATION
E-identities (and e-signatures)
Presentation transcript:

1 Bridge/Gateway CA Project Status Gzim OCAKOGLU European Commission – DG ENTR / IDABC Reykjavik – 27 May 2005

2 Outline Introduction to IDABC Programme Bridge/Gateway CA Project History Bridge/Gateway CA Pilot –Part 1 Pilot Implementation –Part 2 Recommendations for an operational BGCA Conclusions

3 From IDA to IDABC 1995: first IDA Programme (Interchange of Data between Administration) 1999: IDA II 2005 – 2009 : IDABC Programme (Interoperable delivery of pan-European eGovernment services to Administration, Business and Citizens)

4 “The objective of the IDABC programme is to identify, support and promote the development and establishment of pan-European eGovernment services and the underlying interoperable telematic networks supporting the Member States and the Community in the implementation … of Community policies and activities, achieving substantial benefits for public administrations, businesses and citizens.” Objective of IDABC

5 Why a Bridge/Gateway CA ? IDA PKI deployed as a stop-gap solution in IDA II Programme –Members of sectoral networks should rely on national PKIs (Currently not available for most civil servants) eEurope Action Plan –support for electronic signatures in public administration Member States’ policy –ability to use the electronic certificates issued by their national CAs in pan-European business IDA II programme policy –encourage interoperability, use of standards, use of e- signature, etc. –Conclusions from previous projects

6 Objective of the Bridge/Gateway CA Pilot to establish an intermediate trust infrastructure to allow a MS or the Commission to have trust and confidence in electronic certificates issued at the national level to civil servants participating in IDA networks.

7 BGCA Project History 1999 : First PKI CUG’s established under the IDA Programme : issue of interoperability (recognition) of national digital certificates was raised by MS July 2002 : Bridge CA Feasibility Study issued as a result of TAC request July 2003 : “WP1” : Analysis of Bridge CA Requirements completed and reviewed July 2004 : Selection of ETSI TSL standard as technical solution for BGCA Pilot November 2004 : “WP1.2” deliverables available December 2004 : BGCA Pilot Launch

8 Summary of Bridge CA Feasibility Study Need of strong political support (e.g. explicit commitment from the European Commission) Need of governing body with high level participation of MS in the body Architecture : Modified Bridge CA or BGCA (distribution of signed trust lists) Need of some form of harmonisation of certification policies Need of agreed minimum standards and operating procedures for CA’s Operation of the Bridge : suitable European agency or external contractor? Need for a pilot

9 Summary of WP1.2 deliverables Reference documents : Trust list usage recommendations –Usage of Trust lists : solely for distribution purposes (not for storage of trust) –3 trust models will be explored (add, remove or accept CA’s from trusted lists) –Standard : use of ETSI TS with modified profile –Applications to be used : SSL mutual authentication and S/MIME Network Architecture Test Programme

10 BGCA Pilot Part 1 : Implementation of Pilot –Set-up of BGCA Infrastructure –Set-up of Test Infrastructure –Running of Pilot Tests –Report on test results –Final report on technical requirements for MS administrations Part 2 : Recommendations for operational Bridge/Gateway CA –Practices Statement for operational BGCA –Participation documents (including procedures) for operational BGCA –Recommendations for extension of Pilot to Industry

11 Part 1: BGCA Pilot phase : status 9 participating countries –Belgium –Italy –Germany –Finland –Czech Republic –Estonia –Slovakia –Slovenia –Iceland

12 MS MS MS MS European Bridge/ Gateway CA CA Participating Member States end- user Bridge Practices Statements (CPS + signature policy) in issuing TSL to Participating Member States CAs PKI Disclosure Statement including “Trust Validation Info” in each Certificate Policies for each Participating CA signed message Validation of signed message ? Trust Equivalence Matrix between Certificates types accross Participating CAs Signature Validation Guidelines in assessing trust in end-user signature v MOU agreement Part 2 : Recommendations for operational Bridge/Gateway CA

13 European IDA Bridge/Gateway CA Certificate Practice Statement Participating Member State Administration MOU ETSI TS ETSI TS IETF RFC 2527 IETF RFC 3647 Scheme Policy Recommendations for future extensions of the European IDA Bridge/Gateway CA Recommendations on Signature Creation and Verification for end- users EBGCA-DEL Trust Matrix ETSI TS IETF RFC 3647 Participating Member CA PKI Disclosure Statements, Certificate Policies and Certificate Practice Statements Participating Member State Administration Participation Form Schematically

14 EBGCA stakeholders EBGCA Authority Level –BGCA Governing Board or Body : with representatives of all concerned parties E.g. European Commission or agency MS representatives, responsible for the national PKI’s –BGCA Policy Authority : implementation of the BGCA Policy scheme (including CP’s mapping) –BGCA Evaluators : independent agents that will determine trust level of requesting CA’s –BGAC Operational Authority : coordination of operation of the BGCA (CA and RA services, TSL services, tesbed services) European MS Administration level –MS administration –MS evaluator (e.g. existing national supervision of accreditation body) –MS CA service provider European MS Administration end-user level

15 European IDA Gateway/Bridge Authority Level European Bridge/Gateway Policy Authority European Bridge/Gateway Operational Authority European Member States Administration Level European Member State Administration Relying Party European Bridge/Gateway Technical assessors European IDA Gateway/Bridge Governing Board European Member State Administration Certificate Holder European Member State Administration end users level European Member State Administratio ns European Administration Member State CA European Bridge/Gate way Evaluator MOU Scheme Policy PKI PDS – CP – CPS European Bridge/Gateway CA Service Provider European Bridge/Gateway test bed service provider European Bridge/Gatewa y TSL Service Provider European Member State CA Evaluator

16 Content of the Practise Statements Based on RFC 3647 –Main drivers : further facilitate the comparison between different CPs and CPSs (to ease the comparison of the trust levels provided by the CA’s of the different MS Administrations  important that CPS of the BGCA itself is very clear). Content : –Publication and repository responsibilities –Identification and authentication (naming ID validation, …) –Certificate life-cycle operational requirements Submission and enrolment Certificate application processing Certificate/TSL issuance Certificate/TSL acceptance Certificate usage/renewal/re-key/modification/revocation/suspension Certificate status services –Facility, management and operational controls –Technical Security vcontrols –Certificate profile, CRL, OCSP –Compliance Audit –Business and Legal matters (Fees, financial responsibility, IPR, warranties, liability, …)

17 Content of Trust Matrix Objective : guideline to determine the equivalence between CP’s Scope: –Definition of seven categories of CP’s –PDS requirements and layout CA contact information Certificate type, usage Obligation of users/relying parties –PDS statements profiling towards TSL level

18 Remaining Issues Technical issues : –Central validation services in the model? –Central Time-stamping solution ? Legal Issues : –liability of the BGCA? –Applicable law for the MoU Policy issues : –Form of the Governing Body : European Institution? –Language of documentation –Validity and signature of the MoU’s

19 Conclusions Bridge/Gateway CA Pilot results expected in 3Q2005 –Results of technical implementation and tests –Recommendations for an operational European Bridge/Gateway CA Pending or future actions for an operational European Bridge/Gateway CA –Interpretation of Pilot Results –Agreement on BGCA Governing Body, MoU format and concept of PDS and Trust Matrix –Definition of ownership of BGCA and deployment

20 THANK YOU ! Web: Address:IDABC Secretariat DG Enterprise/I.5 - SC15 2/50 European Commission B-1049 Brussels, Belgium More Information :

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.