Advertisement

A General Quality Classification System for eIDs and e-Signatures

  • Jon Ølnes
  • Leif Buene
  • Anette Andresen
  • Håvard Grindheim
  • Jörg Apitzsch
  • Adriano Rossi

Abstract

The PEPPOL (Pan-European Public Procurement On-Line) project is a large scale pilot under the CIP programme of the EU, exploring electronic public procurement in a unified European market. Interoperability of electronic signatures across borders is identified as a major obstacle to cross-border procurement. PEPPOL suggests specify-ing signature acceptance criteria in the form of signature policies that must be transparent and non-discriminatory. Validation solutions must then not only assess signature correctness but also signature policy adherence. This paper addresses perhaps the most important topic of a signature policy: Quality of eIDs and e-signatures. Discrete levels are suggested for: eID quality, assurance level for this quality, and for cryptographic quality of signatures.

Keywords

Electronic Signature Signature Policy Procurement Process Policy Requirement Similar Standard 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. EU Commission: Action Plan for the Implementation of the Legal Framework for Electronic Public Procurement. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the European Committee of the Regions, 2004.Google Scholar
  2. EU Commission: Requirements for Conducting Public Procurement Using Electronic Means under the New Public Procurement Directives 2004/18/EC and 2004/17/EC. Commission staff working document, 2005.Google Scholar
  3. EU Commission: Action-Plan on e-Signatures and e-Identification to Facilitate the Provision of Cross-Border Public Services in the Single Market, Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, 2008.Google Scholar
  4. Certipost: Certification Practice Statement, European ID ABC Bridge/Gateway CA for Public Adminis-trations v2.0. EBGCA-DEL-015, 2005.Google Scholar
  5. ETSI: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Certification Au-thorities issuing Qualified Certificates. ETSI TS 101 456 vl.4.1, 2006.Google Scholar
  6. ETSI: Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CA-dES). ETSI TS 101 733 v1.7.4, 2008.Google Scholar
  7. ETSI: XML Advanced Electronic Signatures (XAdES). ETSI TS 101 903 v1.3.2, 2006.Google Scholar
  8. ETSI: Electronic Signature and Infrastructure (ESI) – XML Format for Signature Policies. ETSI TR 102 038 v1.1.1, 2002.Google Scholar
  9. ETSI: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Certification Au-thorities issuing Public Key Certificates. ETSI TS 102 042 vl.2.2, 2005.Google Scholar
  10. ETSI: Electronic Signature and Infrastructure (ESI) – Signature Policy for Extended Business Model. ETSI TR 102 045 v1.1.1, 2003.Google Scholar
  11. ETSI: Electronic Signatures and Infrastructures; Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash Functions and Asymmetric Algorithms. ETSI TS 102 176-1 v2.0.0, 2007.Google Scholar
  12. ETSI: Electronic Signatures and Infrastructures; Provision of Harmonized Trust Service Provider Information. ETSI TS 102 231 v2.1.1, 2006.Google Scholar
  13. EU: Community Framework for Electronic Signatures. Directive 1999/93/EC of the European Parliament and of the Council, 1999.Google Scholar
  14. EU: Coordination of Procedures for the Award of Public Works Contracts, Public Supply Contracts and Public Service Contracts. Directive 2004/18/EC of the European Parliament and of the Council, 2004.Google Scholar
  15. EU: Coordinating the Procurement Procedures of Entities Operating in the Water, Energy, Transport and Postal Services Sectors. Directive 2004/17/EC of the European Parliament and of the Council, 2004.Google Scholar
  16. European Dynamics. Electronic Catalogues in Electronic Public Procurement. DG Internal Markets report, 2007.Google Scholar
  17. Federal PKI Policy Authority: X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) Version 2.1. 2006.Google Scholar
  18. ICT Policy Support Programme (PSP): Guidelines to Common Specifications for Cross-border Use of Public Procurement. ICT PSP Programme note, 2007.Google Scholar
  19. Siemens, Time.lex: Preliminary Study on Mutual Recognition of eSignatures for eGovernment Applications (Final Study and 29 Country Profiles). ID ABC, 2007.Google Scholar
  20. Lopez, J., Oppliger, R., Pernul, G.: Classifying Public Key Certificates. EuroPKI 2005 - 2nd European PKI Workshop, 2005.Google Scholar
  21. OASIS: Digital Signature Service Core Protocols and Elements. 2007.Google Scholar
  22. PEPPOL project: Requirements for Use of Signatures in Public Procurement Processes. http://www.peppol.eu, 2009.
  23. PEPPOL project: Functional and Non-Functional Requirements Specification for the VCD, In-cluding Critical Synthesis, Comparison and Assessment of National vs. Pan-European Needs. http://www.peppol.eu, 2009.
  24. Chokani, C, Ford, W., Sabett, R., Merrill, C, Wu, S.: Internet X.509 Public Key Infrastructure Certifi-cae Policy and Certification Practices Framework. RFC3647, 2003.Google Scholar
  25. Siemens: Preliminary Study on the Electronic Provision of Certificates and Attestations Usually Re-quired in Public Procurement Procedures. DG Internal Market report, 2007.Google Scholar
  26. W3C: XML Key Management Specification (XKMS 2.0). 2005.Google Scholar
  27. Ølnes, J., Andresen, A., Buene, L., Cerrato, O., Grindheim, H.: Making Digital Signatures Work across National Borders. ISSE Conference, Warszawa, 2007.Google Scholar
  28. Ølnes, J., Buene, L.: Use of a Validation Authority to Provide Risk Management for the PKI Relying Party. EuroPKI 2006 – 3rd European PKI Workshop, 2006.Google Scholar

Copyright information

© Vieweg+Teubner | GWV Fachverlage GmbH 2010

Authors and Affiliations

  • Jon Ølnes
    • 1
  • Leif Buene
    • 2
  • Anette Andresen
    • 3
  • Håvard Grindheim
    • 4
  • Jörg Apitzsch
    • 5
  • Adriano Rossi
    • 6
  1. 1.DifiNorway
  2. 2.DNV, Veritasveien 1Norway
  3. 3.BBSNorway
  4. 4.UnibridgeNorway
  5. 5.Bremen Online Services GmbH, Am Fallturm 9Germany
  6. 6.CNIPA, viale MarxItaly

Personalised recommendations