A General Quality Classification System for eIDs and e-Signatures
The PEPPOL (Pan-European Public Procurement On-Line) project is a large scale pilot under the CIP programme of the EU, exploring electronic public procurement in a unified European market. Interoperability of electronic signatures across borders is identified as a major obstacle to cross-border procurement. PEPPOL suggests specify-ing signature acceptance criteria in the form of signature policies that must be transparent and non-discriminatory. Validation solutions must then not only assess signature correctness but also signature policy adherence. This paper addresses perhaps the most important topic of a signature policy: Quality of eIDs and e-signatures. Discrete levels are suggested for: eID quality, assurance level for this quality, and for cryptographic quality of signatures.
KeywordsElectronic Signature Signature Policy Procurement Process Policy Requirement Similar Standard
Unable to display preview. Download preview PDF.
- EU Commission: Action Plan for the Implementation of the Legal Framework for Electronic Public Procurement. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the European Committee of the Regions, 2004.Google Scholar
- EU Commission: Requirements for Conducting Public Procurement Using Electronic Means under the New Public Procurement Directives 2004/18/EC and 2004/17/EC. Commission staff working document, 2005.Google Scholar
- EU Commission: Action-Plan on e-Signatures and e-Identification to Facilitate the Provision of Cross-Border Public Services in the Single Market, Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, 2008.Google Scholar
- Certipost: Certification Practice Statement, European ID ABC Bridge/Gateway CA for Public Adminis-trations v2.0. EBGCA-DEL-015, 2005.Google Scholar
- ETSI: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Certification Au-thorities issuing Qualified Certificates. ETSI TS 101 456 vl.4.1, 2006.Google Scholar
- ETSI: Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CA-dES). ETSI TS 101 733 v1.7.4, 2008.Google Scholar
- ETSI: XML Advanced Electronic Signatures (XAdES). ETSI TS 101 903 v1.3.2, 2006.Google Scholar
- ETSI: Electronic Signature and Infrastructure (ESI) – XML Format for Signature Policies. ETSI TR 102 038 v1.1.1, 2002.Google Scholar
- ETSI: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Certification Au-thorities issuing Public Key Certificates. ETSI TS 102 042 vl.2.2, 2005.Google Scholar
- ETSI: Electronic Signature and Infrastructure (ESI) – Signature Policy for Extended Business Model. ETSI TR 102 045 v1.1.1, 2003.Google Scholar
- ETSI: Electronic Signatures and Infrastructures; Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash Functions and Asymmetric Algorithms. ETSI TS 102 176-1 v2.0.0, 2007.Google Scholar
- ETSI: Electronic Signatures and Infrastructures; Provision of Harmonized Trust Service Provider Information. ETSI TS 102 231 v2.1.1, 2006.Google Scholar
- EU: Community Framework for Electronic Signatures. Directive 1999/93/EC of the European Parliament and of the Council, 1999.Google Scholar
- EU: Coordination of Procedures for the Award of Public Works Contracts, Public Supply Contracts and Public Service Contracts. Directive 2004/18/EC of the European Parliament and of the Council, 2004.Google Scholar
- EU: Coordinating the Procurement Procedures of Entities Operating in the Water, Energy, Transport and Postal Services Sectors. Directive 2004/17/EC of the European Parliament and of the Council, 2004.Google Scholar
- European Dynamics. Electronic Catalogues in Electronic Public Procurement. DG Internal Markets report, 2007.Google Scholar
- Federal PKI Policy Authority: X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) Version 2.1. 2006.Google Scholar
- ICT Policy Support Programme (PSP): Guidelines to Common Specifications for Cross-border Use of Public Procurement. ICT PSP Programme note, 2007.Google Scholar
- Siemens, Time.lex: Preliminary Study on Mutual Recognition of eSignatures for eGovernment Applications (Final Study and 29 Country Profiles). ID ABC, 2007.Google Scholar
- Lopez, J., Oppliger, R., Pernul, G.: Classifying Public Key Certificates. EuroPKI 2005 - 2nd European PKI Workshop, 2005.Google Scholar
- OASIS: Digital Signature Service Core Protocols and Elements. 2007.Google Scholar
- PEPPOL project: Requirements for Use of Signatures in Public Procurement Processes. http://www.peppol.eu, 2009.
- PEPPOL project: Functional and Non-Functional Requirements Specification for the VCD, In-cluding Critical Synthesis, Comparison and Assessment of National vs. Pan-European Needs. http://www.peppol.eu, 2009.
- Chokani, C, Ford, W., Sabett, R., Merrill, C, Wu, S.: Internet X.509 Public Key Infrastructure Certifi-cae Policy and Certification Practices Framework. RFC3647, 2003.Google Scholar
- Siemens: Preliminary Study on the Electronic Provision of Certificates and Attestations Usually Re-quired in Public Procurement Procedures. DG Internal Market report, 2007.Google Scholar
- W3C: XML Key Management Specification (XKMS 2.0). 2005.Google Scholar
- Ølnes, J., Andresen, A., Buene, L., Cerrato, O., Grindheim, H.: Making Digital Signatures Work across National Borders. ISSE Conference, Warszawa, 2007.Google Scholar
- Ølnes, J., Buene, L.: Use of a Validation Authority to Provide Risk Management for the PKI Relying Party. EuroPKI 2006 – 3rd European PKI Workshop, 2006.Google Scholar