AFACT eCOO WG interim meeting - Conference Call

1st March of 2011

Mahmood Zargar

eCOO Experiences and Standards

UBL-based eCOO data model

• eCOO data model, based on UBL (ebXML)/OASIS, was once developed in Business Collaboration Framework WG (BCFWG) several years ago chaired by Kamarudin Bin Tambi of Crimsonligic, Singapore. I was one of the BCFWG members. Many PAA members adopted the data model to test for interoperability. At that time officials from Chinese Taipei and some AFACT members also participated in the online concall discussion of data element and did some necessary data harmonization. Therefore, Chinese Taipei and Korea, through collaboration of TradeVAN and KTNet, tested interoperability technically and then established officially mutual understanding for exchanging eCOO message through the two VANs.

PAA Cross Border Transactions

• PAA Secure Network

• PAA Legal Framework

• PAA ebXML Network

PAA.net Infrastructure

PAA Achievements

• Has established robust legal framework which covers the liability of each parties, service level, dispute resolution process etc. for the exchange of digitally signed electronic documents

• Has developed PKI mutual recognition framework to support secure cross border transaction

• Has created message standards for both commercial and government related documents

• Has completed interconnectivity test among members using ebMSv2.0 messaging service handler

• Has created business model and charging scheme

Current PAA Accredited CAs

UN/CEFACT Recommendation #37

Recommendation No. 37

Signed Digital Evidence Interoperability

Recommendation

Review before further iteration of Open Development Process Step 5 – Public Review

SDEIR Scope

• A digital document, unlike a paper document, has little evidence value until it is reinforced by a mechanism, such as electronic signature, which guarantees the integrity and the authenticity of the document.

• However, because of the multiplicity of electronic signature standards, verification of digital evidence by a recipient may be impossible. This has a direct impact on the ability of businesses and administrations to securely exchange digital documents between themselves and with their administrative and financial counterparts.

SDEIR Goal

• Aims to increasing the level of interoperability of electronically signed digital evidence in order to facilitate the development of paperless international trade.

• Defining a set of functional rules which signed digital evidence should follow

Interoperability Problems • Signature format interoperability: the verifying

software is often not able to deal with the digital signature format received or not able to understand to which file the signature corresponds, or where the signature is.

• Semantic value of the signature: the verifying software or the format of the signature may not allow understanding the signatory’s intention (for instance if it is for integrity purposes or as an approval of the signed content, or otherwise).

• Certificate validity: the verifying software may not able to determine if the certificate is trustworthy or if it was revoked at the date of signature.

SDEIR Verification for digital Evidence

• The signatures’ parameters (date, place, type of commitment, …)

• The integrity of the signed content

• The integrity and validity of the signatories’ certificates

• The trustworthiness of the certification service providers

SDEIR objectives

• Improve efficiency and reliability of the verification of digital evidence received from another party;

• Increase interoperability of digital evidence which in turn will increase trust and confidence;

• Provide a wide yet coordinated path to increase the rate of adoption of paperless technologies.

Benefits of SDEIR

• Facilitate trust by offering generic functionality to create, verify and easily manage signed digital evidence;

• Ensure interoperability of signed digital evidence by means of a common functional and independence to the technical format used;

• Simplify the integration of digital signatures in business and archiving applications

Roadmap for AFACT eCOO cross-border initiative

Subjects for Discussion and Guidelines

Solution A:• Data Model based on already exp.• Implementing UNCEFACT Rec. 37 (SDEIR) and

recognitions• A Framework for Country policies and

agreementsSolution B:• Expanding PAA Framework• A Framework for Country policies and

agreements

Next eCOO WG Meeting

Parallel with AFACT Midterm Meeting

May 2011

Kaohsiung Chinese Taipei