february 9th 2012 - etsi...••• 11 revision of esignature directive + eid mutual recognition...
TRANSCRIPT
ETSI-ESI Workshop on Electronic Signatures
Washington D.C. - February 9th 2012
ETSI ESI Chairperson, Prof. Riccardo Genghini
.
© ETSI 2012. All rights reserved
Why this workshop ?
.
© ETSI 2012. All rights reserved
WHY THIS WORKSHOP ?
• US and EU PKI implementation follows parallel approaches, with mutual interest on interoperability
• Since 2007 Adobe has pursuit the strategy to “open” the PDF format (ISO 32000)
• Since 2008 Adobe actively contributes to the creation and maintenance of EU standards, with very valuable inputs
• EU legislation (and Member states legislation) has adopted ISO 32000 as the preferred e-document format
Why this workshop ?
.
© ETSI 2012. All rights reserved
OPPORTUNITIES
• The widespread adoption in Europe of PDF-A as the digital document format for Government and Enterprises…
• The use of CAdEs, XAdEs and PAdEs… • The implementation of a comprehensive TSL • The implementation of interoperability
environments (like LSPs and ETSI-Plugtests)… is reshaping the world of digital documentation
and of e-Government, creating new powerful cross-border best practices
Why this workshop ?
.
© ETSI 2012. All rights reserved
AIMS OF THIS WORKSOP
• Sharing information and experiences • Networking • Finding possible environments/projects on
which co-operate or exchange information in the future
Why this workshop ?
.
© ETSI 2012. All rights reserved
WORKING AGENDA
• EU Experts Presentations in the morning, followed by panel discussion open to questions from the floor (very welcome!) moderated by Riccardo Genghini - ETSI-ESI
• US Experts Presentations in the afternoon, followed by panel discussion open to questions from the floor (very welcome!) moderated by Leonard Rosenthol - Adobe
••• 6
Pan European framework for electronic identification,
authentication and signature
European Commission DG Information Society & Media
ETSI-ESI Workshop on Electronic Signatures
Washington D.C. - February 9th 2012
••• 7 ••• 7
Current eSignature / eID status in EU
1. Directive 1999/93/EC legal framework 2. CEN and ETSI e-signature standards 3. Member States + industry investments 4. In Services Directive context:
• “Trusted list” of qualified certificates providers
• “Points of Single Contact” must handle ETSI signature formats
5. No EU legislation on eID
••• 8
What is changing the landscape?
– New drivers for eSignatures and ancillary services: – Public e-procurement – Services Directive – Business processes automation – eID cards infrastructure
New landscape!
••• 9 ••• 9
Challenge for EU policy
• Objective: • to strengthen Single Market by boosting
convenience and trust online • Requires secure and
seamless cross-border e-interactions: • between administrations,
businesses and citizens • Offering legal certainty • Easy to use by non specialists • Low cost • Working across EU and international borders
A
B
C
1. Completing the internal market for e-commerce EU Parliament Resolution 21.9.10, P7_TA(2010)0320 - IMCO
48. Stresses the importance of e-signatures and of PKI for pan-European secure e-government services, and calls on Commission to set up a European Validation Authorities Gateway to ensure cross-border interoperability for e-signatures
2. Internet governance: the next steps EU Parliament Resolution 15.6.10, P7_TA(2010)0208 - ITRE
24. Stresses the importance of the security of electronic services, especially of e-signatures, and of the need for the creation of the PKI at Pan-European level, and calls on Commission to set up a European Validation Authorities Gateway in order to ensure the cross-border interoperability of e-signatures and to increase the security of transactions carried out using the internet
••• 10 ••• 10
EP resolutions related to e-signature
••• 11 ••• 11
Revision of eSignature Directive + eID mutual recognition
EC’s reiterated political commitment: 1. Digital Agenda for Europe 19.5.2010, COM(2010)245
2. European eGov Action Plan 2011-15 15.12.10, COM(2010)743
3. Single Market Act 13.4.11, COM(2011)206
4. A roadmap to stability and growth 12.10.11, COM(2011)669
• TOP PRIORITY TO SUPPORT EU GROWTH!!!
• European Council conclusions 23.10.11
5. Commission Work Programme 2012 15.11.11, COM(2011)777
• Pan European framework for electronic identification, authentication and signature. 2Q2012
••• 12
• Objective: – To gather stakeholders’ views on the
existing situation and potential solutions – Closed on 15.4.2011
• Overall picture: – 434 contributions – Diverging views on the causes of low
eSignature take-up – Diverging opinions on how to address
issues
• Results on eSignature website on europa
1st step: public consultation on eID, authentication & signature
••• 13 ••• 13
Pan EU framework for electronic identification, authentication and
signature
• Coverage (to be confirmed):
– Mutual recognition and acceptance of e-identification across borders
– eSignature interoperability and usability – Cross-border dimension of related ancillary
trusted services and credentials: • time stamping, • signature long term validation, • e-seals, • registered documents e-delivery, • e-documents, • website authentication.
••• 14
Building of Trust Electronic identification, authentication & signatures
Common principles
1. eID / eAuthentication:
2. eSignatures
3. Ancillary trusted services: • eSeals • Time stamps • eSig long term valdation • Certified eDelivery • eDocuments (copie conforme) • Website authentication
Specific Requirements
• Trust & Confidence • Convenience • Consent • Data protection • Transparency • Technological neutrality • Security • Credential issuance reliability (supervision, …) • Internal market
Trust enablers
• Legal effect • Mutual
recognition / acceptance
• Liability • Reference to
standards
Pan European framework for electronic identification, authentication and signature
• Natural & legal persons
••• 15
Three-pronged approach Systematically for most trusted services, credentials and products:
Security insurance
level
Techno neutrali
ty
1 Technology neutral definition –Non discrimination « electronic vs. paper»
N/A 99%
2 “Qualified level” (Q-level)
– Defined by target security requirements – «Rewarded» by higher legal effect – Does not specify means to achieve them
Medium High
3
«Presumption» of compliance to Q-level (i.e. legal certainty of legal effect) (via secondary legislation):
– Q-level specified by standard(s) – Q-level assessment done by verifying
compliance to conformity assessment standard(s)
– Q-level compliance certified (self, 3rd party or state supervision)
Very high N/A
••• 16
• Member States: – To notify to Commission the ‘national’ eID(s) used at
home for access to public online services; – To recognise and accept ‘notified’ eIDs of other
Member States for access to cross-border public online services;
– To provide the possibility to check and verify received eIDs (authentication);
– Responsibility of Member States for unambiguous identification and their authentication
– To allow the private sector to use ‘notified’ eID
Mutual recognition and acceptance of e-identification and authentication
across borders
••• 17 ••• 17
Next Steps:
1. Member States, European Parliament and other stakeholders consultations
2. Impact assessment of policy options
3. Legislative proposal 2Q2012 4. Implementing acts
+ • Standards rationalisation
Consultation Proposal
Standards
Indicative conceptual process
2011 2012 2013 2014 2015 2016
Legislative process
Implementing acts Commission Decisions
Standardisation mandate m460
Legislation
NB. Dates are indicative
••• 19
• eSignature website: ec.europa.eu/information_society/policy/esignature
including results of online public consultation
• Mailbox: [email protected]
For further information
Why this workshop ?
.
© ETSI 2012. All rights reserved
CONCLUSIONS
• EU has comprehensive legislation and standards for PKI deployment
• EU is oriented towards opening its service market to the worldwide competition
• EU Member States are fully committed to digitalization: technical cornerstones are • ISO 32000 • SSCD (HW security) • PAdEs CAdEs, XAdEs • TSL • digital identities