220 likes | 337 Views
Using a Global Validation Service to Unite Communities. Jon Shamah EMEA Head of Sales, BBS eSecurity. WELCOME TO A NEW LEADING NORDIC COMPANY. Many Communities Interacting Together. Many Communities Interacting Together. Humans are basically tribal brought together by common needs
E N D
Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity
Many Communities Interacting Together • Humans are basically tribal • brought together by common needs • Individual members being trusted within their own communities
Many Communities Interacting Together But cross tribal communications are essential to commerce
Many Communities Interacting Together € € So how can contractual trust be established between communities ?
Many Communities Interacting Together € € € Especially with multiple relationships?
Many Communities Interacting Together € € € € Especially with multiple relationships?
US Federal Bridge c2006 Not Much Fun ?
What Can Go Wrong? – Why Bother ? • Repudiation • Company credentials • Correspondent credentials • Dispute • Document Content • Chronology • Compliance • Post transaction investigation • Transparency Legality Liability Conduct
Business Challenges when Dealing with eIDs from Other Communities • Determining risk related to accepting an eID from another Community • Quality • Trustworthiness • Liability • Establishing business processes for handling those eIDs • Predicting cost for authentication and validation with SLAs • Managing exceptions
Business Challenges when Dealing with eIDs from Other Communities • Determining risk related to accepting an eID from another Community • Quality • Trustworthiness • Liability • Establishing business processes for handling those eIDs • Predicting cost for authentication and validation with SLAs • Managing exceptions Fear Uncertainty Doubt
The Role of a Global Validation Service • The primary role of a Global Validation Service is to provide a common trust (and hence liability) model enabling secure and trusted message flows between multiple communities using different identity providers without having to establish bilateral agreements between all possible combinations. Effort = Cost = Risk
BBS Global Validation Service: History Det Norske Veritas (DNV) was established in 1864 in Norway. The main scope of work was to identify, assess and manage risk for maritime insurance companies. Today it is globally recognised as a trusted independent party in many sectors. Ascertia is an experienced global provider of electronic identity (eID) validation and advanced digital signature software solutions, focusing on enabling trust within e-commerce environments using digital certificate, signature, timestamp, archive and encryption technologies. 2006: DNV initiates project to build an independent identity validation service based on proven risk-based methodologies and using Ascertia Technology. 2007: BBS chosen as delivery partner 2009: BBS incorporates Global Validation Service into its SaaS portfolio maintaining DNV for CA risk analysis and T3P integrity. 2009: BBS’s Global Validation Service chosen as Trust Anchor for Norwegian Govt’s eHandel e-Procurement Solution
Global Validation Service Function A Global Validation Service should: manage signatures from many different communities within the digital process provide an independent CA quality data for policy based processes work in a global environment – not just Europe provide guaranteed service levels for timely business decisions Inform the Relying Party on the quality and trustworthiness of the signed documents received
Aiding inter-Community Relationships • Risk reduction • The Global Validation Service takes on the risk management of the transaction • Trust • A signature recipient can trust the Global Validation Service, as opposed to multiple Certificate Authorities, each having its own liability agreements under different national laws • Business processes • There is one contract partner, one point of billing, one liable actor under contract law, no matter how many communities you interact with. • Compliance • There is just one point of enforcement and historical record • Security • Documents do not leave local domain.
BBS Global Validation Service Architecture 4 Sequence of Events Sender uses certificate from their CA to sign document Sender transmits signed documents Receiver refers document to BBS via Gateway which ‘hashes’ document for security GVS checks the signature against known Certificate Authorities for quality and applies Receiver’s own policies GVS responds with assessment and ‘Fit for Purpose’ recommendation 5 3 1 2 s.18
Connecting Communities CA Quality Level Global Validation Service Certificate Authority 1 Certificate Authority 3 Certificate Authority 2 Sender Recipient Community 2 Community 3 Community 1
Technical Compliance • Uses advanced CRL freshness policies to ensure the most up-to-date answers • Supports OASIS, ETSI, IETF, W3C and other relevant industry standards • Support for PEPPOL and other EU initiatives • Complexity of multiple signature formats, and certificate validation processes managed by GVS: • PDF, XML DSig, PKCS#7, CMS, S/MIME, XAdES, CAdES, PAdES
Summary Global Validation Services are provided from BBS • Inter Community transactions are complex if you wish to manage risk. • Digital signatures can solve many issues but..... • The variable quality, risk and liability associated with many different eIDs and eSignatures from different communities leads to complexity and cost • A Global Validation Service (GVS) can • act as a single point for compliance and transparency • reduce relying-party needs for many one-to-one contracts • determine if communication is ‘Fit For Purpose’ for the relying party • widen the market access for any community
Jon Shamah EMEA Head of Sales jshamah@bbs.no Mob: +44.7813.111290 BBS, eSecurity Haavard Martinsens vei 54, N-0045 OSLO