70 likes | 197 Views
The French national initiative of e-procedures in Social sector. Jacques Sauret General Director Groupement d’intérêt public – Modernisation des déclarations sociales (GIP-MDS) www.gip-mds.fr. European Electronic Signature Standardization Initiative Conférence : the Business Perspective
E N D
The French national initiative ofe-procedures in Social sector Jacques Sauret General Director Groupement d’intérêt public – Modernisation des déclarations sociales (GIP-MDS) www.gip-mds.fr European Electronic Signature Standardization Initiative Conférence : the Business Perspective Panel III : EESSI Contribution in secure eGouvernement EESSI - 19/06/01
Net-entreprises : a new official service for social e-procedures in France • a unique gateway for any company to fill and send social declarations • a simple, free of charge, standard based service • launched by the French governement in 1999, • All insitutions in charge of Social protection have created in March, 2000, a new Agency, the GIP-MDS, to build the service • The service opened in October, 2000 www.net-entreprises.fr EESSI - 19/06/01
Net-entreprises.fr and security : needs • 3,3 M companies in France, 90 % having less than 10 employees • These companies send around 130 M paper forms each year to social protection institutions • These forms may contain : • Payments (more than 300 billion euros per year) • Sensitives information (financial, personal, medical) Security needs are different from a social declaration to another one, but the overall needs are very high in terms of strong authentication, non repudiation and confidentiality EESSI - 19/06/01
Net-entreprises.fr and security : solution (1) • Actual solution (identification + password) is not sufficient • The decision was taken (april, 2001) to migrate to PKI solution for • Strong authentication • Electronic signature • Confidentiality (encryption) EESSI - 19/06/01
Net-entreprises.fr and security : solution (2) At mid-2002, Net-entreprises will accept certificates from other CA’s But : problem of cross-certification • We want to build up a intersectorial certification policy with 3 or 4 security levels • Ex. : level 1 : X509V3 from an unknown issuer or security level < level 2 level 2 : to be defined (based on French Ministry of Finance’s certifcation policy level 3 : to be defined (if necessary) level 4 : advanced signature / qualified certificate (1999 / 93 / EC) and/or signature sécurisée (decree of 30 march 2001) Then, every application would define services allowed for each level EESSI - 19/06/01
Net-entreprises.fr and security : solution (3) • Net-entreprises will have around 200 000 subscribers at the end of 2001, and 300-500 000 at the end of 2002 • But, because of the price of certificates, only a few of these subscribers will have a certificate • So, Institutions of Social protection will decide on Monday, June 25th, whether they become CA and distribute free of charge personal certificate to any person whom company subscribe to net-entreprises.fr (limit of 4 free of charge certificates per company) • These certificates would be qualified and only contain identity datas, to be very stable EESSI - 19/06/01
Problems/questions we have to face • Directive • What about time problems : • Time-stamping • Juridic value in long term period • Identification of persons : how to manage with doublons • What is exactly an « electronic signature creation device » ? • EESSI standards • They go further than the directive : could it lead to juridic problems ? • Will smarcards be mandatory for advanced signature ? • We need to separate personal identification (stable) and habilitation (changing) : we need attributes certificates. EESSI - 19/06/01