1 / 15

EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca

EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca Authority for Information Technology in the public administration. AGENDA. Digital signature in Italy Why “Interoperability” ? The problems The solutions The future perspective.

roz
Download Presentation

EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca Authority for Information Technology in the public administration Rome, 7 April, 2003

  2. AGENDA • Digital signature in Italy • Why “Interoperability” ? • The problems • The solutions • The future perspective Rome, 7 April, 2003

  3. Digital Signature in Italy • 13 accredited certificate service providers • About 600.000 qualified certificates • About 10.000 qualified certificates in public administration • About 250.000 non qualified certificates for tax filing and ID cards (5.2 signatures) Rome, 7 April, 2003

  4. Why “interoperability” ? • The Directive : “...the interoperability of electronic-signatures products should be promoted...” (whereas 5) • Interoperability is prerequisite for electronic documents exchange • Interoperability in PKI can be achieved • using standards (e.g.: EESSI deliverables) • using specific technical agreements Rome, 7 April, 2003

  5. What is interoperability - 1 • A signer “subscribes” an object (an electronic document, data in a transaction, a web form, an e-mail message, etc.) • A verifier checks the signature in order to ascertain: • who signed • which is the legal effectiveness of the signature (e.g: 5.1 or 5.2) • which are the signature limitations • the signed data integrity and origin Rome, 7 April, 2003

  6. What is interoperability - 2 • A signer might use a SSCD on different clients • The signature software can be : • an e-mail client • a web browser • a generic software application Rome, 7 April, 2003

  7. The problems - 1 • Documents encoding (DER, B64, XML, etc.) • Certificate extensions • Enveloping (PKCS#7, S/MIME, ISO 9796-2, XMLDSIG, XAdES, “Adobe signatures”, etc.) • Use of CRL (e.g.: Crl Distribution Point format) • E-mail messages signatures (constraints on the e-mail environment) Rome, 7 April, 2003

  8. The problems - 2 • Understanding of time stamping (RFC 3161 ?) • Definition of the character encoding (codepage) • Identify qualified certificates limitations (attributes) • Portability of smart cards (e.g. APDU) Rome, 7 April, 2003

  9. PKCS#7 Data PKCS#7 Signed Data MIME Rome, 7 April, 2003

  10. The solutions - 1 • Encoding agreements (e.g. DER) • Harmonized certificate profile (highlighted by TR 102 153) • Choice of envelope (e.g. PKCS#7) • Test bed for CRL or OCSP. CRLs are critical and this is one of the most important interoperability problems. Rome, 7 April, 2003

  11. The solutions - 2 • EESSI deliverables: - ETSI TS 101 862 (Qualified certificate profile) - ETSI TS 101 861 (Time stamping profile) - ETSI TS 101 733 (Electronic signature formats) - ETSI TS 101 903 (XML Advanced electronic signatures) • RFCs (e.g. 3280, 3369, 3370) • ISO (e.g. 9594-8, 18014-1) Rome, 7 April, 2003

  12. The solutions - 3 • A minimum profile for signed documents • A common set of APDU in smart cards (e.g. : Italian memorandum of understandment with smart card manifacturers) • A test bed (official or not official) for the exchange of the signed documents Rome, 7 April, 2003

  13. The future of interoperability • IDA CA-Bridge is useful for adding trust to inter-government applications (doesn’t solve interoperability) • Interoperability rules are mandatory for the market and especially for manufacturers • E-Europe projects harmonisation • Strong and well defined legal environment Rome, 7 April, 2003

  14. Suggested priorities • Envelope profile, data and CRL DP format • Certificate profile - formats • Certificate profile - semantics • Signatures format (e.g.:XMLDSIG, etc.) • Authentication methods (e.g.: biometrics, etc.) Rome, 7 April, 2003

  15. Thanks for your attention Rome, 7 April, 2003

More Related