OEWG 09-06-2011

• Review existing Methods already in place for exchange of data

- General Introduction Lex Moret, EL&I the Netherlands

Client Program (Certification of Agricultural Goods at Im and Export to a new future)

• Import (2002-2004)• Export (2004 -2010)• E-certification (2010-2011)

2

E-Certification

• Export Certification Kenya• UNCTAD• Pilot Republic of Korea• Pilot China• (Pilot USA)

3

Paradigms

• Use (defacto) standards • Use solutions created by other

countries (New Zealand)• Create new solutions• Versatile systems (support for

multipe Standards) • Reduce administrative burdens for

the private sector

4

XML

XML

Digital Signature

Equivalent of a stamped signature

1.Binding to a person (or organisation)2.Difficult to copy

Electronic Signature (Digital Evidence)

• Authentication• Integrity• Non-repudiation

In any step of the lifecycle

7

Diagram showing how a simple digital signature is applied and then verified

9

Standard ECONOMIC COMMISSION FOR EUROPE

COMMITTEE ON TRADECentre for Trade Facilitation and Electronic Business

TBG “Security Project” hosted by TBG6Recommendation No. 37

Digital EvidenceCertification

RecommendationSOURCE: The Chair

ACTION: Review before further iteration of Open Development Process Step 5 – Public Review

STATUS: Proposed Publication Draft

11

Decisions

Signature type•XML Dsig (W3c) (NL signing server)•XAdES/BES XAdES-T•XAdES-C•Etc. •DEC-R (recommended by TBG 5)

12

Decisions

Hashing Algorithm•SHA-1•SHA-256 (NL signing server)•Etc. Signature/document relationship•Enveloping (NL signing server)•Enveloped

13

XML

Digital Signature

Functions

•Acces Control + audit trail

•Search

•Download

•Update (status)

•Monitor

DBMSDBMS

Certificate MasteringSystem (CMS)

Functions

• Technology : Webservices (SOAP)

• Acces Control : UN/PW• Implemenation : WSDL (tbd)

17

Webservices (example CMS NL)based on NZ and Korea

18

19

BUSINESS REQUIREMENTS SPECIFICATION(BRS)  Business Domain: Government to Government electronic certification for traded agricultural commodities Business Process: Electronic transmission of data exchanged between government inspection and quarantine authorities involved in border

Document Identification: Export Certificate Title: E-cert BRS UN/CEFACT International Trade and Business Processes Group: TBG15

Ⅱ. Business ProcessStatus Transition

Initial

Approved

Acknowledged

Accepted

Rejected

Detained

Request Replacement

Withdrawn

Border Inspection – Permitted States

for Transition

ReplacementAuthorised

ToBe Replaced

Replaced

Revoked

By SOAP Client of Import Agency

By Border Inspector

Network(InternetNetwork(Internet

Secure Acces by foreign NPPO (HTTPS with 128 bit SSL)

XML

Digital Signature

Functions

Export Certiffication

System

Export Certiffication

System

CertificateMastering

System

CertificateMastering

System

InspectionPanning System

InspectionPanning System

Signing & Verification

System

Signing & Verification

System

System Architecture NL(SOA)

23

Network

Plant QuarantineInformation

System(PQIS)

Internet

Request Request

ExportingCountry

SOAPServer

SOAPClient

Request

ImportingCountry

Korea import from ..

Certificate Mastering

System(CMS)DB

Response(XML) eCertCertificates Information

Response(update result)

Result

- Register the result

SOAPServer

SOAPClient

Request(Result Status update)

Certificate data

Import Inspector

accept_certificatereject_certificatedetain_certificate

request_replacement_certificate

acknowledge_certificateaccept_certificatereject_certificatedetain_certificate

request_replacement_certificateSigning server

Signing serverSigning server

Verfication server

Verfication server

And not to forget …..

• Emergency Procedures• Disaster Recovery

procedures

24

Interesting URL’s

Creating Signing services : http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dssTesting signing services :http://www.globaltrustfinder.com/XMLUsUN Recommendation on E-signatures:http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce/2001Model_signatures.htmlUN/CEFACTRecommendation No. 37: Signed Ditial Evidence Interoperability Recommendation, submitted for approval by the Architecture, Engineering and Construction Working Group – TBG6, 27 september 2010

25

Questions ?

A.J.MoretProjectmanager Client

International – NL+31653297989

A.J.Moret@MINLNV.nl

26