SG&AETSI FUTURE WORKSHOP – Sophia Antipolis, 16th January 2007

ElectronicElectronic SignaturesSignatures

Riccardo Genghini, Chairman of Etsi Esi TCriccardo.genghini@sng.it

The ETSI Esi TC structure

TC ESI is responsible for Electronic Signatures and Infrastructures standardization. There are currently 4 Special Task Forces assisting in this activity:

STF 298 Electr. Sign. profiles formatSCOPE: adapt TS 101903 and 102903 to business use

STF 305 Digital Accounting (SODA)SCOPE: specify the formats and security properties of signed documents for accounting

STF 317 Algo-Paper param. RevisionSCOPE: adapt security requirements of Algorithms to new security threads

STF 318 Registered e-mailsSCOPE: specify theapplication of electronic signatures for securing emails and their delivery receipts

The ETSI Esi deliverables/publications

Following STFs in 2006 completed their workSTF 288 International harmonisation of ETSI

Electronic Signature StandardsSTF 289 Joint ESI-W3C WG on XML Advanced

Electronic SignaturesSTF 290 - Relying Party Access to TSP Status List

Following the most recent deliverablesTS 102 734 Profiles of CMS Advanced Electronic

Signatures based on TS 101 733 (CAdES)TS 102 904 Profiles of XML Advanced Electronic

Signatures based on TS 101 903 (XAdES)Algo paper TS102 176-1 (to be approved at ESI#16)Algo paper TS102 176-2 (to be approved at ESI#16)

Liaisons with other fora21 FORA

CEN/ISSS European Committee for Standardisation - Information Society Standardisation SystemebXML Electronic Business XML InitiativeECBS European Committee for Banking StandardsEMVCo Europay/MasterCard/Visa ConsortiumEPF Electronic Payments ForumHR-XML Consortium HR-XML ConsortiumICTSB Information and Communications Technologies Standards BoardIFIP International Federation for Information ProcessingILPF Internet Law and Policy ForumISOC Internet SocietyMeT Mobile Electronic TransactionsmSign Mobile Electronic Signature ConsortiumOBI Open Buying on the InternetOPA Online Privacy AllianceOpen Group Security Forum The Open Group's Security ForumPKI Forum Public-Key Infrastructure ForumRadicchio RadicchioRosettaNet RosettaNetSETCo Secure Electronic Transaction LLCTFPC Telecommunications Fraud Prevention CommitteeXIWT Cross-Industry Working TeamUPU Universal Postal UnionInternational cooperation

Liaisons with other foraFOLLOWING FORA HAVE PRODUCED OWN SPECIFICATIONS ON THE

BASIS OF ETSI ESI SPECIFICATIONS OR HAVE WORKED ON THE MAPPING AND REVERSE MAPPING OF THEIR SPECIFICATIONS WITH

ESI SPECIFICATIONS

ASIA PKI FORUM

APEC

Federal US PKI

IETF

ECOM http://www.ecom.jp/ecom_e/

FOR QUALIFIED SIGNATURES (I.E. LEGALLY BINDING SIGNATURES) THE ETSI-ESI SPECIFICATIONS ARE THE MOST

REFERENCED AND CONSIDERED WORLDWIDE

Open Issues

EESSI Standards have been a first important step towards the solution of Open Issues!

European co-ordination of Supervision European Accreditation SchemesEuropean Root Authority

European InteroperabilityE-InvoicingDigital AccountingHealth card

… and …

The near future?e-Invoicing…

• Greater companies do 90% of invoicing with partner or controlled companies

• The production (print + storage) of paper invoices is currently made only for compliance

• The overall cost of a printed invoice varies from € 2 up to € 10 per invoice

• The overall cost of an e-Invoice is less then € 0,2 Registered Email (REM) …

• Origin authentication• Proof of delivery• Long term availability

Digital Accounting• Paper based accounting is currently made only for

compliance to fiscal regulation: even in SMs Enterprises the accounting is software-based

• Paper was ineffective in all major accounting frauds• Digital accounting supported by a Trusted Third Party is

more resilient and trustworthy…

Sender’s services

Sender REM provider services

Recipient REM provider services

Recipient’s services

Auxiliary Security Services providers

(signature, signature verification, TSA, etc.)

Gateway with physical post and/or

external e-mail

Authentication,

Message

submission

Notifications

(message

delivery, etc.)

REM !

Notifications (message

delivery, etc.)

Authentication, message

forwarding

Mes

sage

de

liver

y dia

logue

Exit to physical

mail or to non

REM e-mail

Mail in

coming

from no

n REM

Basic services Additional services

The mid-term future?

re-defining the borderline between written and non written language

… speech recognition … and … talking with the keyboard

re-positioning non verbal language and non verbal information in the legal environment (legally relevant on-line behaviour; legally binding dynamic reproductions of events and facts

Secure Virtual Reality: URL Authentication and Visitor Authentication for user-friendly interaction

Conclusions:

In the next 5 years we will move from here ..

Conclusions:

...to here...

Thank youThank you

for your attention!for your attention!

riccardo.genghini@sng.it