sg&a etsi future workshop – sophia antipolis, 16th january ... · signed documents for...
TRANSCRIPT
SG&AETSI FUTURE WORKSHOP – Sophia Antipolis, 16th January 2007
ElectronicElectronic SignaturesSignatures
Riccardo Genghini, Chairman of Etsi Esi [email protected]
The ETSI Esi TC structure
TC ESI is responsible for Electronic Signatures and Infrastructures standardization. There are currently 4 Special Task Forces assisting in this activity:
STF 298 Electr. Sign. profiles formatSCOPE: adapt TS 101903 and 102903 to business use
STF 305 Digital Accounting (SODA)SCOPE: specify the formats and security properties of signed documents for accounting
STF 317 Algo-Paper param. RevisionSCOPE: adapt security requirements of Algorithms to new security threads
STF 318 Registered e-mailsSCOPE: specify theapplication of electronic signatures for securing emails and their delivery receipts
The ETSI Esi deliverables/publications
Following STFs in 2006 completed their workSTF 288 International harmonisation of ETSI
Electronic Signature StandardsSTF 289 Joint ESI-W3C WG on XML Advanced
Electronic SignaturesSTF 290 - Relying Party Access to TSP Status List
Following the most recent deliverablesTS 102 734 Profiles of CMS Advanced Electronic
Signatures based on TS 101 733 (CAdES)TS 102 904 Profiles of XML Advanced Electronic
Signatures based on TS 101 903 (XAdES)Algo paper TS102 176-1 (to be approved at ESI#16)Algo paper TS102 176-2 (to be approved at ESI#16)
Liaisons with other fora21 FORA
CEN/ISSS European Committee for Standardisation - Information Society Standardisation SystemebXML Electronic Business XML InitiativeECBS European Committee for Banking StandardsEMVCo Europay/MasterCard/Visa ConsortiumEPF Electronic Payments ForumHR-XML Consortium HR-XML ConsortiumICTSB Information and Communications Technologies Standards BoardIFIP International Federation for Information ProcessingILPF Internet Law and Policy ForumISOC Internet SocietyMeT Mobile Electronic TransactionsmSign Mobile Electronic Signature ConsortiumOBI Open Buying on the InternetOPA Online Privacy AllianceOpen Group Security Forum The Open Group's Security ForumPKI Forum Public-Key Infrastructure ForumRadicchio RadicchioRosettaNet RosettaNetSETCo Secure Electronic Transaction LLCTFPC Telecommunications Fraud Prevention CommitteeXIWT Cross-Industry Working TeamUPU Universal Postal UnionInternational cooperation
Liaisons with other foraFOLLOWING FORA HAVE PRODUCED OWN SPECIFICATIONS ON THE
BASIS OF ETSI ESI SPECIFICATIONS OR HAVE WORKED ON THE MAPPING AND REVERSE MAPPING OF THEIR SPECIFICATIONS WITH
ESI SPECIFICATIONS
ASIA PKI FORUM
APEC
Federal US PKI
IETF
ECOM http://www.ecom.jp/ecom_e/
FOR QUALIFIED SIGNATURES (I.E. LEGALLY BINDING SIGNATURES) THE ETSI-ESI SPECIFICATIONS ARE THE MOST
REFERENCED AND CONSIDERED WORLDWIDE
Open Issues
EESSI Standards have been a first important step towards the solution of Open Issues!
European co-ordination of Supervision European Accreditation SchemesEuropean Root Authority
European InteroperabilityE-InvoicingDigital AccountingHealth card
… and …
The near future?e-Invoicing…
• Greater companies do 90% of invoicing with partner or controlled companies
• The production (print + storage) of paper invoices is currently made only for compliance
• The overall cost of a printed invoice varies from € 2 up to € 10 per invoice
• The overall cost of an e-Invoice is less then € 0,2 Registered Email (REM) …
• Origin authentication• Proof of delivery• Long term availability
Digital Accounting• Paper based accounting is currently made only for
compliance to fiscal regulation: even in SMs Enterprises the accounting is software-based
• Paper was ineffective in all major accounting frauds• Digital accounting supported by a Trusted Third Party is
more resilient and trustworthy…
Sender’s services
Sender REM provider services
Recipient REM provider services
Recipient’s services
Auxiliary Security Services providers
(signature, signature verification, TSA, etc.)
Gateway with physical post and/or
external e-mail
Authentication,
Message
submission
Notifications
(message
delivery, etc.)
REM !
Notifications (message
delivery, etc.)
Authentication, message
forwarding
Mes
sage
de
liver
y dia
logue
Exit to physical
mail or to non
REM e-mail
Mail in
coming
from no
n REM
Basic services Additional services
The mid-term future?
re-defining the borderline between written and non written language
… speech recognition … and … talking with the keyboard
re-positioning non verbal language and non verbal information in the legal environment (legally relevant on-line behaviour; legally binding dynamic reproductions of events and facts
Secure Virtual Reality: URL Authentication and Visitor Authentication for user-friendly interaction
Conclusions:
In the next 5 years we will move from here ..
Conclusions:
...to here...