Upload File

directory listing security... · 2013. 9. 4. · title: slide 1 author: molinarosete created date:...

  • Home
  • Documents
  • Directory Listing Security... · 2013. 9. 4. · Title: Slide 1 Author: molinarosete Created Date: 4/26/2013 10:16:43 AM
16
© ETSI 2011. All rights reserved ETSI Electronic Signatures and Infrastructures (ESI) TC Presented by Andrea Caccia, ETSI/ESI liaison to ISO SC27 ( a.caccia @ kworks.it )

Upload: others

Post on 27-Jan-2021

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • © ETSI 2011. All rights reserved

    ETSI Electronic Signatures and Infrastructures (ESI) TC

    Presented by Andrea Caccia, ETSI/ESI liaison to ISO SC27 ( a.caccia @ kworks.it )

  • ETSI TC ESI - Electronic Signatures and Infrastructures

    TC ESI is responsible for Electronic Signatures and Infrastructures standardization within ETSI

    ETSI (with CEN, European Committee for Standardization) are collaborating to execute the European Commission mandate M/460 on Electronic Signature Standardisation ("Rationalised Framework")

    Collaborates with ETSI Centre for Testing and Interoperability (CTI) to organize Plugtests™ for conformance and interoperability testing events

    http://www.etsi.org/services/plugtests

    General information on TC ESI activities available at:

    http://portal.etsi.org/esi/esi_activities.asp

    2 © ETSI 2011. All rights reserved

    http://www.etsi.org/services/plugtestshttp://portal.etsi.org/esi/esi_activities.asp

  • More sound eSignature Market through the rationalization of:

    • the legal framework

    • the standardisation framework

    • the trust framework

    Towards a more consistent framework

    3 © ETSI 2013. All rights reserved

    Sound legal framework

    Sound standardisation framework

    +

    Sound trust framework

    +

    Key success factors for a Sound market

    and for cross-border implementation &

    (international) recognition for eSignatures

    mapping

    consistent

  • © ETSI 2011. All rights reserved 4

    The new rationalized framework (CEN-ETSI)

    Signature Creation & Validation

    TSPs supporting eSignature Trust Application Service Providers

    Trust Service Status Lists Providers

    Signature Creation Devices Cryptographic Suites

    TSPCertificates TSSP SGSP SVSP Registered eMail Information Preservation

    CAdES XAdES PAdES ASiC …

    SSCD Suites Requirements

    Guidance

    Other SCDs

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformity Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    6 Functional Areas (& Sub-Areas)

    5 Document types:

    Guidance

    Policy & Security requirements

    Technical specifications

    Conformity assessment

    Testing compliance and interoperability

    Consistent numbering scheme (19XXX series)

    Documented in:

    ETSI SR 001 604

    Standards classified by:

  • eSignature Standards Framework (CEN-ETSI)

    Signature Creation

    & Validation

    1

    Signature

    Creation Devices 2 Cryptographic

    Suites 3

    Trust Application

    Service Providers 5

    TSPs supporting

    eSignature 4

    Trusted Lists Providers

    6

    • Rules & procedures • Formats • Signature Creation / Validation Protection Profiles

    • XAdES (XML) (ISO 14533-1) • CAdES (CMS) (ISO 14533-2) • PAdES (PDF) (ISO 32000-2) • AdES in Mobile envmts • ASiC (containers, e.g. ODF)

    Common Criteria Protection profiles for: • Smart Cards • HSMs • Signing services

    • Key generation • Hash functions • Signature algorithms • Key lengths • ...

    • Registered eMail & eDelivery

    • Long term preservation

    • Certificate Authority • Time-stamping • Signing Servers • Validation Services

    • List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists)

    © ETSI 2013 All rights reserved 5

    6 Functional Areas (& Sub-Areas)

  • Scope & objectives of the framework

    Business oriented/driven

    Simple & easy to use and tuned to business needs

    • Business guidelines (as for “dummies” as possible)

    • Clear specifications & requirements (baseline profiles with less options as possible)

    • Conformity Assessment Guidance

    • Testing specifications and facilities

    Mapped to legal requirements

    Target clear EN status whenever applicable

    Easy to find

    6 © ETSI 2011. All rights reserved

    Signature Creation & Validation

    TSPs supporting eSignature Trust Application Service Providers

    Trust Service Status Lists Providers

    Signature Creation Devices Cryptographic Suites

    TSPCertificates TSSP SGSP SVSPRegistered eMail Information Preservation

    CAdES XAdES PAdES ASiC …

    SSCD Suites Requirements

    Guidance

    © ETSI 2011. All rights reserved1

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Other SCDs

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

    Policy & Security Requirements

    Guidance

    Conformance Assessment

    Testing Compliance & Interoperability

    Technical Specifications

  • Mandate M460 - Phase 1 (achieved)

    Framework specification & Quick Fixes

    • Rationalised Framework definition (STF 425) • Inventory of eSignature Standards (worldwide)

    • Rationalised Framework Definition

    • Gap Analysis & Work Plan

    • Quick Fixes • STF 427 (CSP Conformity Assessment, QC profile, Sig.

    Validation Procedures, eSig algorithms maintenance)

    • STF 426 (X/C/PAdES & ASiC baseline profiles)

    • STF 428 (XAdES conformance testing, PAdES & ASiC interoperability tests)

    • CEN (Update CWA 14169 & CWA 14167 towards EN’s)

    Stakeholders involvement:

    • Website: www.e-signatures-standards.eu

    • Workshop on Nov 21st, 2011 Paris (FR)

    • Mailing list available

    7 © ETSI 2011. All rights reserved

    http://portal.etsi.org/stfs/STF_HomePages/STF425/STF425.asphttp://portal.etsi.org/stfs/STF_HomePages/STF425/STF425.asphttp://portal.etsi.org/stfs/STF_HomePages/STF427/STF427.asphttp://portal.etsi.org/stfs/STF_HomePages/STF427/STF427.asphttp://portal.etsi.org/stfs/STF_HomePages/STF426/STF426.asphttp://portal.etsi.org/stfs/STF_HomePages/STF426/STF426.asphttp://portal.etsi.org/stfs/STF_HomePages/STF428/STF428.asphttp://portal.etsi.org/stfs/STF_HomePages/STF428/STF428.asphttp://www.e-signatures-standards.eu/missionhttp://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/

  • © ETSI 2011. All rights reserved 8

    Mandate M460 - Phase 2 (ongoing)

    STF 457 Framework and Coordination Activities

    • fulfilment of the Rationalised Framework across all areas as defined in Phase 1 http://portal.etsi.org/stfs/STF_HomePages/STF457/STF457.asp

    STF 458 Activities related to Signature Creation and Validation and Trusted Service Providers (TSP) supporting eSignatures

    • align specifications for procedures and formats for signature creation and verification with the framework and progression to EN

    • align specifications for TSP supporting electronic signatures with the framework and progression to EN

    http://portal.etsi.org/stfs/STF_HomePages/STF458/STF458.asp

    STF 459 Testing Compliance & Interoperability and Trust Applications Service Providers

    • study standardisation requirements for Electronic Delivery applying electronic signatures

    • develop a set of technical specifications and tools that act as catalysers for implementing essential standards of the framework

    http://portal.etsi.org/stfs/STF_HomePages/STF459/STF459.asp

    http://portal.etsi.org/stfs/STF_HomePages/STF457/STF457.asphttp://portal.etsi.org/stfs/STF_HomePages/STF457/STF457.asphttp://portal.etsi.org/stfs/STF_HomePages/STF457/STF457.asphttp://portal.etsi.org/stfs/STF_HomePages/STF457/STF457.asphttp://portal.etsi.org/stfs/STF_HomePages/STF457/STF457.asphttp://portal.etsi.org/stfs/STF_HomePages/STF458/STF458.asphttp://portal.etsi.org/stfs/STF_HomePages/STF458/STF458.asphttp://portal.etsi.org/stfs/STF_HomePages/STF458/STF458.asphttp://portal.etsi.org/stfs/STF_HomePages/STF458/STF458.asphttp://portal.etsi.org/stfs/STF_HomePages/STF458/STF458.asphttp://portal.etsi.org/stfs/STF_HomePages/STF459/STF459.asphttp://portal.etsi.org/stfs/STF_HomePages/STF459/STF459.asphttp://portal.etsi.org/stfs/STF_HomePages/STF459/STF459.asphttp://portal.etsi.org/stfs/STF_HomePages/STF459/STF459.asphttp://portal.etsi.org/stfs/STF_HomePages/STF459/STF459.asp

  • Creation and validation of electronic signatures

    9 © ETSI 2011. All rights reserved

    Stakeholders level: Business driven guidance

    Policy level: Policy and security requirements, including protection profiles

    Technical specification Level:

    • Formats and packaging of signatures

    • Procedures for creation and validation

    • Signature Policies

    Assessment level: conformance assessment of applications and procedures

    Testing compliance and interoperability

  • Signature Creation Devices

    Secure Signature Creation Device (SSCD)

    • Smart card

    • HSM for Server signing (massive/remote)

    -> "Signature in the Cloud" workshop, Mar 14, 2013

    http://docbox.etsi.org/Workshop/2013/201303_SIGNATURES_IN_CLOUD

    Other Signature Creation Devices

    • Cryptographic devices used by Trust Service Providers for signing services or for key generation

    • Electronic seals (legal persons)

    Conformity Assessment based on Common Criteria

    10 © ETSI 2011. All rights reserved

    http://docbox.etsi.org/Workshop/2013/201303_SIGNATURES_IN_CLOUDhttp://docbox.etsi.org/Workshop/2013/201303_SIGNATURES_IN_CLOUDhttp://docbox.etsi.org/Workshop/2013/201303_SIGNATURES_IN_CLOUDhttp://docbox.etsi.org/Workshop/2013/201303_SIGNATURES_IN_CLOUDhttp://docbox.etsi.org/Workshop/2013/201303_SIGNATURES_IN_CLOUD

  • TSP supporting eSignatures

    • TSP issuing certificates

    • Qualified

    • SSL Certificates

    • Other PKC

    • TSP Providing Time-Stamping Services

    • TSP Providing Signature Generation Services

    • TSP Providing Signature Verification Services

    11 © ETSI 2011. All rights reserved

  • Policy Requirements Document Structure Planned (Provisional)

    © ETSI 2013 All rights reserved 12

    EN 319 401

    General Policy Requirements for TSPs

    EN 319 411-2-1

    CA Issuing

    Qualified

    Certificates

    EN 319 411-3-1

    CA Issuing

    Public Key

    Certificates

    EN 319 411-4-1

    CA Issuing

    Web Site

    Certificates

    TS 119 411-2-2

    Audit

    Check

    List

    TS 119 411-3-2

    Audit

    Check

    List

    TS 119 411-4-2

    Audit

    Check

    List

    ISO 2700x

    CAB Forum

    Web Cert

    Guide

    ….

    ….

  • Trust Application Service Providers

    Registered Electronic Mail

    • delivery evidences for mail based services

    Registered Electronic Delivery (to be specified) • delivery evidences for messaging services (such

    as ISO 15000-2 ebXML Messaging Service Specification) -> ISO TC 154

    Data Preservation Systems Security • specifies security and reliability measures for

    Electronic Data Preservation Service Providers consistent with ISO 27001 and 27002

    13 © ETSI 2011. All rights reserved

  • Cryptographic suites

    Need for guidance for interopability

    Maintain existing TS 102 176

    Further take into account (inter)national rules

    • France: ANSSI RGS

    • Germany: BSI

    • …

    • NIST, etc.

    Further take into account recognised experts recommendations

    look after crypto algorithm guidance in long term

    14 © ETSI 2011. All rights reserved

  • Trust service status providers

    Policy requirements for Trust List Providers

    Trust Status List Formats

    Conformity assessment

    Testing conformance and interoperability

    15 © ETSI 2011. All rights reserved

  • Thank You – Any Questions

    © ETSI 2013 All rights reserved 16

    Subscribe to the E-SIGNATURES_NEWS mailing list see www.e-signatures-standards.eu

    Documents available from

    http://pda.etsi.org/pda/queryform.asp

    Other questions:

    a.caccia @ kworks.it

    http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://www.e-signatures-standards.eu/http://pda.etsi.org/pda/queryform.asphttp://pda.etsi.org/pda/queryform.asp

Listing Regulations as on March, 2013

Listing top 4 drones

Jan-June 2013 Honor & Memorial Listing

2012-2013 MASTER BOOK Student Listing Only

AUSTRALIA 2013 COMPETITIVE EXHIBIT LISTING RESULT (BY …

Snc Chart Listing-4

2013 University of Lethbridge Donor Listing

Membership Listing 2013

MRA Partners Listing and Expertise Dec 2013

2013 04 09 Candidate Listing

`2013 Listing Presentation Land Scape

Bab 4 Listing Program FORTRAN

R & R Property - Listing Brochure June 2013

2013 Listing Brochure

Listing Statement 15th July 2013 - Rich

2013 listing presentation updated on oct 7. 2013

February 2013 Honor Memorial Listing

Pinergy - Listing Reports · Pinergy - Listing Reports 5/4/20, 6:29 AM

Listing Agreemnet for Equity Updated Till 4 December 2013

HKEX LISTING DECISION HKEX-LD75-2013 (July 2013) …...This listing decision sets out the reasons why the Exchange returned certain listing applications from December 2012 to April

YWCA Princeton Summer 2013 Class Listing

BFA Summer 2013 Course Listing

Rehabilitation Plan Employer Listing Page 1 of 90 As of: 1 Feb 2013 · 2013. 4. 16. · Rehabilitation Plan Employer Listing As of: 1 Feb 2013 Page 1 of 90 Employer # Employer Name

OCCURRENCE LISTING Aircraft Below 5700kg OCCURRENCES … · 2015. 4. 28. · OCCURRENCE LISTING Aircraft Below 5700kg OCCURRENCES RECORDED BETWEEN 01 April 2013 and 30 April 2013

AMMJ - Condition Monitoring Listing for 2013

`2013 Listing Presentation iPad-Tablet-Mobile Version

Europes500 Listing 2013

PARIS SELECT - LISTING HOTEL 2013

The 2013 CIO 100 Listing

Listing of Unit Fees for 2013 - Deakin University · 1 October, 2012 Deakin University - listing of Unit Fees for 2013 Page 1 of 39 Listing of Unit Fees for 2013 * Student contribution

DOG WHISPERER PRODUCT LISTING CESAR MILLAN PRODUCT LISTING 2013 2011

Foreign Entities Listing on · PDF fileASX LISTING RULES Guidance Note 4 ASX Listing Rules Guidance Note 4 Page 1 1 December 2017 FOREIGN ENTITIES LISTING ON ASX . The purpose of this

MRket July 2013 - Brand Listing

Listing Presentation 2013

KW 2013 Listing Presentation Land Scape Lil