tie tie – european commission r&d project project number 26763 [email protected] mobile: +44...
TRANSCRIPT
![Page 1: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/1.jpg)
TIE
TIE – European Commission R&D Project
Project Number 26763
mobile: +44 (0)7867-824237
Trust services Infrastructure for Europe
![Page 2: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/2.jpg)
Cross Border Trade & Identity
EU Legislation –
Electronic Signature
Data Protection
Trust service Infrastructure for Europe with Application Interoperability
Drive on using TIE as a catalyst - working and leading with government
& business with regulators followingRecommendation
European Trust Challenges
![Page 3: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/3.jpg)
Global Trust Challenges ?
![Page 4: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/4.jpg)
EU LEGISLATION on E-Commerce
Directive on
Electronic Signatures
draft Directiveon
Copyright in the Info Soc
Directive 98/48/EC on
Regulatory Transparency
Directive 98/84/ECon
Conditional Access Services
Directive 95/46/ECon
Data Protection
Directive 97/66/ECon
Data Protection in Telecoms
draft Directive on
Legal Aspects E-Commerce
Directive 97/7/ECon
Distance Selling
draft Directiveon
Distance Selling Fin. Services
draft Directive on
E-Money
draft Regulation on
JurisdictionTelecom Review 99
![Page 5: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/5.jpg)
TIE & E-Signature Directive Digital signature remains most important
example of an electronic signature
Under article 3.3 each member state must set up a supervision of CSPs
An accreditation scheme must be Objective, Transparent, Proportionate & Non-
discriminatory
![Page 6: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/6.jpg)
TIE & E-Signature Directive (cnt’d)
CSP accreditation schemes – it is the expectation that their instruments of accreditation (IoA) will be issued as electronic documents signed by the accreditation scheme
Each IoA can be expected to contain CSP name but also its master service key – the publi key corresponding to the private key it uses for signing certificates
![Page 7: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/7.jpg)
For global adoption it must be
Application Interoperable - Seamless
Simple, Speedy & Reliable
Accountable & Auditable
High Quality of Service 24x7
Value for Money, Affordable
Manageable, Trusted
The Commercial Challenge to PKI
![Page 8: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/8.jpg)
PKI - Some Technical Issues
Interoperability is not easy Cryptographic Algorithms Security Protocols Certificate Path Processing
especially Policy Handling Certificate Chain Building Directories
Schema, Access Control, Protocol Profiles
![Page 9: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/9.jpg)
TIE - Scope & Vision
TIE focuses on 2 main themes:
European Accreditation Services (AS) with Instruments of Accreditation (IoA)
Application Interoperability – secure messaging, web transactions, workflow - based on PKI – including time stamping, use of directories and/or attribute certificates to manage roles and authorisation
![Page 10: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/10.jpg)
The TIE Project
The Players Some of the Objectives The Deliverables/Work Packages The Plan Work Packages - More Detail Current Status Meetings/Events Summary
![Page 11: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/11.jpg)
The Players ICL - Project Management ICL – User, including Microsoft, Smart Cards GlobalSign - The Certification Authority Baltimore Technologies - CA/RA – WP6 ICRI (Leuven) - Legal Issues – WP4 Shell SI - The User & Reviewer UK PO - Reviewer IBM - Demonstrator, Trial and Pilot – WP5 The Open Group - Standardization, Awareness, Member
Participation – WP3 Utimaco - CA/RA Applications, Smart Cards ICX - Marketing, Awareness & Participation
![Page 12: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/12.jpg)
TIE - Key Objectives
Business Service Infrastructure to support Electronic Commerce
with interoperable applications supported by CSPs that supply Digital Signatures, Time Stamping, Information Recovery,
within a Legal Framework. Technical
To stimulate the development of interoperable services and products that meet needs for assurance Authenticity, Integrity, Non-repudiation, Confidentiality
![Page 13: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/13.jpg)
TIE – Objectives - 1
Specify and resolve operational issues of Trust Infrastructure Systems through the design, build and evaluation of a demonstrator, trial and pilot
a staged deployment showing selected applications detailed reports - practical, technical, operational business scenarios defined information recovery capability
![Page 14: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/14.jpg)
TIE - Objectives - 2
To achieve interoperability and trust through the establishment of standards, architectures and codes of practice
a common architecture for a PKI suitable standards in a PKI enabled environment guiding principles for users
![Page 15: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/15.jpg)
TIE - The Deliverables Architecture/Standards for PKI
D13 Core PKI Architecture Market Research Reports Business Planning Information Legal Reports
D17 Legal Issues Report produced PKI Demonstrator
D21 – Definition of the Demonstrator D45 – Systems Test & Design Plan
PKI Trial PKI Pilot CSP Guidelines Promotion & Exploitation of results of project
![Page 16: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/16.jpg)
Work Packages
1 - Awareness & Website: www.tie.org.uk 2 - Market research 3 - Specifications, standards and conformance 4 - Legal 5 - Design interoperability scenarios 6 - Build:
demonstration system, pilot system, larger scale trials
7 – Promotion & Exploitation
Cost: 1.5Meuro, 18 months
![Page 17: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/17.jpg)
TIE - The Plan
Stage 1 - Now Proof of concept demonstrator
2 X CA and 2 X RA Stage 2 – July 2000 – Jan 2001
Operational Trial 3 X CA and 7 X RA
Stage 3 – Feb 2001 – July 2001 Operational Pilot
4 X CA and 8 X RA, Smart cards,
![Page 18: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/18.jpg)
TIE – Outreach program with mini-clusters
TIE partners and sub-contractor New recruits from outreach program:
Accreditation schemes CSPs End users
Other EU projects e.g. TEN-TELECOM, EMERITUS
EESSI initiative PKI Forum??!!
![Page 19: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/19.jpg)
WP2 – Market Research Reports
Smart Card Related Developments M-Commerce, WAP & PKI Estimated Service Costs & Applicability Best Business Practice Technical Implications of EU Policy Value Added Services
![Page 20: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/20.jpg)
WP3 - The Open Group & TIE
Guiding Principles of Operation and Codes of PracticeLiaison with ABA, NACHA, NIST, PKIX, PKI Forum and Members
D16 CSP Management & Accreditation Guide
Specifications supporting “plug and play” of competing vendor modules supporting the PKI services in D14
D15 PKI Plug and PlayStandards
Specifications of suitable supporting PKI services that facilitate portability and interoperability
D14 Definition of PKI Core Services
Specification of a common architecture for PKI
D13 PKI Architecture
![Page 21: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/21.jpg)
WP4 : Legal studies
1. Legal aspects of electronic documents
2. The main legal problems of running a TTP service.Result: legal guidelines for project managers
Deliverables: D17 : Summary of legal issues D18: Legal aspects of electronic documents D19: Legal Aspects of CAs D20: Legal aspects of the Business Case
![Page 22: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/22.jpg)
D17 Summary of the Legal Issues
Summary of the basic legal issues arising with information in IT systems
The legal issues related to evidence confidentiality the setting up and operation of a PKI
![Page 23: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/23.jpg)
WP5 - Criteria
Credibility – take account of world changes Application Interoperability based on multiple components –
CAs, RAs, Directories Open and anonymous users Multiple clients – from multiple vendors Multiple roles – enabling ebusiness End-to end security – using e-mail, secure business-to-
business web transactions Various authentication mechanisms – use of smart cards Cross border (cultural, language) trade Redress – noting CRLs, OCSP and E-Signature Directive
![Page 24: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/24.jpg)
WP5 – Elements of the Scenario Include:
An EU superscheme A set of non-superschemes A set of EU and non-EU ASs which cross-certify each other and which
accredit, using digitally signed electronic IoAs A set of CSPs offering services A set of government departments and businesses A set of employees, business partners certified by CSPs A set of citizens who are certified by CSPs
Missing – the notion of a global scheme
![Page 25: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/25.jpg)
Preliminary Results to date
Indicates best chance of success comes when both CA and RA use PKIX standards – but even then there are issues of authentication to be resolved
Authentication between RA & CA not enough – the link requires property of non-repudiation – the CA business needs the ability to prove to a third party that the RA really did send the instruction
![Page 26: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/26.jpg)
Meetings/Events
Project Started mid-May 99 Press Release/Launch/Trial - Washington DC Interoperability 2&3 – TOG/Reading ’99/’00 European Commission Review 5th July 2000 Next Workshops:
25th-26th July 2000 19th- 20th September 2000 21st-22nd November 2000 4th- 5th December 2000 16th-17th January 2001 3rd – 4th April 2001
![Page 27: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/27.jpg)
Summary TIE, with its partners and associations, will address
the issues and deliver:
Trust service Infrastructure for Europe – Aligned with E-Signature Directive Interoperable Applications & CSPs Legal Framework for CSPs Interoperable Products Business Plans & Market Research Core PKI Architecture PKI Standards Test Profiles/Suites Policies & Procedures Guides and Codes of Practice
![Page 28: TIE TIE – European Commission R&D Project Project Number 26763 chris.taper@icl.com mobile: +44 (0)7867-824237 Trust services Infrastructure for Europe](https://reader030.vdocuments.us/reader030/viewer/2022032606/56649e925503460f94b98100/html5/thumbnails/28.jpg)
??Questions??