Policy and legislation :: Standardisation aspects of eSignatures
11 October 2011
Article 3.5 of the Directive on eSignature allows the Commission to establish and publish reference numbers of “generally recognised standards” for e-Signature products.
The scope of the mandate m460 to CEN and ETSI on electronic signature is to update the existing European eSignature standards in order to create a rationalised framework. This rationalised framework should address known issues like the current multiplicity of standards combined with the lack of usage guidelines; the difficulty of access and lack of business orientation which are detrimental to the interoperability of e-signatures; and the presentation of a high number of options makes it difficult for implementations to support all non-mandatory elements and results in incompatibilities.
Following the acceptance of the mandate by CEN and ETSI, the Commission is supporting its implementation with seven targeted grants for the first phase of the activities:
CEN grant 2010-31
Proposal to update CWA 14167 and CWA 14169. Detailed description of tasks to be undertaken in the context of the update of CWA 14167 to TS and of CWA 14169 to EN (pre-requisite for the update of Decision 2003/511).
CEN grant 2010-3S
Response to mandate m460. Detailed response to mandate M/460, with description of tasks to be undertaken in Phases 1a and 1b (as outlined in the document "Joint CEN and ETSI Response to Mandate M/460").
CEN grant 2010-33
Response to mandate m460, Phase 1b (new PP). Complements Proposal #31 to convert TS into EN and to create two new protection profiles (1. Security requirements for server signing to become TS 14167-x and 2. Security requirements for restricted identification to become TS 14169-x)
ETSI grant 2010-10
Response to mandate m460, Phase 1a. Detailed specification of the action required under phase 1a aimed at defining the structure for the rationalised framework for e signature standardisation, in line with tasks set out in clause 2.2 of mandate M/460.
ETSI grant 2010-11
Response to mandate m460, Phase 1b - Quick fixes to electronic signatures profiles. Specification of a Baseline Profile (ETSI Technical Specifications) for all the Advanced Electronic Signatures, i.e. CAdES, XAdES, PAdES and Associated Signatures, which fulfil the minimum basic requirements defined in Directive 2006/123/EC (services in the internal market), and provide the same basic features with minimal number of options or no options at all.
ETSI grant 2010-12
Response to mandate m460, Phase 1b - Quick fixes to electronic signatures standards. Development of 3 ETSI European Norms (ENs) and 4 ETSI Technical Specifications (ETSI TS):
- "Conformity Assessment requirements and guidance"
- "Policy requirements for certification authorities issuing qualified certificates" (to be EN 301 456)
- "Policy requirements for certification authorities issuing public key certificates" (to be EN 302 042)
- "Qualified Certificate profile" (to be EN 301 862)
- "X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons"
- "Signature verification procedures and policies"
- "Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms"
ETSI grant 2010-13
Response to mandate M/460, Phase 1b - Quick fixes to testing electronic signatures standards. Response to mandate M/460: quick fixes in relation to testing aspects for electronic signatures (4th and final ETSI proposal related to phase 1 of the mandate), complementing proposals 2010-11 and 2010-12. The objective of this proposal is to achieve quick fixes to provide a quick and easy improvement of the functionality of the existing e-signature standardisation deliverables, bringing them up to date with current practices.
The goal is to:
- Develop an ETSI Technical Specification (ETSI TS) on conformance assessment for the XAdES baseline profile as specified in the proposal ETSI 2010-11.
- Develop a conformance assessment tool for the XAdES baseline profile developed in the proposal ETSI 2010-11, in order to enable EU Member States implementers to perform conformance testing of the aforementioned profile.
- Prepare a first interoperability test event on PAdES (ETSI TS 102 778) signatures and Associated Signatures (ETSI TS 102 918 to be published by the end of 2010).
- Produce two ETSI Technical Specifications (ETSI TS), namely: one Technical Specification on PAdES signatures interoperability tests, and one Technical Specification on Associated Signatures interoperability tests.
The actual implementation work has started in January 2011. Please visit ETSI and CEN dedicated joint website for updates.