Page tree

eDelivery Documentation


Trust establishment

In order to activate the message exchange, two public administrations’ Access Points need to establish trust between each other. The trust models of eDelivery are all based on digital certificates.

The way these digital certificates are used in 'run time' to secure the communication between Access Points is shown below. 

  1. The sending Access Point uses its digital certificate to sign  the data and documents, it may also encrypt it using the public key of the receiver
  2. The receiving Access Point confirms the digital signature of the sender and decrypts the data using its digital certificate
  3. The receiving Access Point sends a signed receipt message to the sending Access Point

Two trust models are available to create, manage, distribute, store and revoke the digital certificates of the Access Points: either PKI model or a mutual exchange model of digital certificates. The communication between SMP and SML components is secured through two-way TLS.

Which components are involved

Components

Security Controls

Standards

ETSI - Electronic Signatures and Infrastructures

Trust establishment, what are the benefits 

Security

  • You are certain that data and documents are secured against any modification (integrity).

  • You are certain that documents are encrypted during the transmission (confidentiality)

  • You are certain that the origin and the destination of the data and documents are trustworthy

Scalability and Performance

  • You are certain that the message exchange network will adapt to an increasing number of nodes, as opposed to a stable number of nodes