Digital

Page tree

European Commission Digital

Services

Trust Models Guidance


This guidance document aims to help businesses and public administrations to make an informed decision on the trust model to operate when using eDelivery. To support this decision, this document describes the trust models that organisations can choose when implementing the eDelivery components.


A trust model is a collection of rules that ensure the legitimacy of the digital certificates used by the eDelivery components. Digital certificates enable the identification of the organisations using eDelivery and are instrumental for the authenticity, confidentiality, integrity and non-repudiation of the information. Different trust models are available based on different trust anchor models and different rules to create, manage, distribute, store and revoke the digital certificates.



A trust anchor represents an authoritative entity via a public key and associated data. The public key is used to verify digital signatures, and the associated data is used to constrain the types of information for which the trust anchor is authoritative. A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor.

1


This document considers four alternative trust models that can be used in any implementation of eDelivery:

  • Dedicated Domain PKI: in this model, digital certificates are associated to a single trust anchor. In this case, the trust anchor serves a single domain i.e. it is a dedicated anchor.
  • Shared Domain PKI: in this model, digital certificates are associated to a single trust anchor. In this case, the trust anchor serves multiple domains i.e. it is a shared anchor.
  • Mutual exchange: this model relies on digital certificates from different trust anchors. As there is no single trust anchor, organisations use the trust anchor of their choice (typically, according a set of well-defined criteria).
  • Domain trusted lists: this model relies on a list containing the trusted certificates and/or trust anchors complying with a common domain policy. As a result, organisations are free to choose their preferred trust anchor from that list.

To facilitate the choice of the best fitting trust model, this document lists general requirements, faced by organisations interested in using the cross-border interoperable digital services deployed under the CEF Telecom programme. The assessment of the different trust models is based on expert opinion and industry good practices.


Documentation


Trust Models Guidance Document
Cross-border interoperable digital services deployed under the CEF Telecom programme

Last updated: 11 September 2018

« eDelivery Developers Community