Digital

Blog

European Commission Digital

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

eDelivery PKI and SML Services: latest updates

Migration of the eDelivery Public Key Infrastructure (PKI) from its incumbent certification authority to CommisSign-2, the certification authority of the European Commission, is ongoing. All owners of active PKI domains have signed the updated General Terms and Conditions (GTC) document, thus fulfilling the pre-condition for their domains to be able to request certificates from the new provider. Currently, 283 certificates are left to migrate to the new certification authority.  

The project owners are advised to encourage their users to migrate to the new CommisSign-2 certificates by the end of January 2023, as in early 2023, all certificates issued by the previous certification authority will be revoked.  

In the end of October 2022, Service Metadata Locator (SML) 4.2 was installed in the SML Service of the European Commission. SML 4.2 was released in October 2022 and includes a number of new features and fixed bugs.  

For more information on eDelivery PKI and SML Services, don’t hesitate to contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu.  

The eDelivery Building Block | PKI service | SML service 

eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange. 

The eDelivery PKI service enables issuance and management of the digital certificates used on the deployed eDelivery components, e.g., between eDelivery Access Points (AP) and Service Metadata Publishers (SMP), to ensure confidentiality, integrity and non-repudiation of the data moving across systems. 

In its capacity of Solution Provider of the eDelivery Building Block, the European Commission makes available a PKI service to organisations participating in eDelivery-based projects operated by the EU and EEA public administrations. Such public administrations first have to establish themselves as PKI domain owners in relationship to the service. The organisations who are authorised by the PKI domain owner to be part of their domain can then use the eDelivery PKI service to obtain digital certificates. The use of the eDelivery PKI is optional, policy domains may choose to use any other PKI service or mutual trust mechanism. 

The eDelivery SML service uses DNS (Domain Name System) lookups to find information concerning a given participant in a message exchange network. This approach does not need a single, central server to run the discovery interface (with its associated single point of failure). Instead, the use of the DNS makes it highly resilient. At runtime, the SML uses decentralised DNS for load balancing of requests, thus supporting a full European-wide upscaling of performance. Since eDelivery interfaces with the global DNS system, the SML can virtually operate 24/7/365. In case of failure, participants would still be able to discover each other based on the information stored on the DNS. 

The current eDelivery SML Service is based on the sample implementation of the SML software maintained by the European Commission. 

  

Photo by Markus Spiske on Unsplash