Cloud Signature Consortium co-operate with ETSI on new standard for cloud-based digital signatures

  • John JOLLIFFE profile
    John JOLLIFFE
    5 April 2019 - updated 1 month ago
    Total votes: 3

One of the many innovations of the eIDAS Regulation was to give legal standing to cloud-based advanced and qualified electronic signatures for the first time, by allowing electronic signatures to be created using a “remote signature creation device”.

Under this new concept the signature device - which typically has been a personal device such as a smart card or USB token under the physical control of the user - is replaced by cloud-based services offered and managed by trusted service providers.

In response, a group of leading industry and academic organisations came together to form the Cloud Signature Consortium (CSC) with a vision to develop common protocols so that the distributed elements in a cloud-based signature – from application providers to trust services and other eID technologies - could communicate in a predictable, non-proprietary way. The specification they devised has just now been included into ETSI Technical Specification 119 432 on protocols for remote signature creation, following close collaboration with the ETSI Technical Committee on Electronic Signatures and Infrastructures.

The expectation is that CSC and ETSI will continue to share contributions and develop their specifications in parallel: as one group innovates, or comments are received, the resultant new version becomes available for incorporation in future editions of the other specification. This allows for rapid development of new APIs where members see a need for further collaboration and innovation, ensuring that the specifications remain up to date and in line with user needs, all backed by a commitment to keep those innovations open to the world.

What will this mean for users? The ability to use your digital signature on any device, any time, anywhere, has become a basic requirement for today’s workforce. But more than that, this specification will allow organisations that rely on electronic signatures to choose from a growing ecosystem of interoperable solutions from signing application providers and trust service providers, giving them more choice and flexibility than ever before. It is hoped that this combination - of greater ease of use for end user together with more flexible deployment options for relying organisations - will now help drive increased uptake of certificate-based signatures in Europe, in support of the Digital Single Market.

The rest of the world is already following the trend on remote signatures of the EU, with several countries expressing an interest in adopting the ETSI specification as well as collaborating with CSC to facilitate the interoperability with solutions that have already endorsed its standard.