TIE Trust services Infrastructure for Europe TIE – European Commission R&D Project Project Number 26763 [email protected] mobile: +44 (0)7867-824237 European Trust Challenges Cross Border Trade & Identity EU Legislation – Electronic Signature Data Protection Trust service Infrastructure for Europe with Application Interoperability Recommendation Drive on using TIE as a catalyst working and leading with government & business with regulators following Global Trust Challenges ? EU LEGISLATION on E-Commerce draft Regulation on Jurisdiction draft Directive on Distance Selling Fin. Services draft Directive on E-Money draft Directive on Legal Aspects E-Commerce Directive 97/7/EC on Distance Selling draft Directive on Copyright in the Info Soc Directive on Electronic Signatures Directive 97/66/EC on Data Protection in Telecoms Directive 98/84/EC on Conditional Access Services Directive 98/48/EC on Regulatory Transparency Directive 95/46/EC on Data Protection Telecom Review 99 TIE & E-Signature Directive Digital signature remains most important example of an electronic signature Under article 3.3 each member state must set up a supervision of CSPs An accreditation scheme must be Objective, Transparent, Proportionate & Nondiscriminatory TIE & E-Signature Directive (cnt’d) CSP accreditation schemes – it is the expectation that their instruments of accreditation (IoA) will be issued as electronic documents signed by the accreditation scheme Each IoA can be expected to contain CSP name but also its master service key – the publi key corresponding to the private key it uses for signing certificates The Commercial Challenge to PKI For global adoption it must be Application Interoperable - Seamless Simple, Speedy & Reliable Accountable & Auditable High Quality of Service 24x7 Value for Money, Affordable Manageable, Trusted PKI - Some Technical Issues Interoperability is not easy Cryptographic Algorithms Security Protocols Certificate Path Processing especially Policy Handling Certificate Chain Building Directories Schema, Access Control, Protocol Profiles TIE - Scope & Vision TIE focuses on 2 main themes: European Accreditation Services (AS) with Instruments of Accreditation (IoA) Application Interoperability – secure messaging, web transactions, workflow based on PKI – including time stamping, use of directories and/or attribute certificates to manage roles and authorisation The TIE Project The Players Some of the Objectives The Deliverables/Work Packages The Plan Work Packages - More Detail Current Status Meetings/Events Summary The Players ICL - Project Management ICL – User, including Microsoft, Smart Cards GlobalSign - The Certification Authority Baltimore Technologies - CA/RA – WP6 ICRI (Leuven) - Legal Issues – WP4 Shell SI - The User & Reviewer UK PO - Reviewer IBM - Demonstrator, Trial and Pilot – WP5 The Open Group - Standardization, Awareness, Member Participation – WP3 Utimaco - CA/RA Applications, Smart Cards ICX - Marketing, Awareness & Participation TIE - Key Objectives Business Service Infrastructure to support Electronic Commerce with interoperable applications supported by CSPs that supply Digital Signatures, Time Stamping, Information Recovery, within a Legal Framework. Technical To stimulate the development of interoperable services and products that meet needs for assurance Authenticity, Integrity, Non-repudiation, Confidentiality TIE – Objectives - 1 Specify and resolve operational issues of Trust Infrastructure Systems through the design, build and evaluation of a demonstrator, trial and pilot a staged deployment showing selected applications detailed reports - practical, technical, operational business scenarios defined information recovery capability TIE - Objectives - 2 To achieve interoperability and trust through the establishment of standards, architectures and codes of practice a common architecture for a PKI suitable standards in a PKI enabled environment guiding principles for users TIE - The Deliverables Architecture/Standards for PKI Market Research Reports Business Planning Information Legal Reports D13 Core PKI Architecture D17 Legal Issues Report produced PKI Demonstrator D21 – Definition of the Demonstrator D45 – Systems Test & Design Plan PKI Trial PKI Pilot CSP Guidelines Promotion & Exploitation of results of project Work Packages 1 - Awareness & Website: www.tie.org.uk 2 - Market research 3 - Specifications, standards and conformance 4 - Legal 5 - Design interoperability scenarios 6 - Build: demonstration system, pilot system, larger scale trials 7 – Promotion & Exploitation Cost: 1.5Meuro, 18 months TIE - The Plan Stage 1 - Now Proof 2 of concept demonstrator X CA and 2 X RA Stage 2 – July 2000 – Jan 2001 Operational 3 Trial X CA and 7 X RA Stage 3 – Feb 2001 – July 2001 Operational 4 Pilot X CA and 8 X RA, Smart cards, TIE – Outreach program with mini-clusters TIE partners and sub-contractor New recruits from outreach program: Accreditation schemes CSPs End users Other EU projects e.g. TEN-TELECOM, EMERITUS EESSI initiative PKI Forum??!! WP2 – Market Research Reports Smart Card Related Developments M-Commerce, WAP & PKI Estimated Service Costs & Applicability Best Business Practice Technical Implications of EU Policy Value Added Services WP3 - The Open Group & TIE D13 PKI Architecture Specification of a common architecture for PKI D14 Definition of PKI Core Services Specifications of suitable supporting PKI services that facilitate portability and interoperability D15 PKI Plug and Play Standards D16 CSP Management & Accreditation Guide Specifications supporting “plug and play” of competing vendor modules supporting the PKI services in D14 Guiding Principles of Operation and Codes of Practice Liaison with ABA, NACHA, NIST, PKIX, PKI Forum and Members WP4 : Legal studies 1. Legal aspects of electronic documents 2. The main legal problems of running a TTP service. Result: legal guidelines for project managers Deliverables: D17 : Summary of legal issues D18: Legal aspects of electronic documents D19: Legal Aspects of CAs D20: Legal aspects of the Business Case D17 Summary of the Legal Issues Summary of the basic legal issues arising with information in IT systems The legal issues related to evidence confidentiality the setting up and operation of a PKI WP5 - Criteria Credibility – take account of world changes Application Interoperability based on multiple components – CAs, RAs, Directories Open and anonymous users Multiple clients – from multiple vendors Multiple roles – enabling ebusiness End-to end security – using e-mail, secure business-tobusiness web transactions Various authentication mechanisms – use of smart cards Cross border (cultural, language) trade Redress – noting CRLs, OCSP and E-Signature Directive WP5 – Elements of the Scenario Include: An EU superscheme A set of non-superschemes A set of EU and non-EU ASs which cross-certify each other and which accredit, using digitally signed electronic IoAs A set of CSPs offering services A set of government departments and businesses A set of employees, business partners certified by CSPs A set of citizens who are certified by CSPs Missing – the notion of a global scheme Preliminary Results to date Indicates best chance of success comes when both CA and RA use PKIX standards – but even then there are issues of authentication to be resolved Authentication between RA & CA not enough – the link requires property of non-repudiation – the CA business needs the ability to prove to a third party that the RA really did send the instruction Meetings/Events Project Started mid-May 99 Press Release/Launch/Trial - Washington DC Interoperability 2&3 – TOG/Reading ’99/’00 European Commission Review 5th July 2000 Next Workshops: 25th-26th July 2000 19th- 20th September 2000 21st-22nd November 2000 4th- 5th December 2000 16th-17th January 2001 3rd – 4th April 2001 Summary TIE, with its partners and associations, will address the issues and deliver: Trust service Infrastructure for Europe – Aligned with E-Signature Directive Interoperable Applications & CSPs Legal Framework for CSPs Interoperable Products Business Plans & Market Research Core PKI Architecture PKI Standards Test Profiles/Suites Policies & Procedures Guides and Codes of Practice ??Questions??
© Copyright 2025 Paperzz