STFbreadcrumb separatorSTFsbreadcrumb separatorSTF Homepagesbreadcrumb separatorSTF560

Specialist Task Force 560:
Standards for machine-processable signature policy formats and the global acceptance of European Trust Services

Who we are:

Team leader:
Team Members:

What we do

The STF is in charge of facilitating the global recognition and trust of EU PKI Trust Services, supporting eIDAS Regulation based on EU standards, thus enabling EU Trust services to operate not only within the internal European market, but also within the global market for trustworthy online services supporting PKI services for trust services such as web site authentication, electronic signatures and seals, code signing, secure email.

The STF is also in charge of specifying XML and ASN.1 formats for signature policies to allow the automatic processing of the relevant aspects defined by such a policy during the creation, augmentation and validation of digital signatures.

For more details, see our Terms of Reference

Why we do it

Benefits for Vendors and Providers

Facilitating global recognition
ETSI standards on Trust Services are being adopted throughout Europe in support of the eIDAS Regulation (EN 319 403, EN 319 401, EN 319 411), and use of the Trusted Lists TS 119 612 in EC CID 2015/1505 laying down technical specifications and formats relating to trusted lists. These are based on use of Public Key Infrastructure (PKI technologies using ITU-T X.509). However, cross recognition of the EU approach to PKI standards at an international level is yet to be achieved. A number of international, regional and sector specific communities adopting Public Key Infrastructure (PKI) technologies based on ITU-T X.509 exist which need to achieve cross recognition with European Trust Services to achieve end to end security. This includes:

-    The CA/Browser forum
-    Root certificate programmes of global application providers such as Mozilla, Google, Microsoft, Amazon, Adobe and Oracle
-    Sector specific global PKI such as SafeBiopharma
-    US federal PKI and associated programs such as National Strategy for Trusted Identities in Cyberspace (NSTIC)
-    Far eastern communities such as Asia PKI Consortium, Association of South East Asian Nations, Chinese Electronic Certification Services Systems, Japan Institute for Promotion of Digital Economy and Community
-    Arab PKI forum and other middle eastern communities
-    Common Market for Eastern and Southern Africa
-    ISO/IEC JTC1 SC 27 guidance on PKI service providers

Through further activities in promoting the use of EU standards internationally and facilitating cross recognition with other internationally based PKI schemes, such as those listed above, it will be possible for the EU players in the trust service market to work internationally. It is the aim of this work to focus on the detailed technical interoperability and trust issues rather than the legal and political coordination between the EU and other nations.

Signature Policy formats

The purpose of a signature policy is to describe the requirements imposed on or committing the involved actors (signers, verifiers, relying parties and/or potentially one or more trust service providers) with respect to the application of signatures to documents and data that will be signed in a particular context, transaction, process, business or application domain, in order for these signatures to be considered as valid or conformant signatures under this signature policy.

ETSI TS 119 172-1 defines the building blocks of signature policy and specifies a table of contents for human readable signature policy documents. It allows documenting the decisions resulting from an analysis driven by a business or application context on how the concerned signature(s) needs to be implemented to meet the needs of the specific business application or electronic process it (they) support. It also specifies the means for the creation, augmentation or long-term management and verification of all the features of the concerned signature(s).

As digital signatures are mainly treated and processed by applications, it is critical to allow the machine processable conversion and treatment of the rules having been established and documented by business process owners. Now that ETSI TS 119 172-1 has been published, there is a clear demand to provide again standards for translating the human readable signature policies in machine processable ones.

How we do it

Regarding the actions towards global recognition and trust of EU PKI Trust Services the STG will get in touch with all the other PKI related trust schemes and standards considered relevant to global acceptance of EU Trust Services to collect all the relevant information on the policies, conformity assessment procedures, and means of indicating trust status. Where considered appropriate individual members of the team will attend meetings or visit key personnel concerned with the relevant PKI schemes.

A report will be produced including an assessment of trust schemes against the EU standards EN 319 411-1 & -2, EN 319 401, EN 319 403 and TS 119 612 to identify the relevant differences and identify opportunities to further steps which could be taken to increase European foothold in the global market for Trust Services. It will take account of the compatibility of the trust policy requirements for the different schemes, and also how the trust is managed for membership of the scheme whether by a form of trust list or other technique such as bridge certificate bridges or certificate transparency.

In addition to that the STF, in conjunctions with representatives of the most relevant PKI schemes, will organize three internationally based workshops with EU stakeholders and representatives of interests in global PKI schemes will be organised. It is foreseen that one workshop will be held in US, another in Japan and the third one in hosted by ETSI for Middle East and other non-EU countries in the EMEA region where a number of the key stakeholders in global PKI market are based.

Regarding the definition of XML and ASN.1 formats for signature policy documents, the STF will take as starting point the ETSI TS 119 172-1: “Electronic Signatures and Infrastructures (ESI); Signature Policies; Part 1: Building blocks and table of contents for human readable signature policy documents”, for identifying the required building blocks of a signature policy. It will also take into account EN 319 102-1 to see which information is specifically important for the automatic processing of signature creation / validation algorithms. It will also take into account the former out-dated ETSI TR 102 038 and ETSI TR 102 272, which defined initial XML and ASN.1 formats for signature policy documents. Finally the STF will review the comments raised by stakeholders that implemented the aforementioned ETSI TR in order to extract requirements for the new deliverable in terms of new features that the former ETSI TR did not provide, ambiguities that the new deliverable should avoid, errors that the new deliverable should not incur in, etc.

Deliverables

    Deliverables              Title
   ETSI TS 119 172-2  Electronic Signatures and Infrastructures (ESI);
Signature Policies; Part 2: XML format for signature policies
    ETSI TS 119 172-3  Electronic Signatures and Infrastructures (ESI);
Signature Policies; Part 3: ASN.1 format for signature policies
    DTR/ESI-000123 Global Acceptance of EU Trust Services
    Not formal ETSI publication Report on the first international workshop on global acceptance of EU Trust Services
    Not formal ETSI publication Report on the second international workshop on global acceptance of EU Trust Services
Not formal ETSI publication Report on the third international workshop on global acceptance of EU Trust Services

 

Time plan


Deliverable Time Plan      

   ETSI TS 119 172-2

ETSI TS 119 172-3
 Stable drafts for public review: mid June 2019

Final drafts for ETSI ESI approval 31/10/2019

TSs published: 30/11/2019

    TR Report on Global Acceptance of EU Trust Services  Stable draft for public review: mid June 2019

Final draft for ETSI ESI approval: 31/10/2019

TR published: 30/11/2019

 How to contact us

For further details, or if you wish to be involved in the work of the STF, please contact the STF Leader: Juan Carlos Cruellas Cruellas@ac.upc.edu

This information is based upon STF working assumptions.

The views expressed do not necessarily represent the position of ETSI in this context.