Specialist Task Force 428: ”Quick fixes to testing of electronic signatures standards”

Who we are:

Team Leader: Juan Carlos Cruellas  cruellas@ac.upc.edu
Team Members: Andrea Caccia  andrea.caccia@studiocaccia.com
Konrad Lanz  Konrad.Lanz@iaik.tugraz.at
Luigi Rizzo  luigi.rizzo@infocert.it
Giuliana Marzola  giuliana.marzola@infocert.it
Laurent Velez  laurent.velez@etsi.org

Background:                                              

The Directive 1999/93/EC on a Community framework for electronic signatures was adopted by the European Parliament and the Council in December 1999.  The purpose of the Directive is to establish a legal framework for eSignature and for certification-services providers in the internal market. Several internal market instruments (e.g. Services Directive 2006/123/EC, Public Procurement, eInvoicing) and related pilots sponsored by the EC (mainly PEPPOL, STORK and SPOCS projects) rely in their functioning on the framework set by the Directive.   Activities in CEN and ETSI, initiated under the European Electronic Signature Standardization Initiative (EESSI), produced a set of standards addressing the requirements for implementing the electronic signatures Directive.  Following on from studies on the standardisation aspects of e-signatures and Cross-Border Interoperability of eSignature (CROBIES), and other EU activities applying electronic signatures, the need has been identified for a “Rationalized European eSignature Standardisation Framework” to be implemented in a 4 year programme.  This framework is to ensure that all the necessary standards are provided in a clear, coherent and accessible framework to maximize the interoperability, including the progression of specifications to European Norms and the provision of implementation guidelines.

As well as recognizing the need for a rationalized framework, the need was identified that certain areas of standardisation relating to electronic signatures should be updated as soon as possible to ensure deficiencies identified in the existing standards are addressed.  For example, certain details of profiling Certificate standards require further clarification to achieve full interoperability, a basis for conformance testing has yet to be established for all areas of eSignature standardisation, and certain specifications that have lapsed because of lack of support, need to be brought up to date with current practice.   Awaiting the development of the Rationalized Framework before addressing these deficiencies will inhibit the use of electronic signatures in a way that is interoperable across Europe and result in further divergence of implementations of the eSignatures Directive

What we do:

The goals of the STF-428 are:

1.    To develop an ETSI Technical Specification (ETSI TS) on conformance testing  for the XAdES baseline profile as specified in the technical proposal "Phase 1b – ETSI Quick fixes to electronic signatures profiles"

 2.    To develop a conformance testing  tool for the XAdES baseline profile developed in the technical proposal "Phase 1b – ETSI Quick fixes to electronic signatures profiles", in order to enable EU Member States implementers to perform conformance testing of the aforementioned profile.

 3.    To prepare a first interoperability test event on PAdES (ETSI TS 102 778) signatures and ASiC - Associated Signature Containers (ETSI TS 102 918 to be published soon). This preparation includes:

 a.    The production of the whole test suite

b.     The production of all the material documenting how to conduct the interoperability event

c.      The deployment in the ETSI portal of the suitable PKI and tools required for supporting the interoperability test event conduction

To produce two ETSI Technical Specifications (ETSI TS), namely: one Technical Specification on PAdES signatures interoperability tests, and one Technical Specification on Associated Signatures interoperability tests.

For more details, see our Terms of Reference

Why we do it:

Achievement of goals 1 and 2 will solve the conformity check problem for the Advanced Electronic Signature format most tested so far within European Union in terms of interoperability, XAdES, by putting in place a conformance checker tool, and make it available to whoever wants to check conformance of a certain tool against XAdES baseline profile specification. This is a recurrent request made in past XAdES interoperability events by participants, who see this service as the definitive step that must lead to the improvement in interoperability facilitated by the interoperability events.

Achievement of goals 3 and 4 will avoid appearance of diverging implementations for those specifications that have been recently published (PAdES) or will be published soon (ASiC), ensuring a minimum level of interoperability among different implementations across the European Union. It will also ensure quick feedback to the standardization process, which might lead to quick fixes in the Technical Specifications themselves, avoiding long undesirable situation where implementations might be forced to put in place solutions that are not still approved by any standardization body, for fixing errors detected within the aforementioned specifications.