STFbreadcrumb separatorSTFsbreadcrumb separatorSTF Homepagesbreadcrumb separatorSTF523
  1. Specialist Task Force 523:
    Standards for eIDAS trust services – electronic registered delivery and registered electronic mail

    Who we are:

     

    Team leader:
    Team Members:

    What we do

    The STF 523 is in charge of producing standards for electronic registered delivery and registered electronic mail, covering the following aspects of the provision of the aforementioned services: 
    1. Technical specifications. The STF is going to produce ETSI EN 319 522: “Electronic Registered Delivery Services” and ETSI EN 319 532: “Registered Electronic Mail (REM) Services”. These will be multi-part European Standards addressing architectural aspects (including logical models, components, events, interfaces and trust building), semantic contents (including message delivery content, evidence and identification content, and service discovery content), formats (including message delivery formats, evidence and identification formats, and service discovery formats), and bindings to a set of messaging, in the case of ETSI EN 319 522, or interoperability profiles for seamless exchange of data objects across providers that use different formants and/or transport protocols, in the case of ETSI EN 319 532.

    2. Policy and security requirements. The STF is going to produce ETSI EN 319 521: “Policy and Security Requirements for Electronic Registered Delivery Service Providers” and ETSI EN 319 531: “Policy and Security Requirements for Registered Electronic Mail Service Providers”. ETSI EN 319 521 will define policy requirements that are common to any Electronic Registered Delivery provider. ETSI EN 319 531 will define policy and security requirements that are specific only to Registered Electronic Mail providers. Both ETSI ENs will reference the latest version of EN 319 401: “General Policy Requirements for Trust Service Providers” for generic requirements common to any Trust Service Provider. 

    3. Conformance and interoperability testing. The STF is going to produce ETSI TS 119 524: “Testing Conformance and Interoperability of Electronic Registered Delivery Services” and ETSI TS 119 534: “Testing Conformance and Interoperability of Registered Electronic Mail Services”. These will be multi-part documents. Their first parts will define test assertions for testing conformance against relevant specifications of ETSI EN 319 522 and ETSI EN 319 532 respectively. Their second parts will define tests suites for supporting interoperability tests between providers. 

    4. Guidance. The STF is going to produce ETSI TR 119 500: “Guidance on the use of standards for Trust Application Service Providers”. This document will provide guidance for the selection of standards for Registered Electronic Delivery or Registered Electronic Mail for given business requirements. 

    For more details, see our Terms of Reference

    Why we do it

     

    Regulation (EU) No 910/2014 has identified the building of trust in the online environment as being key to economic and social development. Standards need to be available to ensure solutions that are interoperable and provide consistent levels of trust. Whilst the Regulation provides a common set of requirements it does not identify how these requirements may be met with existing technology. To support the implementation of the Regulation, which is highly technical, further standardisation work is needed in particular with regard to the planned secondary legislation which extensively refers to the availability of standards as possible means to meet the regulatory requirements.

    Regulation (EU) No. 910/2014 introduces new types of trust services, among which electronic registered delivery services. Electronic delivery services providing certain additional features (for instance evidence like proof of submission or proof of reception) have been in place for a number of years. However, no standards have been available for years, which have eventually resulted in the proliferation of competing solutions based on different protocols and formats.

    One of the first set of standards targeting at the provision of services that deliver messages and documents and provide additional security features (like proof of submission or proof of reception) was produced by ETSI TC ESI in its multi-part ETSI TS 102 640: “Registered Electronic Mail (REM)”. This multi-part document specifies a trust service based on electronic mail protocol and formats, addressing all the relevant aspects for its provision.

    Once the Regulation (EU) No 910/2014 was published, ETSI TC ESI considered that REM services are one special type of electronic registered delivery services, based on the definition provided in its Article 3. In consequence, ETSI decided to review this set of specifications for supporting implementation of the legal provisions laid down in the aforementioned Regulation, so that the implemented services could eventually be aligned with these legal provisions.

    In parallel, a number of different specifications were produced covering different aspects of the provision of electronic delivery services based on HTTP and SOAP, but nowadays there is a lack of a coherent set of standards that fully address all the relevant aspects including not only transport protocols, formats of messages, but also a coherent and complete set of evidence, as well as a coherent and complete set of security and policy requirements for the provision of this kind of trust service. In addition, all of them were originally produced before the publication of the Regulation (EU) No 910/2014. This essentially means that at present there is a lack of standards supporting all the relevant aspects for the provision of electronic registered delivery services able to support the legal provisions laid down in the Regulation (EU) No 910/2014.

    The lack of standards supporting electronic registered delivery services supporting implementation of the legal provisions laid down in Regulation (EU) No 910/2014, would not only result in market fragmentation but it would also create significant barriers to the market growth and to innovations. Indeed, without enough assurance on the technical specifications to be implemented in their market solutions that will indeed meet the provisions laid down in Regulation (EU) No. 910/2014, the market will not develop and will not innovate.


     

    How we do it

     

    The STF plans to establish liaisons with relevant stakeholders in the field. This includes CEN TC 331 WG2, UPU, OASIS BDXR Technical Committee, and EC funded LSP projects that have proposed solutions for Electronic Delivery, as well as Committees from other Standardization Organizations.
    The STF also plans the conduction of an open workshop once the set of specifications will have acquired a level of maturity considered stable. In that workshop the team will present the set of standards under development, and will get stakeholders’ feedback that may help the team to better tune the final standards.
    Regarding the ETSI EN 319 522: “Electronic Registered Delivery Services”, the STF will take as starting point the ETSI TS 102 640 “Registered Electronic Mail (REM)”, in order to identify those contents specified there that can be considered common to any Electronic Registered Delivery service provision, and consequently, need to be integrated within the different parts of the aforementioned EN. The STF will also review the different solutions for service discovery existing in the field in order to specify formats for this feature. The STF will then address the completion of the different parts of the EN. For the binding parts, it will cover the ebMS3.0/AS4 protocol and will take into account other protocols in use or under development. The STF will also take into account the work done by CEN TC 331 WG2 on hybrid mail systems with the objective of avoiding duplication of work and assessing the suitability and feasibility of incorporating (by reference) the aforementioned work within the framework under development.

    Regarding the ETSI EN 319 532: “Registered Electronic Mail (REM) Services”, the STF will take as starting point the ETSI TS 102 640 “Registered Electronic Mail (REM)”, in order to identify those contents specified there that are specific only to the provision of Registered Electronic Mail service provision, and consequently, need to be integrated within the different parts of the aforementioned EN. The STF will also review the comments received by implementers of the former ETSI TS 102 640 and analyse potential improvements that would be worth to incorporate within the aforementioned EN. 
    Both ETSI EN 319 522 and ETSI EN 319 532 will be produced ensuring that they implement the legal provisions as laid down in Regulation (EU) No. 910/2014.
    Regarding the ETSI EN 319 521: “Policy and Security Requirements for Electronic Registered Delivery Service Providers” and the ETSI EN 319 531: “Policy and Security Requirements for Registered Electronic Mail Service Providers”, the STF will take as inputs: the ETSI EN 319 401 and ETSI TS 102 640-3 V2.1.2 (2011-09): “Registered Electronic Mail (REM) – Part 3: Information Security Policy Requirements for REM Management Domains”, and work done by other standardization organizations, LSP projects and other information from industry stakeholders to identify additional policy and security requirements. Once this has been done, the STF will identify those requirements that are common to any Electronic Registered Delivery service and that are not present within ETSI EN 319 401 and will include them within the ETSI EN 319 521. Finally, the STF will identify those requirements that are specific only to Registered Electronic Mail and that are not present within ETSI EN 319 401 and will include them within ETSI EN 319 531.

    As for the production of ETSI TS 119 524: “Testing Conformance and Interoperability of Electronic Registered Delivery Services” and ETSI TS 119 534: “Testing Conformance and Interoperability of Registered Electronic Mail Services”, first the STF will identify what parts of the technical specification these documents will define test assertions for. Once this has been done, the corresponding test assertions will be defined. As for the test suites for supporting interoperability, the STF will take as input the ETSI TR 103 071: “Test suite for future REM interoperability test events”, which contains an initial set of test suites accommodated to the current ETSI TS 102 640, for producing ETSI TS 119 534. For producing the ETSI EN 319 524, the STF will identify what are the areas where testing interoperability is critical and will produce the corresponding test suites. In defining them, the STF will also take into account past experiences of LSPs and implementers, especially when dealing with bindings corresponding to technical solutions already tested by them.

    Finally, as for the production of the ETSI TR 119 500: “Guidance on the use of standards for Trust Application Service Providers” the STF will adopt the same approach as for other business guidelines already published like the ETSI TR 119 400:” Guidance on the use of standards for trust service providers supporting digital signatures and related services”. 

    Deliverables

     

    Below follows the list of deliverables to be produced by the STF 523, as per its Terms of Reference:

     Deliverable Title
     ETSI EN 319 522  Electronic Registered Delivery Services
     ETSI EN 319 532  Registered Electronic Mail (REM) Services
     ETSI EN 319 521  Policy and Security Requirements for Electronic Registered Delivery Service Providers
     ETSI EN 319 531  Policy and Security Requirements for Registered Electronic Mail Service Providers
     ETSI EN 319 524  Testing Conformance and Interoperability of Electronic Registered Delivery Services
     ETSI EN 319 524  Testing Conformance and Interoperability of Registered Electronic Mail Services
     ETSI EN 319 500  Guidance on the use of standards for Trust Application Service Providers 

     

    Time plan

     

    Below follows the time plan for this STF:

    Deliverable Time Plan
    ETSI EN 319 522
    ETSI EN 319 532
    ETSI EN 319 521
    ETSI EN 319 531
    M1 = 31/10/2017. Stable drafts for public review. 
    M2 = 30/04/2018. All documents approved by ETSI ESI TB for ENAP. 
    M3 = 30/11/2018. Comments generated during ENAP resolved.
    M4 = 01/12/2018. Start of vote ENs. 
    M5 = 28/02/2019. All documents published.
    ETSI TS 119 524
    ETSI TS 119 534
    ETSI TR 119 500
    M1 = 31/0/2017. Consolidated drafts for ETSI ESI TB review. (+23)
    M2 = 30/11/2018. Final drafts approved by ETSI ESI TB. (+27)
    M3 = 28/02/2019. All documents published. (+30)

     

    How to contact us

    For further details, or if you wish to be involved in the work of the STF, please contact the STF Leader: Juan Carlos Cruellas at cruellas@ac.upc.edu

    This information is based upon STF working assumptions.

    The views expressed do not necessarily represent the position of ETSI in this context.