STFs * STF HomePages * STF457

Specialist Task Force 457: Rationalised Framework for electronic signatures standards; Framework and Coordination Activities

Who we are:

Team Leader: Olivier DELOS, SEALED, olivier.delos@sealed.be
Team Members: Andrea RÖCK, Cryptolog, andrea.rock@cryptolog.com
Béatrice PEIRANI, Gemalto, beatrice.peirani@gemalto.com 
Ernst GIESSMANN, T-Systems International, ernstg.giessmann@t-systems.com
Juan Carlos CRUELLAS, DAC-UPC, cruellas@ac.upc.edu
Klaus-Dieter WIRTH, Bundesdruckerei, klaus-dieter.wirth@bdr.de
Nick POPE, Thales, nick.pope@thales-esecurity.com
Paloma LLANEZA, Llaneza A+A, pll@palomallaneza.com
Peter LIPP, Stiftung, peter.lipp@iaik.tugraz.at
Stefan SANTESSON, 3xA Security, stefan@aaa-sec.com
Sylvie LACROIX, SEALED, sylvie.lacroix@sealed.be
Inkind members: Arno FIEDLER, Nimbus, arno.fiedler@nimbus-berlin.com
Moez BEN MBARKA, Cryptolog, mailto:moez.benmbarka@cryptolog.com

What we do:

Following on from studies on the standardisation aspects of e-signatures 1 and Cross-Border Interoperability of eSignature (CROBIES)², and other EU activities applying electronic signatures, the need has been identified for a “Rationalised European eSignature Standardisation Framework” to be implemented in a 4 year programme. This framework is to ensure that all the necessary standards are provided in a clear, coherent and accessible framework to maximise the interoperability, including the progression of existing specifications to European Norms (EN) and the provision of implementation guidelines .

CEN and ETSI jointly developed a response and work programme divided in two phases:

  • Phase 1 defining primarily the rationalised framework with a gap analysis and a resulting final work programme and addressing, through quick fixes, issues that urgently need an update as performed under action grants from 2010 (see "Standardisation aspects of eSignatures");
  • Phase 2 will implement the final work programme as defined in Phase 1.

STF 457 is the coordination STF of the three STFs (the other two are STF 458 and STF 459) that are going to implement Phase 2 of the Electronic Signature Mandate M/460 requirement for a “rationalised European eSignature standardisation framework” and the electronic signatures (domain 5) of the EC’s 2010-2013 ICT Standardisation Work Programme.

STF 457 covers the “Phase 2a – Framework & Coordination Activities” primarily aimed at:

  • coordinating the fulfilment of the Rationalised Framework for electronic signature standards as defined in Phase 1a and in line with mandate M/460, and 
  • executing tasks/activities with regards to the following specific aspects of the fulfilment of the Rationalised
    Framework :
    o Producing the eSignature Standardisation Rationalised Structure, including the basis for covering the whole spectrum of IAS (Identification, Authentication and Signature) standardisation aspects
    o Producing the Business Guidance documents on use of electronic signature standards in each of the Rationalised Structure areas,
    o Producing the General Requirements for Signature Creation and Validation;
    o Producing documents on Cryptographic Suites for Secure Electronic Signature);  
    o Producing the Overviews on Policy and Security requirements for TSPs supporting eSignatures.

For more details, see our Terms of Reference

Study on the standardisation aspects of e-signatures, SEALED, DLA Piper et al, 2007.

² CROBIES study (Cross-Border Interoperability of eSignature), Siemens, SEALED and time.lex, 2010

Why we do it:

The rationalisation of the structure for eSignature standardisation framework documents is outlined in ETSI SR 001 604 v1.1.1. This Special Report (SR) will be replaced by TR 119 000, containing an updated version of the Rationalised Framework, which will be further updated regularly as part of STF 457 activities.

It will not be possible to achieve pan-European interoperability without the implementation of the rationalised structure described in ETSI SR 001 604. The rationalised framework identifies the work plan to bring standards for electronic signatures forward to the strongest level of standardisation (European Norm – EN) which places the obligation on EU and EEA nations to adopt as their National Standard. Without progressing the standards to this level will mean that nations can continue to apply their own variations. Furthermore, the rationalised framework puts the standards and their options in a clear and consistent framework so that the standardised solutions necessary to meet a given business need can be clearly identified. Otherwise, as is currently the case, different standardised solutions will be adopted to meet the same business need.

Whilst a rationalised framework was defined in phase 1a to provide a coherent basis for electronic signature standards it is necessary to implement and maintain this framework, and look forward to potential extensions to the framework to support related standardisation for authentication and identification. STF 457 ensures that the implementation of the framework is continued to be consistent with the framework across all the standardisation activities (including but not limited to those implemented in STF 458 and STF 459), and allows for adaption of the framework to new circumstances.

The completion of the Rationalised Framework for electronic signature standards will allow business stakeholders to easily implement and use products and services based on electronic signatures. It will allow a harmonized use of electronic signatures in line with directive 1999/93/EC (and with its revision/extension to a future regulation) and will favour the take up of electronic signature standards by the industry. This will result in a simplified access of enterprises and citizens to cross-border electronic public services.

The continued support of the rationalised framework to ensure that all the standards for electronic signatures maintain alignment is essential to ensuring that the goals of the framework are met. This will maximise interoperability by ensuring that these standards answer specific business needs while minimising any variations which inhibit interoperability. Thus the full potential of electronic signature to provide trusted exchange of information can be realised thereby facilitating electronic commerce and the exchange of information whose authenticity needs to be assured.

How we do it:

The execution of STF 457 activities will be organised in the following STF Tasks (or group of tasks).

  • Task 1: with the objective to:
    o coordinate the fulfilment of the Rationalised Framework for electronic signature standards as defined in Phase 1a and in line with mandate M/460, including the cross area coordination, maintenance of rationalised structure for standards,
    o produce the eSignature Standardisation Rationalised Structure guidance document (TR 119 000), and the study on the basis for covering the whole spectrum of IAS (Identification, Authentication and Signature) standardisation aspects (TR 419 010); and
    o produce the Business Guidance documents on use of electronic signature standards in each of the Rationalised Structure areas (Signature Creation and Validation – TR 119 100; Signature Creation and other related Devices – TR 419 200; Cryptographic Suites – TR 119 300; TSPs supporting eSignatures – TR 119 400; Trust Application Services Providers – TR 119 500, Trust Service Status Lists Providers – TR 119. 
  •  Task 2: whose objective is the production of the General Requirements on Policy for signature creation and validation (EN 319 101) and on Conformity Assessment of signature creation and validation applications (EN 419 103); 
  •  Task 3: whose objective is the production of documents on Cryptographic Suites for Secure Electronic Signatures (TS 119 312); 
  •  Task 4: whose objective is the organisation of an open workshop to which all stakeholders will be invited and during which the draft deliverables will be presented. Information collected at the workshop and from public review on draft deliverables will be fed back into the deliverables.

Deliverables starting with 0, 1, 2, or 3 will be published by ETSI. Deliverables starting with 4 will be published by CEN.

Coordination with various stakeholders including European member states, standards organizations and European projects will be necessary to achieve the best outcome of this work and the widest possible collection of views amongst all parties concerned. In particular, the STF experts will aim to continue liaison with entities including the Services Directive Experts Group, PEPPOL, SPOCS, FESA, STORK, IETF, OASIS, ISO, W3C and the CAB Forum.

The E-SIGNATURES_NEWS mailing list, set up during phase 1, will continue to exist and will be used to keep stakeholders informed on the progress of the work. Those stakeholders will be consulted at various points during the work. They will in particular be consulted when drafts of the deliverables are issued for public comments so as to get their comments and feedback (this may not apply to all deliverables). Electronic comments will be encouraged via the contact list. A register of comments received through this list will be maintained by the STF.

Deliverables:

Below follows the list of deliverables to be produced by the STF 457, as per its Terms of Reference.

Deliverable Title
CR's, IR, FR Coordination Reports, Interim Report and Final Report
TR 119 000 Rationalised structure for Electronic Signature Standardisation
MI for TR 419 010 Extended Rationalised structure including IAS
TR 119 100 Business Driven Guidance for Signature Creation and Validation
MI for TR 419 200 Business Driven Guidance for Signature Creation and other related Devices
TR 119 300 Business Driven Guidance for Cryptographic Suites
TR 119 400 Business Driven Guidance for TSPs Supporting Electronic Signatures
TR 119 500 Business Driven Guidance for Trust Application Service Providers
TR 119 600 Business Driven Guidance for Trust Application Service Providers
EN 319 101 Policy and Security Requirements for Electronic Signature Creation and Validation
MI for EN 419 103 Conformity Assessment for Signature Creation and Validation (Applications and Procedures)
TS 119 312 Cryptographic Suites for Secure Electronic Signatures
Workshop report Workshop report

Time plan:

The expected time scale for the production of STF 457 deliverables is as follows.

Mil

Task

milestone code

Milestone description

Target date

T1  T1.2.1 M1 Stable Draft for Public Review of TR 119 000 30/09/2013 
T1.2.2 M1 Stable Draft for Public Review of TR 419 010
T1.3.2 M1 Stable draft for Public review of TR 419 200
T1.3.x M1 Stable draft for Public review of TR 119 x00 (x=1, 3,4, 5, 6)
T2 T2.1 M1 Stable draft for public review of TS 119 101
T2.2 M1 Stable draft for public review of TS 419 103
T3 T3.1 M1 Stable draft for public review of TS 119 312
B  T1 T1.2.1 M2  TC ESI approval of TR 119 000 28/02/2014 
T1.2.2 M2 TC ESI approval of TR 419 010
T1.2.2 M3 Hand over to CEN of TR 419 010
T1.3.2 M2 TC ESI approval of TR 419 200
T1.3.2 M3 Handover to CEN of TR 419 200
T1.3.x M2 TC ESI approval of TR19x00 (x=1, 3,4, 5, 6)
T2  T2.1 M2 TC ESI approval of TS 119 101
T2.2 M2 TC ESI approval of TS 419 103
T3 T3.1 M2 TC ESI approval of TS 119 312
C T1 T1.2.1 M3 Publication of TR 119 000 30/04/2014 
T1.3.x M3 Publication of TR 119 x00 (x=1, 3,4, 5, 6)
T2 T2.1 M3 Publication of TS 119 101
T2.2 M3 Hand over to CEN of TS 419 103
T3 T3.1 M3 Publication of TS 119 312
D All Task T1.1 M6 Interim Report 31/07/2014
E T1
T1.2.1 M4 Publication of updated TR 119 000 31/12/2014 
T1.3.2 M4 Handover to CEN of updated TR 419 200
T1.3.x M4 Publication of updated TR 119 x00 (x=1, 3,4, 5, 6)
T2 T2.1 M4 EN 319 101 approved by TC ESI for Public Enquiry
T2.2 M4 Resolution of CEN enquiry comments on EN 419 103
T3 T3.1 M4 Publication of updated TS 119 312
F T1 T1.2.1 M5 Publication of final update of TR 119 000 31/12/2015
T1.3.2 M5 Handover to CEN of updated TR 419 200
T1.3.x M5 Publication of final update of TR 119 x00 (x=1, 3,4, 5, 6)
T2 T2.1 M5 EN 319 101 published
T3 T3.1 M5 Publication of final update of TS 119 312
  T1.1 M11 Final Report

How to contact us:

Olivier DELOS: olivier.delos@sealed.be

 

This information is based upon STF working assumptions.
The views expressed do not necessarily represent the position of ETSI in this context.

Last updated: 2013-04-26 16:40:11