eSignature and eSeal validation workshop

The one-day workshop on "eSignature and eSeal validation" will discuss about standardization for eSignature/eSeal Validation services provided by Trust Service Providers, addressing conformity assessment, protocols and validation report. The objective is to define standards adequate to reach the objective of the eIDAS Regulation.

Scope

Since the entry into force of eIDAS (Regulation (EU) No 910/2014), there is a clear legal framework associated with the validation of eSignature and eSeal. The promotion of trusted validation services in particular, is seen as a key enabler for eSignature/eSeal in general as it provides a trusted, independent and neutral point of validation between the stakeholders of a signed transaction.

An EU-wide accepted scheme for conformity assessment is now needed for this kind of services. Without standardization effort, this may lead to implementations with non-equivalent levels of service and/or security that will not be adequate to reach the objective of eIDAS (Regulation (EU) No 910/2014), which is to support seamless cross-border experience for eSignature and eSeal of documents.

To promote recognition of services within the EU, ETSI started working on standardization of eSignature/eSeal validation, addressing policy and security requirements fitting within the EU scheme for supervision of (qualified) eSignature/eSeal validation services, as well as specifying the technical architecture, the protocol, and the validation report. The work intends to provide standards that will ensure coexistence of various solutions (e.g. protocols bindings).

The standards provided by ETSI aim at supporting not only eIDAS, but also other legal or regulatory frameworks.

The eSignature/eSeal validation workshop will:

  • Present basic fundamentals of the eSignature/eSeal validation landscape:
    • legal framework 
    • technical framework
  • Present the ETSI work as well as other initiatives on eSignature/eSeal validation as a trust service and on the eSignature/eSeal validation report
  • Validate that the ETSI work takes into account major existing solutions and standards without overlapping with other initiatives
    • Review how signature / seal validation service providers intend to deploy or have deployed their service and whether the approach taken by ETSI adequately supports it
    • Collect questions, answers and feedback from the audience on the ETSI work

Target Audience

This event is of particular interest to:

  • eSignature/eSeal validation service providers
  • eSignature/eSeal consumers (e.g. administration, enterprises)
  • Conformity Assessment Bodies 
  • Supervisory Bodies
  • Policy makers
  • Other eSignature/eSeal related trust providers

Programme Commitee

The Programme Committee is made up of the ETSI STF 524 experts:

  • Jun Carlos Cruellas, DAC-UPC
  • Jean-Marc Desperrier, Morpho Cards
  • Alexander Funk, Governikus
  • Sylvie Lacroix, Sealed and STF 524 leader
  • Peter Lipp, Graz University of Technology
  • Andrea Röck, Universign

Agenda

09:00 Session 1: eSignature/eSeal validation landscape 
Session chair: Sylvie Lacroix, Sealed and STF 524 leader
The aim of the session is to introduce the legal and technical landscapes surrounding remote signature validation.
09:00 Legal Framework: the eIDAS Regulation and eSignature Validation as a (qualified) Trust Service
Speaker to be named
09:15 Technical Famework: Technical Concepts and Related Standardisation Landscape
Sylvie Lacroix Sealed and STF 524 leader
09:30 Questions & Answers
09:35  Session 2: Standardization Initiatives
Session Chair: Peter Lipp, TU Graz and STF 524 Expert
This session will review the standardization initiatives outside ETSI related to remote signature validation
09:40 OASIS Activities on Remote Signature Validation
Andreas Kuehne, Trustable
09:55 CSC Activities on Signature Validation
Andrea Valle, Adobe 
10:15 Coffee Break
10:45  Session 3: Feedback from the Field - Consumers and Validation Service Providers Return of Experience
Session Chair: Sylvie Lacroix, Sealed & STF 524 Leader
This session will gather inputs from signature validation service consumers and providers on their experience in using and deploying such service. It will also analyse their requirements in terms of standardization. It will discuss how standards can help the business and what impact the coming standards will have.
10:45 The Early Days of Validation Services – the PEPPOL Project and Lessons Learned
Jon Ølnes , Unibridge
11:00 TrustWeaver Case
Johan Borendal, TrustWeaver
11:15 WebNotarius from Certum
Patrycja Wiktorczyk, Asseco Data Systems
11:30 Digital Signature Service: Field Experience
Frank Cornelis, e- Contract.be
11:45 The FutureTrust Validation Service - Today and Tomorrow
Vincent Bouckaert, Arηs
12:00 CEF Building Block for Validation of eIDAS qualified Electronic Signature
Olivier Barrette, Nowina
12:15 Questions and Answers
12:45 Networking Lunch
14:00 Session 4: Technical Solutions – Protocols and Validation Report
Session Chair: Juan Carlos Cruellas, DAC-UPC & STF 524 expert The aim of the session is to present and discuss ETSI ongoing work on validation protocols and validation report and then gather as many inputs as possible from TSPs and other stakeholders on their requirements in terms of standardization in those areas.
14:00 eSignature Validation Protocols
Juan Carlos Cruellas, DAC-UPC & STF 524 expert
14:30 Signature Validation Report
Peter Lipp, TU Graz & STF 524 expert
15:00 Panel discussion: 
Through a guided discussion, the panel will discuss requirements in terms of standardization
All speakers from session "Feedback from the field"
15:30 Coffee Break
16:00 Session 5: Auditing Schemes and Supervision
Session chair: Andrea Röck, Universign and STF 524 expert
The aim of the session is to present and discuss ETSI ongoing work on auditing schemes and to gather inputs from Conformity Assessment Bodies (CAB) and Supervisory Bodies (SB) on the standards necessary to perform their duties as defined in the eIDAS regulation.
16:00 Policies and Security requirements for Signature Validation TSP
Andrea Röck, Universign and STF 524 expert
16:30 Panel
  • Conformity Assessment Bodies (CABs)
    • LSTI Philippe Bouchet
    • A-SIT Herbert Leitold
  • Supervisory Bodies
    • ANSSI&FESA Romain Santini
17:00 Wrap up
17:15 Workshop Close

Biographies

cornelisFrank Cornelis,e-contract.be
Frank Cornelis started his career with PhD research at the University of Ghent, next as quant for a large Belgian bank, to eventually turn his interest towards software security and applied cryptography. Frank Cornelis funded the company e-Contract.be in 2012. The company has a mature SaaS product line centered around the Belgian eID card. Before e-Contract.be, Frank Cornelis was responsible for the Belgian eID projects as eID Architect at FedICT, the Belgian federal ICT department. His domains of expertise include analysis of security properties of authentication and signature service protocols and their corresponding implementations, eID signatures as a service, AdES long-term validity, and construction of secure Java EE applications. Frank Cornelis was also professor at Erasmus Brussels for several years, where he taught a course on software security.

KuehneAndreas Kuehne, trustable Ltd
Andreas Kuehne is a graduate engineer (information processing) and a foundation member of the OASIS DSS / DSS-X technical committee. He is the liason person of the DSS-X with ESI TCs.
He is founder of trustable Ltd. This entity provides services, consulting and open source components regarding the use of (qualified) electronic signatures, authentication and PKI. Committed to open source software trustable has founded several projects and supports their public use by running
freely available services for more than a decade.

LeitoldHerbert Leithold, SIC
Herbert is Secretary-General of A-SIT, Secure Information Technology Center – Austria, and board member of the non-profit foundation Stiftung Secure Information and Communication Technologies (SIC). He holds a master of telecommunications and informatics.
Herbert's main expertise is in electronic signatures and electronic identity. He contributed to the EU eID Large Scale Pilot "STORK" where he served as Member State Council co-chair, was pilot leader of the integration with the European Commission Authentication Service (ECAS), as well as leader of the new technologies work package. In the successor projects STORK 2.0 and eSENS Herbert coordinated the Austrian contribution as chairman of the national consortia management teams. He is member of the eIDAS Expert Group and eIDAS technical subgroup. Herbert is also Austria's alternate member of the ENISA Management Board.
Further involvement in EU projects are Cloud for Europe where he led the pre-commercial procurement technical specification development. In the H2020 SUNFISH project on public administrations' private cloud federation Herbert was WP leader of the requirement analysis. In the H2020 project FutureTrust he will work on evaluation criteria for trust service providers.

 

lippPeter Lipp, Stiftung Secure Information and Communication Technologies.
Peter Lipp is Assistant Professor at IAIK, Graz University of Technology and CEO of Stiftung Secure Information and Communication Technologies.
He is responsible for the Java-Crypto-Development at IAIK and has been involved in security, digital signatures and PKI for more than 20 years.
He currently leads STF 539 on remote signature creation and is the editor of the signature validation report standard. He also has been the editor of the standard for Creation and Validation of AdES Digital Signatures.

OlnesJon Ølnes, Unibridge
Jon Ølnes holds an M.Sc degree in informatics from the University of Oslo and works for Unibridge AS, a consulting company specialising in electronic identity and e-signature. He is a member of the ETSI ESI (Electronic Signatures and Infrastructures) committee and participates as expert in ETSI STF-523 on development of eDelivery standards. He has about 15 years' experience from work on international aspects of e-signatures, among others as one of the main architects for the global validation services solution that was successfully piloted by the PEPPOL large-scale pilot project. He has published numerous journal/conference papers on e-signature topics and is a frequent speaker at conferences and workshops in Europe.

rockAndrea Rock, Universign
After her PhD in Cryptography at InRIA Paris-Rocquencourt, France in 2009, on the topic of random number generators and stream ciphers and a two year Post-Doc at Aalto University, Finland, Andrea Röck started working on the topic of electronic signatures at Cryptolog / Universign in 2011. She participates since 2012 actively in ETSI work, was members of several special task forces and rapporteur of different ETSI ESI documents. At Cryptolog / Universign she participates in the development of the technical components implementing the standards on electronic signature related topics. This includes the components for signature creation, signature validation, the analysis of the European Trusted List, the module for the certificate creation and PKI work.

Romain Santini, ANSSI
Romain Santini graduated from the ENSICAEN engineering school with a Master degree in engineering, specialised in payment systems and information security. He began his career at Bull, in the Payment Systems and Public Key Infrastructure division, providing professional services related to hardware and software security products. He then shifted to consulting activities in the field of information systems security and trust services. He joined the French Cybersecurity Agency (ANSSI) in October 2015 as a project officer in the Risk Management and Security Regulation unit, inside the External Relations and Coordination department. Since the beginning of 2016, Romain has been in charge of coordinating activities related to the implementation of the eIDAS regulation at ANSSI. He has also been appointed as the Chair of the Forum of European Supervisory Authorities for trust service providers (FESA) in November 2016.