eSignature and eSeal validation workshop

The one-day workshop on "eSignature and eSeal validation" will discuss about standardization for eSignature/eSeal Validation services provided by Trust Service Providers, addressing conformity assessment, protocols and validation report. The objective is to define standards adequate to reach the objective of the eIDAS Regulation.

Scope

Since the entry into force of eIDAS (Regulation (EU) No 910/2014), there is a clear legal framework associated with the validation of eSignature and eSeal. The promotion of trusted validation services in particular, is seen as a key enabler for eSignature/eSeal in general as it provides a trusted, independent and neutral point of validation between the stakeholders of a signed transaction.

An EU-wide accepted scheme for conformity assessment is now needed for this kind of services. Without standardization effort, this may lead to implementations with non-equivalent levels of service and/or security that will not be adequate to reach the objective of eIDAS (Regulation (EU) No 910/2014), which is to support seamless cross-border experience for eSignature and eSeal of documents.

To promote recognition of services within the EU, ETSI started working on standardization of eSignature/eSeal validation, addressing policy and security requirements fitting within the EU scheme for supervision of (qualified) eSignature/eSeal validation services, as well as specifying the technical architecture, the protocol, and the validation report. The work intends to provide standards that will ensure coexistence of various solutions (e.g. protocols bindings).

The standards provided by ETSI aim at supporting not only eIDAS, but also other legal or regulatory frameworks.

The eSignature/eSeal validation workshop will:

  • Present basic fundamentals of the eSignature/eSeal validation landscape:
    • legal framework 
    • technical framework
  • Present the ETSI work as well as other initiatives on eSignature/eSeal validation as a trust service and on the eSignature/eSeal validation report
  • Validate that the ETSI work takes into account major existing solutions and standards without overlapping with other initiatives
    • Review how signature / seal validation service providers intend to deploy or have deployed their service and whether the approach taken by ETSI adequately supports it
    • Collect questions, answers and feedback from the audience on the ETSI work

Target Audience

This event is of particular interest to:

  • eSignature/eSeal validation service providers
  • eSignature/eSeal consumers (e.g. administration, enterprises)
  • Conformity Assessment Bodies 
  • Supervisory Bodies
  • Policy makers
  • Other eSignature/eSeal related trust providers

Programme Commitee

The Programme Committee is made up of the ETSI STF 524 experts:

  • Jun Carlos Cruellas, DAC-UPC
  • Jean-Marc Desperrier, Morpho Cards
  • Alexander Funk, Governikus
  • Sylvie Lacroix, Sealed and STF 524 leader
  • Peter Lipp, Graz University of Technology
  • Andrea Röck, Universign

Agenda

09:00 Session 1: eSignature/eSeal Validation Landscape 
Presented by Sylvie Lacroix, Sealed and STF 524 Leader
The aim of the session is to introduce the legal and technical landscapes surrounding remote signature validation.
09:00 Legal Framework: the eIDAS Regulation and eSignature Validation as a (qualified) Trust Service
09:15 Technical Famework: Technical Concepts and Related Standardization Landscape
09:30 Questions & Answers
09:35  Session 2: Standardization Initiatives
Session Chair: Peter Lipp, TU Graz and STF 524 Expert
This session will review the standardization initiatives outside ETSI related to remote signature validation.
09:35 OASIS Activities on Remote Signature Validation
Andreas Kuehne, Trustable
09:55 CSC Activities on Signature Validation
Andrea Valle, Adobe 
10:15 Coffee Break
10:45  Session 3: Feedback from the Field - Consumers and Validation Service Providers Return of Experience
Session Chair: Sylvie Lacroix, Sealed & STF 524 Leader
This session will gather inputs from signature validation service consumers and providers on their experience in using and deploying such service.
It will also analyze their requirements in terms of standardization. It will discuss how standards can help the business and what impact the coming standards will have.
10:45 The Early Days of Validation Services – the PEPPOL Project and Lessons Learnt
Jon Ølnes, Unibridge
11:00 TrustWeaver Case
Johan Borendal, TrustWeaver
11:15 WebNotarius from Certum
Patrycja Wiktorczyk, Asseco Data Systems
11:30 Digital Signature Service: Field Experience
Frank Cornelis, e-Contract.be
11:45 The FutureTrust Validation Service - Today and Tomorrow
Vincent Bouckaert, Arηs
12:00 CEF Building Block for Validation of eIDAS Qualified Electronic Signature
Olivier Barette, Nowina
12:15 Questions and Answers
12:45 Networking Lunch
14:00 Session 4: Technical Solutions – Protocols and Validation Report
Session Chair: Juan Carlos Cruellas, DAC-UPC & STF 524 Expert
The aim of the session is to present and discuss ETSI ongoing work on validation protocols and report.
The session intends to gather as many inputs as possible from TSPs and other stakeholders on their requirements in terms of standardization in those areas.
14:00 eSignature Validation Protocols
Juan Carlos Cruellas, DAC-UPC & STF 524 Expert
14:30 Signature Validation Report
Peter Lipp, TU Graz & STF 524 Expert
15:00

Panel discussion with all speakers from Session 3 and 4
Through a guided discussion, the panel will discuss requirements in terms of standardization.

15:30 Coffee Break
16:00 Session 5: Auditing Schemes and Supervision
Session Chair: Andrea Röck, Universign and STF 524 Expert
The aim of the session is to present and discuss ETSI ongoing work on auditing schemes. 
The session also intends to gather inputs from Conformity Assessment Bodies (CAB) and Supervisory Bodies (SB) on the standards necessary to perform their duties as defined in the eIDAS regulation.
16:00 Policies and Security Requirements for Signature Validation TSP
Andrea Röck, Universign and STF 524 Expert
16:30 Panel
  • Conformity Assessment Bodies (CABs)
    • LSTI, Philippe Bouchet
    • A-SIT, Herbert Leitold
  • Supervisory Bodies
    • ANSSI & FESA, Romain Santini
17:00 Wrap up
17:15 Workshop Close

Biographies

BaretteOlivier Barette, Partner at Nowina Solutions.
Olivier Barette holds a Master degree in Computer Science Engineering from the Ecole Polytechnique de Louvain, Belgium.
He has been involved in digital signatures and PKIs for 15 years, and since 2010 in the implementation of the Services Directive, eSignature Directive and eIDAS Regulation regarding trusted lists and electronic signatures.
He is currently in charge of the lead & coordination of the European Commission CEF eSignature building block that is providing eSignature tools (DSS, TL-Manager, Trusted List Browser) and related support. For more info on CEF eSignature: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eSignature or [email protected]

Vincent Bouckaert, ARHS
Vincent Bouckaert leads the Digital Trust practice of ARHS Group, a major software development company headquartered in Luxembourg.
He holds a Master's Degree in Software Engineering.
Vincent is responsible for the development of software solutions that implement and leverage electronic signature concepts, both for the public and the private sector.
Before turning to a software development career, he worked as a cyber security consultant for a Big4 firm, where he was part of a penetration testing and security advisory team.

BorendalJohan Borendal, CTO TrustWeaver AB
Co-founder and Chief Technology Officer of TrustWeaver. Mr Borendal is responsible for maintaining technology leadership and product strategy for TrustWeaver, including leading TrustWeaver to becomeone of the first Qualified Trust Services providers under the new eIDAS regulation. Formerly Vice President Engineering for RSA Inc. and President for RSA Security AB. Mr Borendal has been an active member of CEN and ETSI for the last 10 years and served as the leader of CEN Electronic Invoice Working Group on integrity and authenticity.
More than 25 years of experience in managing the development of systems and service platforms for the IT security market. Has been on the Board of Directors of FollowIT, PharmaVision, Dynasoft AB and RSA AB. Currently a member of the TrustWeaver and Oneflow boards. Master of Science (1988) from the Royal Institute of Technology in Stockholm. Swedish nationality.

cornelisFrank Cornelis,e-contract.be
Frank Cornelis started his career with PhD research at the University of Ghent, next as quant for a large Belgian bank, to eventually turn his interest towards software security and applied cryptography. Frank Cornelis funded the company e-Contract.be in 2012. The company has a mature SaaS product line centered around the Belgian eID card. Before e-Contract.be, Frank Cornelis was responsible for the Belgian eID projects as eID Architect at FedICT, the Belgian federal ICT department. His domains of expertise include analysis of security properties of authentication and signature service protocols and their corresponding implementations, eID signatures as a service, AdES long-term validity, and construction of secure Java EE applications. Frank Cornelis was also professor at Erasmus Brussels for several years, where he taught a course on software security.
Frank Cornelis started his career with PhD research at the University of Ghent, next as quant for a large Belgian bank, to eventually turn his interest towards software security and applied cryptography. Frank Cornelis funded the company e-Contract.be in 2012. The company has a mature SaaS product line centered around the Belgian eID card. Before e-Contract.be, Frank Cornelis was responsible for the Belgian eID projects as eID Architect at FedICT, the Belgian federal ICT department. His domains of expertise include analysis of security properties of authentication and signature service protocols and their corresponding implementations, eID signatures as a service, AdES long-term validity, and construction of secure Java EE applications. Frank Cornelis was also professor at Erasmus Brussels for several years, where he taught a course on software security.

KuehneAndreas Kuehne, trustable Ltd
Andreas Kuehne is a graduate engineer (information processing) and a foundation member of the OASIS DSS / DSS-X technical committee. He is the liason person of the DSS-X with ESI TCs.
He is founder of trustable Ltd. This entity provides services, consulting and open source components regarding the use of (qualified) electronic signatures, authentication and PKI. Committed to open source software trustable has founded several projects and supports their public use by running
freely available services for more than a decade.

LacroixSylvie Lacroix, Sealed
Sylvie Lacroix, CISA (Certified Information Systems Auditor), Managing Director of SEALED, is an eSecurity consultant with +20 years of experience. With a Master from the Ecole Polytechnique de Louvain as technical background, Sylvie started her career as researcher in cryptography at the UCL University. She acquired a significant experience in business representation and exploitation of security, cryptography and PKI topics. Sylvie participated to the implementation of major projects within Europe and beyond, such as national eID cards and ePassports projects. Sylvie was expert for several European studies on eSignatures that served as a milestone to draft the eIDAS Regulation. She worked for prestigious organisations such as European Governments, the European Commission, large enterprises and CEN and ETSI, the two major European standardisation bodies. Sylvie is leading the ETSI Special Task Force on signatures validation (STF 524) and is also the editor of security policies for TSPs.

LeitoldHerbert Leithold, SIC
Herbert is Secretary-General of A-SIT, Secure Information Technology Center – Austria, and board member of the non-profit foundation Stiftung Secure Information and Communication Technologies (SIC). He holds a master of telecommunications and informatics.
Herbert's main expertise is in electronic signatures and electronic identity. He contributed to the EU eID Large Scale Pilot "STORK" where he served as Member State Council co-chair, was pilot leader of the integration with the European Commission Authentication Service (ECAS), as well as leader of the new technologies work package. In the successor projects STORK 2.0 and eSENS Herbert coordinated the Austrian contribution as chairman of the national consortia management teams. He is member of the eIDAS Expert Group and eIDAS technical subgroup. Herbert is also Austria's alternate member of the ENISA Management Board.
Further involvement in EU projects are Cloud for Europe where he led the pre-commercial procurement technical specification development. In the H2020 SUNFISH project on public administrations' private cloud federation Herbert was WP leader of the requirement analysis. In the H2020 project FutureTrust he will work on evaluation criteria for trust service providers.

 

lippPeter Lipp, Stiftung Secure Information and Communication Technologies.
Peter Lipp is Assistant Professor at IAIK, Graz University of Technology and CEO of Stiftung Secure Information and Communication Technologies.
He is responsible for the Java-Crypto-Development at IAIK and has been involved in security, digital signatures and PKI for more than 20 years.
He currently leads STF 539 on remote signature creation and is the editor of the signature validation report standard. He also has been the editor of the standard for Creation and Validation of AdES Digital Signatures.

OlnesJon Ølnes, Unibridge
Jon Ølnes holds an M.Sc degree in informatics from the University of Oslo and works for Unibridge AS, a consulting company specialising in electronic identity and e-signature. He is a member of the ETSI ESI (Electronic Signatures and Infrastructures) committee and participates as expert in ETSI STF-523 on development of eDelivery standards. He has about 15 years' experience from work on international aspects of e-signatures, among others as one of the main architects for the global validation services solution that was successfully piloted by the PEPPOL large-scale pilot project. He has published numerous journal/conference papers on e-signature topics and is a frequent speaker at conferences and workshops in Europe.

rockAndrea Rock, Universign
After her PhD in Cryptography at InRIA Paris-Rocquencourt, France in 2009, on the topic of random number generators and stream ciphers and a two year Post-Doc at Aalto University, Finland, Andrea Röck started working on the topic of electronic signatures at Cryptolog / Universign in 2011. She participates since 2012 actively in ETSI work, was members of several special task forces and rapporteur of different ETSI ESI documents. At Cryptolog / Universign she participates in the development of the technical components implementing the standards on electronic signature related topics. This includes the components for signature creation, signature validation, the analysis of the European Trusted List, the module for the certificate creation and PKI work.

Romain Santini, ANSSI
Romain Santini graduated from the ENSICAEN engineering school with a Master degree in engineering, specialised in payment systems and information security. He began his career at Bull, in the Payment Systems and Public Key Infrastructure division, providing professional services related to hardware and software security products. He then shifted to consulting activities in the field of information systems security and trust services. He joined the French Cybersecurity Agency (ANSSI) in October 2015 as a project officer in the Risk Management and Security Regulation unit, inside the External Relations and Coordination department. Since the beginning of 2016, Romain has been in charge of coordinating activities related to the implementation of the eIDAS regulation at ANSSI. He has also been appointed as the Chair of the Forum of European Supervisory Authorities for trust service providers (FESA) in November 2016.

Andrea ValleAndrea Valle, Adobe Systems
He is Senior Product Manager in Document Cloud business unit.
In 1993 he was among the first in the world to adopt the PDF format developed by Adobe, soon becoming the de facto standard worldwide for electronic documents. With this experience, he joined Adobe in Italy as Product Specialist for Acrobat, then he held other positions in the EMEA region as pre-sales and business development director.
During his tenure at Adobe he has supported many corporate and government organizations to implement major projects related to dematerialization and secure document management, with a focus on digital signatures, information security and accessibility.
By attending as speaker at countless seminars, conferences and public events around the world, he helps develop a culture of innovation on the matters of electronic documents, electronic signatures, information security and related standards.
He is currently responsible for the design and development of digital signature features in Adobe Acrobat and Adobe Sign, for desktop products, cloud services and mobile apps.
He is actively involved in standardization activities as a member of main standards setting organizations like ISO, OASIS and ETSI, in particular as a contributor to standards like ISO 32000 (PDF specifications) and ETSI EN 319 142 (PAdES Digital Signatures).
He's also the Chairman of the Cloud Signature Consortium, an association developing interoperable standards to facilitate the adoption of cloud-based digital signatures.