eSignature & electronic Trust Services standardization workshop

ETSI organized a workshop on E-signatures & Electronic Trust Services standardization that took place in Sophia Antipolis on 3rd December 2013. 

Introduction

Introduction

European standardization organisations have been enhancing the interoperability of electronic signatures throughout Europe, by providing a rationalised framework for their standardization, building on existing European standards.
This maximises mutual recognition and the cross-border interoperability of electronic signatures within the regulatory framework, for electronic identification, authentication and signatures being established by the European Union.
In parallel to the development of new regulations, the European Commission issued a standardization mandate (M/460) in December 2009 for the realisation of this framework on which CEN and ETSI are now working.

This rationalized framework is structured in 6 domains:

  1. Signature creation and validation
  2. Signature creation and other related devices
  3. Cryptographic suites
  4. Trust Service Providers supporting signature
  5. Trust Application Service Providers
  6. Trust Service Status Lists Providers

Goals of this workshop

The objectives of the workshop were to:

  • present the ongoing activities under the rationalised framework for European e-signatures standards, and the work progress in the six mentioned domains;
  • get feedback on standardization work from market stakeholders which implement/provide/audit/use e-signatures products and services;
  • assess and discuss impact on the rationalised framework with respect to feedback above.

Target Audience

This event was of particular interest for the stakeholders of the e-signature market including product manufacturers, trust services providers, European member states, national accreditation bodies, conformity assessment bodies, supervision authorities, etc.

Agenda

SESSION 1: Introduction and Keynotes
Session Chair:
Riccardo Genghini, ETSI TC ESI & CEN-ETSI e-SIGN coordination group Chairman
09:00 Welcome Address
Luis Jorge Romero, ETSI Director General
09:05 Workshop overview
Riccardo Genghini, ETSI TC ESI & CEN-ETSI e-SIGN coordination group Chairman
09:20 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (eIDAS) - Standardisation needs and Progress of the legislative process
Gérard Galler, European Commission
09:40 Questions and Answers Session
09:45 COFFEE
SESSION 2: Work Progress for Phase 2 of M/460 Mandate
Session Chair: Riccardo Genghini, ETSI TC ESI & CEN-ETSI e-SIGN coordination group Chairman
Objective: This session will present the ongoing activities and the work progress under the rationalised framework for European e-signatures standards; it will focus on elements of major importance to market stakeholders.
Speakers: Olivier Delos (Sealed), Nick Pope (Thales), Juan Carlos Cruellas (Universitat Politècnica de Catalunya), Franck Leroy (certinomis), Béatrice Peirani (Gemalto), Gisela Meister (Giesecke & Devrient GmbH)
10:15 - Rationalized Framework and Business guidance
- Signature Creation and Validation
  - Signature creation and other related devices
- Trust Service Providers supporting signature
- Testing
11:15 Questions and Answers Session
Panel discussion
SESSION 3: Views and Feedback from Governmental Stakeholders on Standardization
Session Chair
: Olivier Delos, Sealed & ETSI STF 457 leader
Objective: This session will aim at getting feedback on the relevance of standardization work from European Large Scale projects and from EU member states. Speakers will explain what, in standards, is useful, useless, missing, ill-defined, to be enhanced, etc. in order to fulfil their needs.
 11:45 European Large Scale Project, e-CODEX
Adrian Klar, IT.NRW
 12:05

An Electronic Signature Service Infrastructure for the European Commission
Philippe SCHNEIDER, EC DG DIGIT

12:25 LUNCH
 13:50 EU Member State: Luxembourg
Pierre Zimmer, CTIE
 14:10 Advanced security mechanisms for machine readable travel documents and eIDAS token – Protocols for electronic Identification, Authentication and trust Services
Stefane Mouille, Gemalto
 14:30 Estonia: 10 Years and 100 Million Digital Signatures Later
Tarvi Martens, AS Sertifitseerimiskeskus
 14:50 Questions and Answers Session
Panel discussion
 15:15  COFFEE
SESSION 4: Views and Feedback from Market Stakeholders on Standardization
Session Chair:
Nick Pope, Thales & ETSI STF 458 leader
Objective: This session will aim at getting feedback on the relevance of standardization work from market stakeholders which implement/provide/audit e-signatures products and services. Panellists will briefly introduce their organization, what they like in e-sign standards and what they don't like. The positions will then be discussed and debated in a panel.
 15:45 Panel discussion with 6 panellists, including: 
- Alphatrust Corp. (Bill Brice)
- ARX/Itagile (Ari Seror, ARX - Gianni Sandrucci, Itagile)
- DocuSign (Sebastien Francois)
- LSTI (Philippe Bouchet)
- Safe Bio-Pharma (Viky Manaila) 
- Unizeto (Marcin Szulga)
SESSION 5: Impacts of Stakeholders Feedback on the Standardization Work
Session Chair: Riccardo Genghini, ETSI TC ESI & CEN-ETSI e-SIGN coordination group Chairman
Objective: The objective will be to assess and discuss impact on the rationalised framework with respect to feedback above.The workshop participants will be invited to raise their comments, questions and reactions which will be discussed with the CEN and ETSI standardization experts
 17:00 Feedback from the audience on standardization
Riccardo Genghini, ETSI TC ESI & CEN-ETSI e-SIGN coordination group Chairman
 17:30

Concluding remarks
Riccardo Genghini, ETSI TC ESI & CEN-ETSI e-SIGN coordination group Chairman

 18:00 END OF DAY

Biographies

Bill BriceBill Brice, AlphaTrust Corporation
Bill Brice founded AlphaTrust Corporation in 1998 to capitalize on a sustained, long-term shift from paper-based document processes to fully electronic document processes. A noted entrepreneur, Bill is considered one of the industry “pioneers” and is a leading world authority on electronic and digital signatures. His expertise in electronic signatures is centered on their applicability to particular work processes, transaction types, and risk/reward analysis.
Mr. Brice began his career while attending Southern Methodist University in Dallas, Texas, from which he received his BBA. In 1978, Bill co-founded Brice Foods. As Chairman and CEO, he grew the company into a global enterprise best known for its chain of “I Can’t Believe It’s Yogurt!” stores. This enterprise quickly expanded to 1,500 franchise locations in 43 countries, with manufacturing operations on four continents.
Mr. Brice is the 2014 Chairman of the Board of the Electronic Signature and Records Association (ESRA), the premiere organization focused on education and the removal of barriers to the adoption of Electronic Signatures and Records globally. ESRA membership is open to all.

Olivier DelosOlivier Delos, SEALED 
SEALED is the association of skills and expertises from two senior e-Security & e-Solutions consultants, Sylvie Lacroix (CISA) and Olivier Delos (CISSP, CISA), totalizing more than 35 years of experience in e-Security. They are recognised European experts in the areas of e-Signatures, e-Proofs, PKI and eID design & consulting, combining academic, legal, technical and business implementation expertises in these matters.  
From a technical background, with a M.S. degree in Computer Science Engineering (Ingénieur civil en informatique – June 1991), Olivier started his career as research assistant in cryptography at the Université catholique de Louvain-la-neuve, before moving to Belgacom – the major telecom operator in Belgium where he founded, set-up and managed the E-Trust Services, the first Belgian Certification Service Provider issuing qualified certificates, providing time-stamping services and registered email (now Certipost).
In 2005, Olivier founded his own company, SEALED, together with Sylvie Lacroix, to advise numerous customers including European governments (e.g. eID, ePassports, eSignatures), corporate enterprises, the European Commission (e.g. CROBIES, Trusted Lists) as well as international institutions (e.g. various PKI related matters) through major projects ranging from concrete business and practical implementations and consulting projects to R&D and technical implementation expertise.
Olivier is today one of the main architects and a strong defender of the current European tracks for improving in a consistent way the legal, technical and trust model aspects of electronic signatures, such parallel improvements being a necessary condition for the facilitation, adoption and recognition of electronic signatures.
He is a member and leader of the technical tasks of the past and current IAS studies supporting the European Commission (i) with regards to the feasibility of a comprehensive EU legal framework for identification-related electronic credentials and related trust services required to secure electronic transactions and (ii) further contributing to the establishment of the future EU legal framework for trust services and trust service providers including certification authorities.
He is an active, recognized and consulted expert in standardisation aspects of electronic signature and PKI-based trust services through his personal involvement in some ETSI Specialist Task Force in charge of developing some of the related standards, through the conduction of key studies on the standardisation aspects of e-signatures and on cross-border interoperability of electronic signatures (CROBIES) having supported the Commission in writing the Mandate M460 in the field of ICT applied to electronic signatures. M460 aims to set-up a rationalised standardisation framework for electronic signatures and related trust services in line with the future legal framework. Olivier leaded the first phase of this rationalisation work in ETSI ESI.
On the trust model aspects, Olivier is the expert at the genesis of the EU Member States Trusted Lists and the EC List of the List (LOTL), advising the European Commission in the context of the adoption of CD 2009/767/EC as amended and monitoring the quality of EUMS Trusted Lists. He is the editor of the ETSI TS 119 612 - "Trusted Lists" technical specifications and active in specifying the related mutual recognition aspects with 3rd countries and international organisations.
Olivier has numerous publications and is active speaker in major conferences in Belgium, Europe and beyond.

Sebastien FrancoisSebastien Francois, DocuSign
Over thirteen years experience in Electronic Signature, Access and Identity Management and Public Key Infrastructure, Sebastien has deep knowledge and experience from the technical side to business strategy side.
His strong track record in security projects, for private and public organizations, has been highlighted by direct contribution to national projects in France (e.g. FC2, Interops), and European programs (eIDAS, STORK, PEPPOL) as well.
For DocuSign, Sebastien is in charge of developing the European market with a focus on France.

Gérard Galler, European Commission, Communication Networks, Content & Technology DG «eIDAS Legislation Team» Task Force
Gérard Galler's studied Electrical Engineering at the University of Brussels and Artificial Intelligence at the University of Essex. He started his career in the industry by managing several projects such as software for the European launcher Ariane V and other space vehicles, for electronic payments over the internet or for road traffic management.
He joined the European Commission in 1998 to support research on smartcards through the EU Framework Programme for Research. He ran eEurope Smartcards, a policy initiative in the early 2000 to foster the pan-European deployment of smartcards. From 2003 till 2006, he served scientific counsellor in the European Commission Delegation to Georgia & Armenia where he also dealt with EU assistance. Within DG CONNECT, he is in charge of the electronic signatures Directive. He is one the co-authors of the proposal that was tabled by the European Commission in June 2012 for a "Regulation on electronic identification and trust services for electronic transactions in the single market".

Riccardo GenghiniRicardo Genghini, Studio Genghini & Associati, ETSI TC ESI Chairman
Riccardo Genghini is not only one of the best known specialists in the field of electronic signature standards, he is also a respected academic, Visiting Professor of Comparative Commercial Law at the Università Cattolica del Sacro Cuore of Milan. Developer of technologies for the certification of digital data, transactions and identities, since 2010 he is the Chairman of the Electronic Signatures Coordination Group, which coordinates the standardization effort of CEN and ETSI in the field of electronic signatures, with the aim of providing a rationalised framework for electronic signatures at EU level (EC mandate 460). This role has been acquired thanks to his experience as Chairman of technical bodies both in CEN (ISSS - Information Society Standardization System) and ETSI (ESI - Electronic Signature and Infrastructures). Moreover, he currently carries out his activity as a Public Notary in Milan, where in 1990 he founded the Studio Notarile Genghini, one of the most technologically advanced legal offices in Italy and in Europe in working with digital agreements and deeds.

Adrian Klar, IT.NRW
Adrian Klar is a software developer working in the field of e-Signatures for the large scale project e-CODEX. After his graduation in “Electrical Engineering and Communication Technology” at the University of Applied Sciences in Bielefeld with a Dipl. Ing.(FH) he started working for IT.NRW in Germany in the beginning of 2010. Working there he joined the “e-Identity and e-Signatures” team of e-CODEX in the beginning of 2011.

Viky ManailaViky-Teodora Manaila, Trans Sped
Viky-Teodora MANAILA graduated Physics at University of Bucharest and holds a Master in e-Business, Cryptography and Electronic Signatures.
She is managing director for Trans Sped, an accredited Trusted Service Provider, issuing qualified certificates. With high knowledge in national, EU, and US policies governing the operation of certification authorities, she deployed and is running different types of Public Key Infrastructures (PKI) including “Zero foot print roaming credentials”.
Viky was involved from the very beginning in the SAFE-BioPharma project established by the biopharmaceutical industry to speed its transformation to a fully electronic environment by using digital identity and electronic signatures.
Trans Sped is one of the four CAs cross-certified with SAFE and Federal Bridge of US and the only one to issue qualified certificates compliant with the SAFE-BioPharma digital standard, since 2008.

Tarvi MartensTarvi Martens, AS Sertifitseerimiskeskus
Tarvi Martens, born in 1969, has been a key figure in the Estonian IT and information security field for the past dozen years. He has an MSc degree from Tallinn Technical University, with his thesis being on the theme "On Evidential Value of Digital Signatures".
Tarvi has been building governmental internet (1993-1997), developing information security and PKI products (1997-2001) and being actively involved in various aspects of developing Estonian e-government in a whole.
Tarvi was among the originators of the Estonian ID card project in 1996 and has been a supporter and dedicated evangelist of it ever since. In 2002, Tarvi joined SK where he laid down the original concept of DigiDoc, the national de facto standard in Estonia for digital signatures.
In 2003 Tarvi started with the e-voting project with National Electoral Committee in order to provide Estonian electoral system with Internet voting capability. The system is used in total five times in pan-national elections from 2005. In the last 2011, Parliamentary elections the number of Internet voters reached almost 25% of all votes casted.
Tarvi has often written articles and given presentations at various events to popularise the Internet usage and applications in Estonia. He is a frequent speaker in European IT-security events and representative of the Estonian Government in various EU working groups.
On 2007, Tarvi received the “Top Outstanding Young Person of the Year” award from JCI (Junior Chamber International) for the achievements in technological developments

Stefane MouilleStefane Mouille, Gemalto
Stéfane Mouille, Director Strategy and Business Development, Government Programs - Europe, Gemalto 
Stéfane has many years experience in the smart card and digital security industry, leading projects in both the Banking and Public Sector’s.
His responsibilities include the definition and implementation of European strategy for e-health and e-ID within Gemalto. This involves managing Gemalto’s activities within several national health and identity schemes such as in France, Germany, UK, Poland, Italy, Sweden, Finland, Slovenia, and also several European regulations such as eIDAS, electronic passport, resident permit and the smart border package.
Prior to his current role, Stéfane was Marketing Manager for Banking and Retail within Gemalto and has also held several positions in Product Marketing, Field Marketing and Business Development. 
Stéfane holds a Degree in Electonic Engineering, a Master Degree in Marketing and Management from ESC Wesford Grenoble and a Master Degree in Political Sciences from Sciences Po Aix-en-Provence - France.

Beatrice PeiraniBeatrice Peirani, Gemalto
Beatrice Peirani is Technical Marketing Manager in the Standardization & Technologies department, and security expert in Gemalto.
Beatrice Peirani is involved in standardization activities around electronic signature since 2002 and active contributor to CEN TC224 WG16 group in charge of smart cards and electronic signature (SSCD, EN 14890).
Beatrice Peirani was expert for the European Mandate M/460 Phase 1 (ETSI task force on rationalized framework) and now expert for the Phase 2 at CEN and ETSI level.

Luis Jorge RomeroLuis Jorge Romero, ETSI Director General
Luis Jorge Romero, Director General of ETSI, has more than 20-years experience in the telecommunications sector.
At ETSI he has initiated a global standardization partnership for Machine to Machine communications, and has driven the implementation of the ETSI Long Term Strategy, an ambitious plan to prepare the institute for the future.
Previously he has held diverse Director positions in Spain, Morocco and Mexico, predominantly with Telefonica.
As Global Director for International Roaming and Standards, and Director of Innovation and Standards, he oversaw Telefonica's participation in global standardization activities, and participated directly in the work of the Next Generation Mobile Networks (NGMN) Alliance and in the GSM Association (GSMA).
Before joining ETSI in July 2011, he held the position of Director General of Innosoft and was also a partner and board member of Madrid-based Innology Ventures.

Gianni SandrucciGianni Sandrucci , founder and CEO of ITAGILE
Gianni Sandrucci is the founder and CEO of ITAGILE, Italy (www.itagile.it). Itagile is a company providing agile solutions for digital document - mainly innovative digital signature technology - to a number of central public administrations, institutions, banks, certification authorities and many other companies and public organizations.
Before ITAGILE Gianni Sandrucci has been the CIO and founder of Agorà telematica the first company in Italy that provided commercial access to Internet and later document and record management systems to public administrations.
Gianni Sandrucci is a doctor in Juridical Science.

Philippe SchneiderPhilippe Schneider, European Commission, DG Informatics, Corporate IT Solutions and Services
Philippe has an Engineering Diploma from the Institut National des Sciences Appliquées of Lyon, France and a Master's Degree in Computer Science from Brigham Young University, UT, USA. After 14 years at Alcatel Business Systems in Strasbourg in various positions, mostly at the Research Department, Philippe joined Hughes Network Systems in Germantown MD, USA, as a Principal Engineer, then as a Technical Manager for the Network Operations Control Center Service Management design team.
Philippe joined the European Commission in 2005. Since 2006 he is in charge of the ESSI project, the Electronic Signature Infrastructure Service for the EC that started production in 2010.

Ari Seror

Ari Seror, Director of Professional Services, ARX
Mr. Seror is responsible for Pre-Sales activities and for fulfilling unique requirements by ARX clients for customizing the company’s products, services and technologies. Mr. Seror is also in charge of the special development of tailor-made projects.
Before joining ARX, Mr. Seror served in the Israeli Air Force as a Software Engineer. From his first ARX position as a team leader in R&D, he moved to Technical Support Manager, responsible for overseeing preparation and follow-up for sales activities, and finally became Director of Professional Services.
Mr. Ari Seror holds a Bachelor of Science degree in Computer Science and Mathematics from Bar Ilan University, Israel.

Marcin Szulga

Marcin Szulga, Head of Research and Development in Unizeto Technologies SA
Closely cooperating with Certum QCA.
Nine years of experience in development and deployment of  PKI-based solutions. 
Still discovers new ways how to increase ROI of trusted services.

Pierre ZimmerPierre Zimmer, Government CIO of Luxembourg & appointed director of the State Information Technology Center of Luxembourg (CTIE)
Since 2009, Pierre Zimmer is the Government CIO of Luxembourg and appointed director of the State Information Technology Center of Luxembourg (CTIE). He acts as trusted advisor to Ministers and provides expertise and guidance to public administrations and State sector agencies. His responsibilities include defining a Digital Strategy for the Government and as member of the Cyber Security Board enforcing the National Cyber Security Plan.
Pierre is also Managing Director of LuxTrust s.a. established in November 2005 through a partnership between the Luxembourg Government and the major private financial actors in Luxembourg. LUXTRUST s.a. was created to become a Certification Service Provider whose purpose is to provide to each end-user in Luxembourg, but also outside national borders, the means for electronic signatures for both public and private e-applications.
Since August 2012, Pierre holds the position of Managing Director at INCERT GIE, an entity created to provide PKI services to secure travel documents and to put in place a clearing center for establishing secure messaging services to end-users and companies.