ETSI and Open Banking Europe (OBE) had the pleasure to invite you to the eIDAS meets PSD2 workshop, an event on securing access to financial services with qualified certificates.
This one day workshop took place on 20 March 2018 at ETSI Headquarters in Sophia Antipolis.
ETSI is developing a standard for the use of EU Qualified Certificates, as defined in Regulation (EU) No 910/201 (eIDAS), profiled to meet the requirements for securing communications between payment services under Directive (EU) 2015/2366 (PSD2).
This event aimed at explaining the PSD2 Qualified Certificates as specified by ETSI in TS 119 495 and discussing its usage with eIDAS trust service providers and PSD2 payment service providers.
This was a joint workshop with Open Banking Europe (OBE), a multi-national community of Associations, Regulators, Banks, TPPs and Service Providers for PSD2.
This event was of interest to:
- Technical officers and architects in Banks and third party payment service providers using PSD2 qualified certificates.
- Technical officers and architects in trust service providers offering PSD2 qualified certificates.
- European and national regulators who oversee the operation of trust service providers
- European and national supervisory bodies who oversee the operation of trust service providers
- European and national financial competent authorities who oversee the operations of banks and third party payment service providers.
650 Route des Lucioles
06921 Sophia Antipolis, France
Tel: +33 4 92 94 42 00
Nick Pope, ETSI TC ESI Vice-Chairman
|Session 1: Discussion on PSD2 meets eIDAS - Moving from Regulation to Operation
A discussion and exchange of views on the opportunities and challenges of innovation in Europe, hosted by John Broxis, Open Banking Europe.
|Session 2: Background to PSD2 Access to Account, eIDAS and Certificate Profile
|Payment Services Directive (PSD2) Context
John Broxis, OBE
|eIDAS Qualified Trust Service Providers (QTSPs) and Qualified Certificates
Nick Pope, ETSI TC ESI
|Introduction to Qualified Certificates Supporting PSD2
Michał Tabor, ETSI TC ESI
|Questions and Answers
Session 3: Demonstration of the PSD2 Qualified Certificate Registration Experience and an Example of Securing End to End Transaction with PSD2 Certificates
|15:45 - 16:25
Session 4: Roundtable on how eIDAS meets PSD2
Moderators: Nick Pope, ETSI TC ESI and John Broxis, Open Banking Europe
Nick Pope, ETSI TC ESI & John Broxis, Open Banking Europe
|16:30 - 18:00
A draft for public review and comment of the draft PSD2 Qualified Certificate standard.
ETSI TS 419 495 was distributed with this agenda with close of commenting period on 23rd March immediately following the workshop.
Carmine Auletta, InfoCert SpA
Carmine is InfoCert's Chief Innovation Officer where he is responsible, among other things, of Innovation, New Products Development, Strategic Planning and International development.
Prior to joining InfoCert, Carmine gained 12 years of work experience in the energy sector working for Terna where he covered the role of Chief Technology Officer and VP of Marketing and Innovation. While in Terna, Carmine was also designated Chairman of CASC Audit Committee, the European central auction office for cross-border energy transmission capacity with a Net Turnover of 1.8 bln€. Previously, Carmine gained 10 years of international work experience within Bain & Company and Accenture.
Carmine studied in Italy where he earned a Bachelor's degree in Computer Science and a Master's degree in Telecommunications; he completed his academic background in the USA with an MBA from the Kellogg Northwestern University. He has published several papers on Physical Review B and Physica C.
Gábor Bartha, European Commission
Gábor Bartha works for Unit H4 (eGovernment and Trust) at Directorate General Communications Networks, Content and Technology (CONNECT) as a legal/policy officer. He is responsible for the eIDAS domain. Previously he was assigned to the eIDAS Task Force with the same duties. He is responsible primarily for legal aspects of electronic identification and trust services since 2009. Now he is the leader of the legal team responsible for eIDAS. Previously he worked in DG Competition on antitrust cases.
A Hungarian lawyer by training, before coming to Brussels, he worked in Bogsch and Partners Law Firm in Budapest dealing with business and IT law representing multinational companies.
Oliver Bieser, Deutsche Bank AG
Oliver Bieser is a Domain Architect for Payments at Deutsche Bank. Based out of Frankfurt/Eschborn, Oliver is representing Deutsche Bank in the BdB PSD2 Project Group, the DK-DACH PSD2 TaskForce of the German Banking Industry Committee and the NextGenPSD2 TaskForce of the Berlin Group.
Prior to his engagement with the PSD2, Oliver has managed a variety of payment projects with pan European responsibility. Amongst other major initiatives, he has been involved in the roll-out of Deutsche Bank's SEPA technology, TARGET2, and SEPA Card Clearing. Prior to these projects, Oliver has been involved in projects within core banking systems for retail and corporate business and has, for example, managed the technical roll-out of the Deutsche Bank legal entity in the Ukraine.
Oliver hold a degree in computer science from the Technical University of Applied Science, Bingen.
Ann Börestam, European Central Bank
Ann Börestam Adviser Market Integration, European Central Bank, is coordinating work related to retail payments and financial integration. She has been intensely involved in retail payments innovation and the legal aspects of payment integration, as well as in payment related Union legislation. Before joining the ECB, Ann worked for the Swedish Bankers' Association, the Swedish Ministry of Industry and the Swedish ACH, Bankgirot. Ann has a Master of Law Degree from Stockholm University.
John Broxis, PRETA
John has been working in payments and banking systems since 1997 with Logica (now CGI) in London and Saudi Arabia. He moved to EBA CLEARING in 2002 to support the development and launch of STEP2, the pan-European ACH. In 2007, he became Director of STEP2 taking the platform through SEPA migration to be the largest clearing system in Europe, and one of the most sophisticated globally. In 2010, John created MyBank, a pan-European e-authorisation solution for online payments, which went live in 2013. In 2014, MyBank was moved to a separate company, PRETA S.A.S. with John as Managing Director. In 2016, John conceived and launched the Open Banking Europe programme to support the industry to understand the collaborative requirements from PSD2 access to account solutions.
Julie Connor, Bank of Ireland
Julie has worked on various EU legislation related to payments such as SEPA as well as PSD2 and the associated Regulatory Technical Standards. She has spent over ten years working in technology working in insurance, software simulation, image analysis as well as financial services. She has spent the last 10 years working in financial services directly, focussing specifically on payments. She participates in various fora at both national and European level and would be recognised among her peers as an expert on EU payments related legislation and how it impacts banking. Currently she participates on PSD2 related initiatives in Ireland and Europe focussing on what's required to facilitate PSD2 Open Banking. As well as poring over the legal requirements her approach is to identify the most pragmatic way of achieving compliance with the best possible outcome for the bank's customers as well as leveraging opportunity in the ever increasing regulatory environment through collaboration within the growing ecosystem.
Riccardo Genghini, eWitness, ETSI TC ESI Chairman- eIDAS
Riccardo Genghini is a "one of a kind" lawyer: interested in the normative power of language as the pre-condition of natural law. He is influenced by the writings of Thomas Sebeok, Walter J. Ong, John Searle, Maurizio Ferraris, Steve Mithen, John Rawles, Lawrence Lessig, and Angus Maddison, with his research is focused on the changes of customary law as a consequence of digitalization. The outcome of his research is that most problems in IT are design problems, not ontological problems. The next question therefore is "what is proper design"? On this path, he ended in being involved in the standardisation of digital signatures, documents, mails, archives and in designing his applications for such technologies. From 2011 to 2015 he supported the EU Commission's in drafting of the Regulation 2014/910/EU (eIDAS Regulation) and is still working on its implementation through European standards as Chairman of ETSI-ESI and of the eSign Coordination Group.
Chris Kong, Azadian
Chris Kong is currently Managing Director for Azadian (an R&D and Intelligence company), and is a Senior Advisor for the Open Banking Europe (OBE) programme with Preta S.A.S. In early career, he worked in UK Military & Government as an Army Officer, in various roles across Africa and the Middle East. He then joined American Express as Senior Manager R&D, to develop hardware, technical standards and industry adoption for EMV and NFC Contactless – including the Mass Transit Contactless programme for Transport for London. Later, he wrote PCI standards for Mobile POS (mPOS) P2PE & Bluetooth, and his R&D team helped develop Mobile HCE technology – later market adopted by Apple, Google and Samsung for mobile payments with biometrics. After a short term at Royal Bank of Scotland Group as Head of Payments Innovation (APIs & Blockchain), he co-Chaired an ERPB PSD2 Identity Subgroup run by the EC and ECB, before officially supporting Open Banking Europe and acting as a liaison with ETSI - ESI for eIDAS/PSD2 Certificates. He has a BA in Business Management, a MSc in Technology and Innovation Management, and has held a UK Queen's Royal Commission.
Thomas Kopp, LuxTrust
Thomas Kopp started his professional career in 1987 after having finished studies of mathematics & computer science with diploma degree at the University of Saarbrücken in Germany. During the subsequent 25 years, he took on various professional roles and acquired in-depth knowledge and expert competences in numerous fields of information processing with special focus on parallel computation, network protocols, security infrastructures, PKI and Advanced Electronic Signatures. Thomas joint LuxTrust S.A. in Luxembourg as Head of IT Development in 2012 after having formerly been responsible for the Security Development Department of DIaLOGIKa GmbH in Germany. He became responsible for the LuxTrust IT Department in 2013, finally released operational obligations in 2016 to concentrate on innovations and new technologies as the LuxTrust Chief Scientist.
Nick Pope, Thales
Nick Pope is a principal consultant at Thales e-Security supporting their customers on use of Thales' hardware security modules in banking, governmental and commercial sectors, specialising in eIDAS. He has been involved in EU standards relating to electronic signatures for more than 15 years and before that the development of X.509 standards in ISO. Currently, Nick is vice-chair of the ETSI TC ESI, chair of the ESI steering group on signature creation and validation, and liaison representative on the CEN Working Group on signing devices. Previously, he led the STF on standardisation for trust services supporting electronic signatures.
Kornél Réti, Microsec Ltd
Kornél Réti is a research engineer at Microsec Ltd., the leading certificate authority (CA) and prominent supplier of Public Key Infrastructure (PKI) technology in Hungary. He has deep technical knowledge on the theoretical background and security aspects of PKI. He has hands-on experience in the application of various PKI-based solutions, such as electronic signatures, electronic seals, webserver certificates, time-stamping, long term preservation, registered e-delivery, eID, mobile ID, remote signing, validation, authentication, encryption, e-documents and e-administration. Kornél Réti actively participates in the work of the European Telecommunications Standards Institute (ETSI) Technical Committee (TC) Electronic Signatures and Infrastructures (ESI) since 2015. He has been involved, among others, in the updates of TSP policy documents and creation of PSD2 certificate profiles. He is a member of the Specialist Task Force within TC ESI producing standards for electronic registered delivery (ERD) and registered electronic mail (REM) services. He is also a member of the Hungarian Association for Electronic Signature. Kornél Réti has studied at the Budapest University of Technology and Economics, holds a Master's Degree in Technical Informatics, specialized in IT security.
Michal Tabor, Technologie Informacyjne Michal Tabor
Graduate of the Faculty of Mathematics, Informatics, and Mechanics at the University of Warsaw. The expert in an electronic signature, PKI systems, electronic administration and security of information. Author of many solutions in the area of authentication, electronic signature and electronic document that are in operation in Poland, especially of the widely used tax declaration electronic signature based on knowledge. Expert in Polish Information Processing Society. Expert in Polish Chamber of Information Science and Telecommunication in the area of identification, authentication and electronic signature. Partner in Obserwatorium.biz, an independent Polish consulting firm specialized in creating and implementing digital strategies in enterprises, mainly from the financial sector and public administration. R&D Advisor of Autenti Ltd., online signing platform, and implementation services on European markets.
Elżbieta Włodarczyk, Director, Digital Signature Business Unit, KIR Poland
Elżbieta Włodarczyk is an expert in the field of public key infrastructure (PKI). She started her professional career in 1995 after completing her mathematics studies at the University of Warsaw. Since 1999 she has been working at KIR - the Polish clearing house, where she created one of the first commercial certification centers in Poland. She is the director of the Electronic Signature Business Unit. Since 2001 she has been the manager of Szafir Certification Center, which provides both qualified and non-qualified services, including issuing certificates, time stamps, OCSP service. Currently, she is responsible for the electronic signature and trust services as well as compliance with eIDAS, Polish law and Webtrust standards. Elżbieta participated in the creation of the Polish act on trust services. She is an active member of working groups at the Polish Bank Association dealing with the issues of PKI, authentication and e-identity.