Embed Size (px)
Citation preview
TIE
TIE – European Commission R&D Project
Project Number 26763
mobile: +44 (0)7867-824237
Trust services Infrastructure for Europe
Cross Border Trade & Identity
EU Legislation –
Electronic Signature
Data Protection
Trust service Infrastructure for Europe with Application Interoperability
Drive on using TIE as a catalyst - working and leading with government
& business with regulators followingRecommendation
European Trust Challenges
Global Trust Challenges ?
EU LEGISLATION on E-Commerce
Directive on
Electronic Signatures
draft Directiveon
Copyright in the Info Soc
Directive 98/48/EC on
Regulatory Transparency
Directive 98/84/ECon
Conditional Access Services
Directive 95/46/ECon
Data Protection
Directive 97/66/ECon
Data Protection in Telecoms
draft Directive on
Legal Aspects E-Commerce
Directive 97/7/ECon
Distance Selling
draft Directiveon
Distance Selling Fin. Services
draft Directive on
E-Money
draft Regulation on
JurisdictionTelecom Review 99
TIE & E-Signature Directive Digital signature remains most important
example of an electronic signature
Under article 3.3 each member state must set up a supervision of CSPs
An accreditation scheme must be Objective, Transparent, Proportionate & Non-
discriminatory
TIE & E-Signature Directive (cnt’d)
CSP accreditation schemes – it is the expectation that their instruments of accreditation (IoA) will be issued as electronic documents signed by the accreditation scheme
Each IoA can be expected to contain CSP name but also its master service key – the publi key corresponding to the private key it uses for signing certificates
For global adoption it must be
Application Interoperable - Seamless
Simple, Speedy & Reliable
Accountable & Auditable
High Quality of Service 24x7
Value for Money, Affordable
Manageable, Trusted
The Commercial Challenge to PKI
PKI - Some Technical Issues
Interoperability is not easy Cryptographic Algorithms Security Protocols Certificate Path Processing
especially Policy Handling Certificate Chain Building Directories
Schema, Access Control, Protocol Profiles
TIE - Scope & Vision
TIE focuses on 2 main themes:
European Accreditation Services (AS) with Instruments of Accreditation (IoA)
Application Interoperability – secure messaging, web transactions, workflow - based on PKI – including time stamping, use of directories and/or attribute certificates to manage roles and authorisation
The TIE Project
The Players Some of the Objectives The Deliverables/Work Packages The Plan Work Packages - More Detail Current Status Meetings/Events Summary
The Players ICL - Project Management ICL – User, including Microsoft, Smart Cards GlobalSign - The Certification Authority Baltimore Technologies - CA/RA – WP6 ICRI (Leuven) - Legal Issues – WP4 Shell SI - The User & Reviewer UK PO - Reviewer IBM - Demonstrator, Trial and Pilot – WP5 The Open Group - Standardization, Awareness, Member
Participation – WP3 Utimaco - CA/RA Applications, Smart Cards ICX - Marketing, Awareness & Participation
TIE - Key Objectives
Business Service Infrastructure to support Electronic Commerce
with interoperable applications supported by CSPs that supply Digital Signatures, Time Stamping, Information Recovery,
within a Legal Framework. Technical
To stimulate the development of interoperable services and products that meet needs for assurance Authenticity, Integrity, Non-repudiation, Confidentiality
TIE – Objectives - 1
Specify and resolve operational issues of Trust Infrastructure Systems through the design, build and evaluation of a demonstrator, trial and pilot
a staged deployment showing selected applications detailed reports - practical, technical, operational business scenarios defined information recovery capability
TIE - Objectives - 2
To achieve interoperability and trust through the establishment of standards, architectures and codes of practice
a common architecture for a PKI suitable standards in a PKI enabled environment guiding principles for users
TIE - The Deliverables Architecture/Standards for PKI
D13 Core PKI Architecture Market Research Reports Business Planning Information Legal Reports
D17 Legal Issues Report produced PKI Demonstrator
D21 – Definition of the Demonstrator D45 – Systems Test & Design Plan
PKI Trial PKI Pilot CSP Guidelines Promotion & Exploitation of results of project
Work Packages
1 - Awareness & Website: www.tie.org.uk 2 - Market research 3 - Specifications, standards and conformance 4 - Legal 5 - Design interoperability scenarios 6 - Build:
demonstration system, pilot system, larger scale trials
7 – Promotion & Exploitation
Cost: 1.5Meuro, 18 months
TIE - The Plan
Stage 1 - Now Proof of concept demonstrator
2 X CA and 2 X RA Stage 2 – July 2000 – Jan 2001
Operational Trial 3 X CA and 7 X RA
Stage 3 – Feb 2001 – July 2001 Operational Pilot
4 X CA and 8 X RA, Smart cards,
TIE – Outreach program with mini-clusters
TIE partners and sub-contractor New recruits from outreach program:
Accreditation schemes CSPs End users
Other EU projects e.g. TEN-TELECOM, EMERITUS
EESSI initiative PKI Forum??!!
WP2 – Market Research Reports
Smart Card Related Developments M-Commerce, WAP & PKI Estimated Service Costs & Applicability Best Business Practice Technical Implications of EU Policy Value Added Services
WP3 - The Open Group & TIE
Guiding Principles of Operation and Codes of PracticeLiaison with ABA, NACHA, NIST, PKIX, PKI Forum and Members
D16 CSP Management & Accreditation Guide
Specifications supporting “plug and play” of competing vendor modules supporting the PKI services in D14
D15 PKI Plug and PlayStandards
Specifications of suitable supporting PKI services that facilitate portability and interoperability
D14 Definition of PKI Core Services
Specification of a common architecture for PKI
D13 PKI Architecture
WP4 : Legal studies
1. Legal aspects of electronic documents
2. The main legal problems of running a TTP service.Result: legal guidelines for project managers
Deliverables: D17 : Summary of legal issues D18: Legal aspects of electronic documents D19: Legal Aspects of CAs D20: Legal aspects of the Business Case
D17 Summary of the Legal Issues
Summary of the basic legal issues arising with information in IT systems
The legal issues related to evidence confidentiality the setting up and operation of a PKI
WP5 - Criteria
Credibility – take account of world changes Application Interoperability based on multiple components –
CAs, RAs, Directories Open and anonymous users Multiple clients – from multiple vendors Multiple roles – enabling ebusiness End-to end security – using e-mail, secure business-to-
business web transactions Various authentication mechanisms – use of smart cards Cross border (cultural, language) trade Redress – noting CRLs, OCSP and E-Signature Directive
WP5 – Elements of the Scenario Include:
An EU superscheme A set of non-superschemes A set of EU and non-EU ASs which cross-certify each other and which
accredit, using digitally signed electronic IoAs A set of CSPs offering services A set of government departments and businesses A set of employees, business partners certified by CSPs A set of citizens who are certified by CSPs
Missing – the notion of a global scheme
Preliminary Results to date
Indicates best chance of success comes when both CA and RA use PKIX standards – but even then there are issues of authentication to be resolved
Authentication between RA & CA not enough – the link requires property of non-repudiation – the CA business needs the ability to prove to a third party that the RA really did send the instruction
Meetings/Events
Project Started mid-May 99 Press Release/Launch/Trial - Washington DC Interoperability 2&3 – TOG/Reading ’99/’00 European Commission Review 5th July 2000 Next Workshops:
25th-26th July 2000 19th- 20th September 2000 21st-22nd November 2000 4th- 5th December 2000 16th-17th January 2001 3rd – 4th April 2001
Summary TIE, with its partners and associations, will address
the issues and deliver:
Trust service Infrastructure for Europe – Aligned with E-Signature Directive Interoperable Applications & CSPs Legal Framework for CSPs Interoperable Products Business Plans & Market Research Core PKI Architecture PKI Standards Test Profiles/Suites Policies & Procedures Guides and Codes of Practice
??Questions??
