1 / 11

Nacho Alamillo Assessment and Research Manager - CATCert EESSI SG and NIS SG member

e-Security in Europe: Today’s Status and the Next Steps The Secure Technologies Track Authentication and electronic signatures for e-government, the CATCert case. Nacho Alamillo Assessment and Research Manager - CATCert EESSI SG and NIS SG member. The technical issues

paniz
Download Presentation

Nacho Alamillo Assessment and Research Manager - CATCert EESSI SG and NIS SG member

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. e-Security in Europe: Today’s Status and the Next StepsThe Secure Technologies TrackAuthentication and electronic signatures for e-government, the CATCert case Nacho Alamillo Assessment and Research Manager - CATCert EESSI SG and NIS SG member

  2. The technical issues The CATCert holistic solution The certification service The classification service The semantic validation service Conclusions Contents e-Security Conference 2004

  3. Different X.509v3 certification services Private sector: VeriSign, GlobalSign, ChamberSign, Identrus, etc… Public sector: CATCert, different National ID cards (Spain, Italy, Belgium), Netherlands, Finland, etc… Different identification schemes, competing with PKIs User ID + password Score cards Dynamic tokens Delegated authentication models The technical issues - 1 e-Security Conference 2004

  4. Different e-signature structures and encodings PKCS#7 and IETF CMS, in ASN.1 DER encoded XMLDSig, base64 encoded ETSI Extensions – signature policies Different validation methods Data base (certificate repository) Certificate revocation list (CRL), including delta and indirect CRLs On line Certificate Status Protocol (OCSP) Simple Certificate Validation Protocol (SCVP) XML Key Management Scheme (XKMS) The technical issues - 2 e-Security Conference 2004

  5. Different attribute schemes Attributes inside PKI X.509v3 certificates PMI X.509v3 attribute certificates Attribute certification with proprietary XML schemes Webservice validation of claimed attributes Different e-signature management Treatment of time-stamping usage Undefined archiving rules, especially for long-term signature and documents Migration and emulation of e-documents Printing of e-signed documents The technical issues - 3 e-Security Conference 2004

  6. CATCert is the catalan identity, authentication and signature manager 1) We issue digital certificates and provide signature services, in free competition with private (and public) sector 2) We issue other credentials (user ID and password) for lower risk applications 3) We classify all authentication and signature mechanisms used by Catalan public authorities 4) We validate all credentials, signatures and certificates used by Catalan public authorities, by delegation 5) We intermediate in the usage of all other credentials, and provide delegated authentication and identity federation systems The CATCert holistic approach e-Security Conference 2004

  7. CATCert issue X.509v3 certificates to Public employees in Catalonia (government officials in all layers of public administration) – qualified certificates in secure signature creation device Citizens, competing with the private sector – software certificates We also certify website servers and technical components and applications, and issue code signing certificates Certification services e-Security Conference 2004

  8. Security levels definition To foster the usage by Catalan public authorities in their e-services of many evidential mechanisms 6 security levels: claimed identity, entity authentication, data origin authentication, authentic (original) e-document, signed e-document, complete evidence and long term evidence Public procedure to classify the evidential system Classification services e-Security Conference 2004

  9. Allows delegated validation of any kind of credential Technical highlights Unique XML interface, over HTTP o Webservice CMS signatures and W3C DigSig processing, including ETSI advanced e-sign qualifiers. SAML and Liberty token processing. CRL, OCSP and XKMS validation. Standard results report, with data extraction and semantic treatment of the evidence or credential. Includes time-stamp. Connection to secure archive services for long-term signatures protection. Validation services e-Security Conference 2004

  10. There are many technologies and business models around e-evidences Citizens, companies and governments will have different identification, authentication and signatures mechanisms, ans we’ll need to accept and use them all A holistic approach is the only way to success as an evidence manager Conclusions e-Security Conference 2004

  11. More information: Ignacio Alamillo E-mail: ialamillo@catcert.net CATCert: http://www.catcert.net Many thanks!!! e-Security Conference 2004

More Related