the openevidence project n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The OpenEvidence Project PowerPoint Presentation
Download Presentation
The OpenEvidence Project

Loading in 2 Seconds...

play fullscreen
1 / 22

The OpenEvidence Project - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

The OpenEvidence Project. Peter Sylvester, EdelWeb IETF - N° 57, Wien 2003-07-17 PKIX working group. OpenEvidence project. EU IST 5th framework Accompanying measures special action open source duration april 2002 - Jan 2004 budget 0.9 M€. Domain and goals. Paperless organisations

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The OpenEvidence Project' - connor-merrill


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the openevidence project

The OpenEvidence Project

Peter Sylvester, EdelWeb

IETF - N° 57, Wien

2003-07-17

PKIX working group

openevidence project
OpenEvidence project
  • EU IST 5th framework
  • Accompanying measures
  • special action open source
  • duration april 2002 - Jan 2004
  • budget 0.9 M€
domain and goals
Domain and goals
  • Paperless organisations
    • Legal value of dematerialized documents
  • Provide effectively enabling required techno
    • In addition to electronic signatures and certificates
    • Pragmatic approach
    • Implementable models
  • Open Source Approach
slide4

OpenEvidence Context

  • Emerging legal environments for
    • Recognition of electronic signatures
    • Long-term validity of electronic documents
  • Model : Third parties services for evidence creation and validation
  • Techniques
    • Time stamping, notarization, archiving, signature validation, …
  • Problems
    • Proprietary solutions, competition, secret agendas, ..
    • Thus, slow standardization (many years)
    • Even: competing technologies
state of the art
State of the art
  • Much work in different areas
    • IETF, OASIS, ISO, ETSI, CEN, …
  • Vendors vs committees vs implementers
    • competition via technology differences
  • Need to distinguish facts from fiction
  • Language confusion
    • e.g. time stamping use cases
babylonian problems

Electronic signature

timesytamping

Babylonian Problems

EU Directive of Electronic Signatures

openevidence approach
OpenEvidence Approach
  • Combine existing prototype solutions into open source
      • Only chance to avoid (brain-damaged?) costly proprietary solutions
      • Only way to foster actual deployment of dematerailization
  • No technology wars
      • no. XML vs ASN1
      • No archiving vs time stamping
      • No signature vs hash linking
  • Use knowledge from real implementers
openevidence partners
OpenEvidence Partners
  • EdelWeb - Groupe ON-X - France
    • techno provider and coordination
  • Cybernetica - Estonia
    • techno provider
  • C & A - Italy
    • techno provider
  • EADS Telecom
    • user and testbed
deliverables
Deliverables
  • Actual Open Source
      • Client software
        • Access to servers, document handling
      • Server software
        • TSAs, DVCS, normalized journal formats
        • Creation and validation of evidences
      • Documentation
      • Open-Source Community Support
  • Experiments in test bed
      • Long term service,
      • User management
      • cessation of activity
materialised document world
Materialised document world
  • Users need to proove they possess a document at one particular time
  • Notary : confirm that at one time, two persons have agreed on the content of a document (witness)
  • At any time in the future, parties need to proove their agreement
  • Document content may be confidential
  • Document content can be controlled (by a governemental representative)
consequences for dematerialisation
Consequences for dematerialisation
  • A tamper resistant proof of possession must be delivered by a trusted third party,
  • Trusted time stamp associated to the document
  • Validation service required
  • Long term archiving of documents and proof
  • Content protection in archive
  • Access possible by a content auditor
technical deliverables
Technical deliverables
  • A reference implementation of Notarisation services(RFC 3029),
  • A minimal Notarisation client tool,
  • A enhanced GUI Notarisation client tool,
  • Test programs for all pieces of software,
  • Test bed application
complementary deliverables
Complementary deliverables
  • Trusted Time Stamping daemon (RFC 3161),
  • Hash Linking Time Stamping daemon,
  • journal and archiving of data modelled in XML.
out of scope services
Out of scope services
  • PKI and PMI,
  • Back end archival server with physical protection,
  • HTTP Front end,
  • Database Management System,
  • Redundant storage system,
openevidence summary
OpenEvidence Summary
  • Integration of technology for evidence creation and validation
    • Context : dematerialised documents
    • Long-term validity
  • Complementary technologies
    • RFC 3029, RFC 3161
    • Hash Linking Schemes for timestamping
  • Tests in application contexts
    • Demonstrator service, archive server
timestamping
Timestamping
  • Different application contexts
    • short term high volume data
      • stock exchange order synchronisation
    • long term stability od documents
  • Complementary techno
    • RFC 3161, RFC 3029, Hash linking
      • signatures short term authentication
      • hash linking, publishing, and phys. Protection for long term
long term protection
Long term protection
  • Digital signatures insufficient
    • Protect in space but not in time
  • Need redundant methods
    • like in real life
    • so far, only physical archiving
      • but: not enough experience
  • A attesttation from an archive =
    • electronic signature
openevidence security model

User

Control

Application

Context

Notarisation

Security

measures

Service

Service

Control

& Audit

OpenEvidence

OpenEvidence Security Model

Based on ISO 17799 or BS 7799

secure journal and archive
Secure journal and archive
  • Useful for common criteria
  • User hierarchies
  • Cessation of activity (partial and total)
  • Limited duration of storage (but not fixed)
  • certified transfer,archival with assertion
  • No deletion
  • Secure by hash linking and physical prot.
  • Auditable by random validation
example architecture dvcs

DataCerts

DataCerts

Example Architecture (DVCS)

Client A

Client B

Documents

&

DataCerts

Documents

&

DataCerts

Client A

Client B

DVCS interface

OpenEvidence

Broker

Internal TSA

Internal CA

External interfaces:, CRL, OCSP, TSP, archivage, …

AC externes

TSAs

Archiveur

TSAs

CAs

Archival

service

Other TTPs

wp6 pilot experimentation
WP6 – Pilot Experimentation

2 official test beds have been defined :

  • Certified Mail (EADS-T)
  • File seals (EdelWeb)
  • Together with C&A for 3161 time stamp.
openevidence and pkix
OpenEvidence and PKIX
  • Data Validation is on agenda
    • RFC 3161, RFC 3029
  • Need updates
    • ntegration of hash linking
    • profiling for data validation
  • Certification and signature validation
    • semantic validation