Sophia Antipolis, France Scope
While standards are well in place for signatures created locally by end-users, the market take-up of these solutions has been significantly low due to the unfriendly requirement for the end-user to have a physical device (e.g. dongle, smart card). The market has then been moving to signature creation services hosted in the cloud and managed by Trust Service Providers. These solutions imply moving the user private key from a user-owned device to the cloud and raise security challenges in order to ensure the security of the service. ETSI started to work on this topic in order to bring technical interoperability as well as a high level of assurance of the trust services building on the CEN standard for "server signing". The objective of the standards is to meet the aims of the eIDAS Regulation as well as to meet the general requirements of the European and international community.
The workshop discussed about standardization for remote signature creation services provided by Trust Service Providers, addressing business cases, audit requirements and protocols.
Objectives
1. Make users of the standards aware of:
- Scope of standards and general approach being taken
- Operation of Protocols
- Main "policy" requirements to be covered by audit
2. Get an idea of some example business use cases
3. Collect initial feedback on standards and public review process
Target audience
This event was of particular interest for:
- Remote signature creation service providers and manufacturers,
- Major users of signature creation services (e.g. Banks)
- Audit Bodies,
- Supervisory Bodies,
- Policy makers,
- Other eSignature/eSeal related trust providers.
| 08:30 | Check-in/Registration opens |
| 09:00 | Welcome Address & Opening Remarks Riccardo Genghini, eWitness and TC ESI chairman |
| 09:10 | SESSION 1: Setting the Scene Session Chair: Nick Pope, Thales and TC ESI vice-chairman |
| The aim of the session is to introduce the legal and technical landscapes surrounding remote signature creation. | |
| 09:10 | Where do we Stand on Standards for Remote Signature Creation? Nick Pope, Thales and TC ESI vice-chairman |
| 09:30 | Setting the European Scene for Remote Signatures Anders Gjoen, European Commission |
| 09:50 | SESSION 2 Protocols – Which Standards for Which Use? Session Chair: Andrea Röck, Universign and ETSI STF 539 Expert |
| 09:50 | A Standard for Protocols for Remote Digital Signature Creation ETSI STF 539 experts:
|
| 10:20 | Questions and Answers |
| 10:30 | Coffee and Networking Break - Poster Session Visit |
| 11:00 | SESSION 3: Feedback from the Field on Remote Signature Services Deployments Session Chair: Nick Pope, Thales and TC ESI vice-chairman |
| The session will gather input from trust service providers and manufacturers on their experience in deploying remote signature creation services. They will describe their perspective on remote signing, on deployed solutions, and their viewpoint on what should be included within standards. | |
| 11:00 | Demonstration of a Reference Implementation Anders Tornqvist, Comfact |
| 11:15 | DigitalSign Experiences in Becoming a Qualified TSP for Remote Signing |
| 11:30 | Cloud Signature Services with Dynamic Identity Verification, Andrea Valle, Adobe Systems, and Giuseppe Damiano, Intesi Group |
| 11:45 | Experience of Remote Signature Services in Spain During the Past Five Years, Raul Olivar, SIA |
| 12:00 | Building Remote Signature Services for a TSP Rafael Araque, Bit4id |
| 12:15 | VW Financial Services, a real-world Case Study for Remote Signing Using a Distributed Trust Architecture Nick Munro, BlueCube Security & Rod Crook, Ascertia |
| 12:30 | Lunch and Networking - Poster Session Visit |
| 14:00 | Panel on Standardization Requirements for Remote Signature Creation Protocols Moderator: Andrea Röck, Universign and ETSI STF 539 Expert |
| Through a guided discussion, the panel will discuss requirements in terms of standardization All speakers from sessions 2 and 3. | |
| 15:00 | Coffee and Networking Break - Poster Session Visit |
| 15:30 | SESSION 4: Auditing Schemes and Supervision Session chair: Nick Pope, Thales and TC ESI Vice-Chairman |
| The aim of the session is to present and discuss ETSI ongoing work on auditing schemes and to gather inputs from Conformity Assessment Bodies (CAB) and supervisory bodies (SB) on the standards necessary to perform their duties as defined in the eIDAS regulation. | |
| 15:30 | Audit Requirements for TSPs Operating a Remote QSCD / SCD Franck Leroy, Docapost and ETSI STF 539 expert |
| 15:50 | Audit Requirements for TSPs Supporting AdES Digital Signature Creation Andrea Röck, Universign and ETSI STF 539 expert |
| 16:10 | Panel Conformity Assessment Bodies (CABs)
Supervisory Bodies
ENISA : Evgenia Nikolouzou ETSI STF 539 Experts: Franck Leroy and Andrea Röck |
| 17:15 | Workshop Conclusions Nick Pope, Thales and TC ESI Vice Chairman |
| 17:30 | Networking Cocktail |
Click here to access the Remote Signature Creation Services Presentations.
Secure Multiparty Computation in Remote Signatures
Zsolt Rozsahegyi, i2p informatics Ltd
The Programme Committee is composed of the following members:
- Peter Lipp, Graz University of Technology & PC chairman
- Francesco Barcellini, Intesi Group
- Sonia Compans, ETSI
- Liaquat Khan, Ascertia
- Franck Leroy, Docapost
- Nick Pope, Thales
- Luigi Rizzo, InfoCert
- Andrea Röck, Cryptolog
- Anders Tornqvist, Comfact