Abstract
The PEPPOL (Pan-European Public Procurement On-Line) project is a large scale pilot under the CIP programme of the EU, exploring electronic public procurement in a unified European market. Interoperability of electronic signatures across borders is identified as a major obstacle to cross-border procurement. PEPPOL suggests specify-ing signature acceptance criteria in the form of signature policies that must be transparent and non-discriminatory. Validation solutions must then not only assess signature correctness but also signature policy adherence. This paper addresses perhaps the most important topic of a signature policy: Quality of eIDs and e-signatures. Discrete levels are suggested for: eID quality, assurance level for this quality, and for cryptographic quality of signatures.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
EU Commission: Action Plan for the Implementation of the Legal Framework for Electronic Public Procurement. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the European Committee of the Regions, 2004.
EU Commission: Requirements for Conducting Public Procurement Using Electronic Means under the New Public Procurement Directives 2004/18/EC and 2004/17/EC. Commission staff working document, 2005.
EU Commission: Action-Plan on e-Signatures and e-Identification to Facilitate the Provision of Cross-Border Public Services in the Single Market, Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, 2008.
Certipost: Certification Practice Statement, European ID ABC Bridge/Gateway CA for Public Adminis-trations v2.0. EBGCA-DEL-015, 2005.
ETSI: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Certification Au-thorities issuing Qualified Certificates. ETSI TS 101 456 vl.4.1, 2006.
ETSI: Electronic Signature and Infrastructure (ESI) – CMS Advanced Electronic Signature (CA-dES). ETSI TS 101 733 v1.7.4, 2008.
ETSI: XML Advanced Electronic Signatures (XAdES). ETSI TS 101 903 v1.3.2, 2006.
ETSI: Electronic Signature and Infrastructure (ESI) – XML Format for Signature Policies. ETSI TR 102 038 v1.1.1, 2002.
ETSI: Electronic Signatures and Infrastructures (ESI); Policy Requirements for Certification Au-thorities issuing Public Key Certificates. ETSI TS 102 042 vl.2.2, 2005.
ETSI: Electronic Signature and Infrastructure (ESI) – Signature Policy for Extended Business Model. ETSI TR 102 045 v1.1.1, 2003.
ETSI: Electronic Signatures and Infrastructures; Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash Functions and Asymmetric Algorithms. ETSI TS 102 176-1 v2.0.0, 2007.
ETSI: Electronic Signatures and Infrastructures; Provision of Harmonized Trust Service Provider Information. ETSI TS 102 231 v2.1.1, 2006.
EU: Community Framework for Electronic Signatures. Directive 1999/93/EC of the European Parliament and of the Council, 1999.
EU: Coordination of Procedures for the Award of Public Works Contracts, Public Supply Contracts and Public Service Contracts. Directive 2004/18/EC of the European Parliament and of the Council, 2004.
EU: Coordinating the Procurement Procedures of Entities Operating in the Water, Energy, Transport and Postal Services Sectors. Directive 2004/17/EC of the European Parliament and of the Council, 2004.
European Dynamics. Electronic Catalogues in Electronic Public Procurement. DG Internal Markets report, 2007.
Federal PKI Policy Authority: X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) Version 2.1. 2006.
ICT Policy Support Programme (PSP): Guidelines to Common Specifications for Cross-border Use of Public Procurement. ICT PSP Programme note, 2007.
Siemens, Time.lex: Preliminary Study on Mutual Recognition of eSignatures for eGovernment Applications (Final Study and 29 Country Profiles). ID ABC, 2007.
Lopez, J., Oppliger, R., Pernul, G.: Classifying Public Key Certificates. EuroPKI 2005 - 2nd European PKI Workshop, 2005.
OASIS: Digital Signature Service Core Protocols and Elements. 2007.
PEPPOL project: Requirements for Use of Signatures in Public Procurement Processes. http://www.peppol.eu, 2009.
PEPPOL project: Functional and Non-Functional Requirements Specification for the VCD, In-cluding Critical Synthesis, Comparison and Assessment of National vs. Pan-European Needs. http://www.peppol.eu, 2009.
Chokani, C, Ford, W., Sabett, R., Merrill, C, Wu, S.: Internet X.509 Public Key Infrastructure Certifi-cae Policy and Certification Practices Framework. RFC3647, 2003.
Siemens: Preliminary Study on the Electronic Provision of Certificates and Attestations Usually Re-quired in Public Procurement Procedures. DG Internal Market report, 2007.
W3C: XML Key Management Specification (XKMS 2.0). 2005.
Ølnes, J., Andresen, A., Buene, L., Cerrato, O., Grindheim, H.: Making Digital Signatures Work across National Borders. ISSE Conference, Warszawa, 2007.
Ølnes, J., Buene, L.: Use of a Validation Authority to Provide Risk Management for the PKI Relying Party. EuroPKI 2006 – 3rd European PKI Workshop, 2006.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2010 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
Ølnes, J., Buene, L., Andresen, A., Grindheim, H., Apitzsch, J., Rossi, A. (2010). A General Quality Classification System for eIDs and e-Signatures. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9363-5_7
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0958-2
Online ISBN: 978-3-8348-9363-5
eBook Packages: Computer ScienceComputer Science (R0)