ETSI TR 119 000: “Rationalised Framework for Electronic Signature Standardisation”

Merece la pena echar un vistazo al informe técnico TR 119 000 porque describe la estructura completa del nuevo conjunto de estándares aplicables a la firma electrónica, a partir del esfuerzo de Mandato M460, desarrollado en paralelo con la gestión de aprobación del nuevo reglamento europeo de firma electrónica: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market

(se incluye un resumen amplio a continuación, con algunos fallos de formato que iré corrigiendo con el tiempo)

As a response to the adoption of Directive 1999/93/EC [i.1] on a Community framework for electronic signatures in 1999, and in order to facilitate the use and the interoperability of eSignature based solution, the European Electronic Signature Standardization Initiative (EESSI) was set up to coordinate the European standardization organisations CEN and ETSI in developing a number of standards for eSignature products.

Commission Decision 2003/511/EC [i.2], on generally recognised standards for electronic signature products, was adopted by the Commission following the results of the EESSI. This decision fostered the use of eSignature by publishing «generally recognised standards» for electronic signature products in compliance with article 3(5) of the Directive but has a limited impact on the mapping of the current state of the European standardisation on eSignatures, which also covers ancillary services to eSignature, and the legal provisions and requirements laid down in Directive 1999/93/EC [i.1].

Emerging cross-border use of eSignatures and the increasing use of several market instruments (e.g. Services Directive [i.3], Public Procurement [i.4] and [i.5], eInvoicing [i.6]) that rely in their functioning on eSignatures and the framework set by the Signature Directive emphasized problems with the mutual recognition and cross-border interoperability of eSignature.

Intending to address the legal, technical and standardisation related causes of these problems, the Commission launched a study on the standardisation aspects of eSignature [i.7] which concluded that the multiplicity of standardization deliverables together with the lack of usage guidelines, the difficulty of access and lack of business orientation is detrimental to the interoperability of eSignature, and formulated a number of recommendations to mitigate this. Also due to the fact that many of the documents have yet to be progressed to full European Norms (ENs), their status may be considered to be uncertain. The Commission also launched the CROBIES study [i.8] to investigate solutions addressing some specific issues regarding profiles of secure signature creation devices, supervision practices as well as common formats for trusted lists, qualified certificates and signatures.

In line with Standardisation Mandate 460 [i.9], consequently issued by the Commission to CEN, CENELEC and ETSI for updating the existing eSignature standardisation deliverables, CEN and ETSI have set up the eSignature Coordination Group in order to coordinate the activities achieved for Mandate 460. One of the first tasks in the current document establishes a rationalised framework to overcome these issues within the context of the Signature Directive, taking into account possible revisions to this Directive, and proposes a future work programme to address any elements identified as missing in this rationalise framework. The following web site was set up in the framework in Mandate 460: http://www.e-signatures-standards.eu/.

In June 2012, the European Commission has issued a proposal for a regulation on electronic identification and trust services for electronic transactions in the internal market [i.22] which is aimed to supersede the Directive 1999/93/EC [i.1]. This brings within the scope of regulation additional services for identification and as authentication alongside electronic signatures and defines additional forms of qualified certificates.

The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area.
[i.1]  Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
[i.2]  Commission Decision 2003/511/EC of 14.7.2003 on the publication of reference numbers of generally recognised standards for electronic signature products in accordance with Directive 1999/93/EC of the European Parliament and of the Council.
[i.3]  Directive 1998/34/EC of the European Parliament and the Council of 22.6.1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society services.
[i.4]  Directive 2004/18/EC of the European Parliament and Council of 31.3.04 on the coordination of procedures for the award of public works contracts, public supply contracts and public service contracts.
[i.5]  Directive 2004/17/EC of the European Parliament and Council of 31.3.04 coordinating the procurement procedures of entities operating in the water, energy, transport and postal services sectors.
[i.6]  Council Directive 2006/112/EC of 28.11.06 on the common system of value added tax.
[i.7]  «Study on the standardisation aspects of e-signatures», SEALED, DLA Piper et al, 2007. NOTE: Available at:

Haz clic para acceder a report_esign_standard.pdf

[i.8]  «CROBIES: Study onCross-Border Interoperability of eSignatures», Siemens, SEALED and TimeLex, 2010. NOTE: Available at: http://ec.europa.eu/information_society/policy/esignature/crobies_study/index_en.htm

[i.9]  Mandate M460: «Standardisation Mandate to the European Standardisation Organisations CEN, CENELEC and ETSI in the Field of Information and Communication Technologies Applied to Electronic Signatures».
[i.10]  ISO/IEC 27000: «Information technology — Security techniques — Information security management systems — Overview and vocabulary».
[i.11]  IETF RFC 3647: «Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework».
[i.12]  W3C Recommendation: «XML Signature Syntax and Processing (Second Edition)», 10 June 2008.
[i.13]  ISO 32000-1: «Document management — Portable document format — Part 1: PDF 1.7».
[i.14]  Commission Decision 2011/130/EU of 25 February 2011 establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market.
[i.15]  Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market.
[i.16]  IETF RFC 3161 (August 2001): «Internet X.509 Public Key Infrastructure Time-Stamp Protocol».
[i.17]  CCMB-2006-09-001: «Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model; Version 3.1, Revision 3», July 2009.
[i.18]  ITU-T Recommendation X.509/ISO/IEC 9594-8: «Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks».
[i.19]  Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market.
[i.20]  Commission Decision 2010/425/EU of 28 July 2010 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States.
[i.21]  ITU-T Recommendation X.1254/ISO/IEC DIS 29115: «Information technology – Security techniques – Entity authentication assurance framework».
[i.22]  Brussels, 4.6.2012 COM(2012) 238 final, Proposal for a regulation of the european parliament and of the council on electronic identification and trust services for electronic transactions in the internal market.
[i.23]  ETSI TR 119 001:» Rationalised Framework for Electronic Signature Standardisation: Definitions and abbreviations.»

Definitions

• advanced electronic signature: electronic signature which meets the following requirements:

a)  it is uniquely linked to the signatory;
b)  it is capable of identifying the signatory;
c)  it is created using means that the signatory can maintain under his sole control; and
d)  it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

• certificate: electronic attestation which links signature verification data to an entity or a legal or natural person and confirms the identity of that entity or legal or natural person

• certification service provider: entity or legal or natural person who issues certificates or provides other servicesrelated to electronic signatures

• certificate validation:process of checking that a certificate or certificate path is validelectronic signature (eSignature): data in electronic form which are attachedto or logically associated with other electronic data and which serve as a method of authentication

• qualified certificate: certificate which meets the requirements laid down in Annex I of Directive 1999/93/EC [i.1] andis provided by a certification service provider who fulfils the requirements laid down in Annex II of Directive1999/93/EC [i.1]

• qualified electronic signature:advanced electronic signature which is based on a qualified certificate and which is created by a secure signature creation device

• secure signature creation device:signature creation device which meets the requirements laid down in Annex III of Directive 1999/93/EC [i.1]

• signatory:person who holds a signature creation device and acts either on his own behalf or on behalf of the natural orlegal person or entity he represents

• signature creation data:unique data, such as codes or private cryptographic keys, which are used by the signatory tocreate an electronic signature

• signature creation device:configured software or hardware used to implement the signature-creation data signature validation:process of checking that a signature is valid including overall checks of the signature againstlocal or shared signature policy requirements as well as certificate validation and signature (cryptographic) verification

• signature verification:process of checking the cryptographic value of a signature using signature verification data signature verification data:data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature

• signature verification device:configured software or hardware used toimplement the signature-verification data

• Data Preservation Service Provider (DPSP):Trust Application Service Provider which provides Trust Services towhich data, among which documents, is entrusted in an agreed form (digital or analogue) for being securely kept indigital form for a period of time specified in the applicable agreement .NOTE:  This service is expected to be able to exhibit all preserved data at any moment during, or at the end of, thepreservation period.

• registered e-mail:enhanced form of mail transmitted by electronic means (e-mail) which provides evidence relating to the handling of an e-mail including proof of submission and delivery

• registered electronic delivery: enhanced form of electronic delivery which provides evidence of relating to the handling of electronic messages including proof of submission and delivery

• registered electronic delivery service provider:trust application service provider which provides registered electronicdelivery trust services

• registered e-mail service provider:trust application service provider which provides registered e-mail trust services signature generationservice provider:trust service provider which provides trust services that allow secure remotemanagement of signatory’s signature creation device and generation of electronic signatures by means of such a remotely managed device

• signature policy: set of rules for the creation and validation of one (or more interrelated) electronic signature(s) that defines the technical and procedural requirements for creation, validation and (long term) management of this (those) electronic signature(s), in order to meet a particular business need, and under which the signature(s) can be determined to be valid.

NOTE 1: When validated against a signature policy X, the validity of an electronic signature is a relative concept and will be determined against the rules defined by such a policy. The same signature can be determined as valid against signature policy X while being invalid against signature policy Y. The notion of Signature Policy here should be clearly dissociated from a legal purpose document. While the Signature Policy is expected to further precise the context in which the underlying signatures are to be considered as valid in a specific context (e.g. business process, a specific application), their potential legal effect and value will be driven by the applicable laws and/or contractual relationships between the parties involved and concerned by the signatures. Closed user group domains of application should be clearly distinguished from a purely open context to which generally applicable laws may address.

NOTE 2:  A Signature Policy covers the three following aspects related to the management of each of the considered electronic signature(s):

1.  a Signature Creation Policy: part of the Signature Policy, which specifies the technical and procedural requirements onthe signer in creating a signature;
2.  a Signature Validation Policy: part of the Signature Policy, which specifies the technical and procedural requirements on the verifier when validating a signature; and
3.  a Signature (LTV) Management Policy: part of the Signature Policy, which specifies the technical and procedural requirements on the long term management and preservation of a signature.

• signature validation service provider: trust service provider offering services in relation to validation of Electronic Signatures

• time-stamping service provider: trust service provider which issues time-stamp tokens. NOTE:  This entity may also be referred to as a Time-Stamping Authority.

• time-stamp token:data object that binds a representation of a datum to a particular time, thus establishing evidence that the datum existed before that time
• trust application service provider: trust service provider operating a value added Trust Service based on Electronic Signatures that satisfies a business requirement that relies on the generation/verification of Electronic Signatures in its daily routine. NOTE:  This covers namely services like registered electronic mail and other type of e-delivery services, as well as long term storage services related to signed data and Electronic Signatures.

• trust service:electronic service which enhances trust and confidence in electronic transaction. NOTE:  Such Trust Services are typically but not necessarily using cryptographic techniques or involving confidential material.

• trust service provider:entity which provides one or more electronic Trust Service. NOTE:  See annex A for discussion on certification service provider and Trust Service Provider.

• trust service status list:list of the trust service status information, protected to assure its authenticity and integrity, from which interested parties may determine whether a trust service has been assessed as operating in conformity with recognised criteria for a given class of trust service

• trust service status list provider:trust service provider issuing a Trust Service Status List

• trust service token:physical or binary (logical) object generated or issued as a result of the use of a Trust Servic. NOTE:  Examples of binary Trust Service Tokens are certificates, CRLs, Time-Stamp Tokens, OCSP responses, evidence of delivery issued by a REM Service Provider.

• trusted list:profile of the trust service status list that is the national supervision/accreditation status list of certification services from Certification Service Providers, which are supervised/accredited by the referenced Member State for compliance with the relevant provisions laid down in Directive 1999/93/EC [i.1]

Abbreviations

• AdES  Advanced Electronic Signature
• AdESQC
  Advanced Electronic Signature supported by a Qualified Certificate  ANSSI  (French) Agence national de la Sécurité de Systèmes d’Information
• API  Application Program Interface
• ASiC  Associated Signature Containers
• BES  Basic Electronic Signature (used with CAdES/XAdES and PAdES)
• BSI  Bundesamt für Sichereit (German Federal Office for Information Security)
• CA Certification Authority
• CAB Forum  CA Browser Forum
• CAdES  CMS Advanced Electronic Signature
• CD  [European] Commission Decision
• CEN  Comité Européen de Normalisation
• CMS  Cryptographic Message Syntax
• CRL Certificate Revocation List
• CSP  Certification Service Provider
• CWA CEN Workshop Agreement
• DIS Draft International Standard
• DPS  Data Preservation System
• DPSP  Data Preservation Service Provider
• DSS  Digital Signature Standard (as published by OASIS)
• E-CODEX  e-Justice Communication via Online Data Exchange
• EESSI  European Electronic Signature Standardization Initiative
• EN European Norm
• EPES  Explicit Policy Electronic Signature (used with CAdES / XAdES and PAdES)
• ETSI  European Telecommunications Standards Institute
• HSM  Hardware Security Module
• HTTP  Hypertext Transfer Protocol
• IAS  Identification, Authentication and Digital Signature
• IDPF  International Digital Publishing Forum
• ISO  International Organization for Standardization
• LoA  Level of Assurance
• LTV  Long term Validation (used with PAdES)
• MTM Mobile Trusted Module
• NFC  Near Field Communication
• OCSP  Online Certificate Status Protocol
• OASIS  Organization for the Advancement of Structured Information Standards
• OEBPS  Open E-Book Publishing Structure
• PAdES  PDF Advanced Electronic Signature
• PKC  Public Key Certificate
• PEPPOL  Pan-European Public eProcurement On-Line
• PP Protection Profile
• QC Qualified Certificate
• QES  Qualified Electronic Signature
• RED  Registered Electronic Delivery
• REM  Registered Electronic Mail
• REM-MD  Registered Electronic Mail – Management Domain
• SCA Signature Creation Application
• SGSP  Signature Generation Service Provider
• SOGIS  Senior Officials Group – Information Systems Security
• SP Signature Policy
• SR Special Report
• SCD  Signature Creation Device
• SSCD  Secure Signature Creation Device
• SMIME  Secure Multi-Purpose Internet Mail Extensions
• SMTP  Simple Mail Transfer Protocol
• SOAP  Simple Object Access Protocol
• SPOCS  Simple Procedures Online for Cross-border Services
• STORK  Secure identity across borders linked) being the most relevant
• SSL Secure Socket Layer
• SVA Signature Validation Application
• SVSP  Signature Validation Service Provider
• TASP  Trust Application Service Provider
• TC Technical Committee
• TOE  Target of Evaluation
• TEE  Trusted Execution Environment
• TL Trusted List
• TR Technical Report
• TS Technical Specification
• TSL  Trust Service Status List
• TSP  Trust Service Provider
• TSPPKC  Trust Service Provider issuing Public Key Certificates
• TSPQC  Trust Service Provider issuing Qualified Certificates
• TSSLP  Trust Service Status List Provider
• TSSP  Time-Stamping Service Provider
• UPU  Universal Postal Union
• USB  Universal Serial Bus
• WI Work Item
• XAdES  XML Advanced Electronic Signature
• XSL eXtensible Stylesheet Language
• XML eXtensible Markup Language
• XMLDSig  XML Digital Signature

Document Types

The documents required for standardisation of each of the different electronic signature functional areas have been  organised around the following five types of documents:

1. Guidance:This type of documents does not include any normative requirements but provides business driven guidance on addressing the eSignature (functional) area, on the selection of applicable standards and their options for a particular business implementation context and associated business requirements, on the implementation of a standard (or a series of standards), on the assessment of a business implementation against  a standard (or a series of standards), etc.
2. Policy & Security Requirements:This type of document specifies policy and security requirements for  services and systems, including protection profiles. This brings together use of other technical standards and  the security, physical, procedural and personnel requirements for systems implementing those technical  standards.
3. Technical Specifications:This type of document specifies technical requirements on systems. This includes  but is not restricted to technical architectures (describing standardised elements for a system and their  interrelationships), formats, protocols, algorithms, APIs, profiles of specific standards, etc.
4. Conformity Assessment:This type of document addresses requirements for assessing the conformity of a  system claiming conformity to a specific set of technical specifications, policy or security requirements  (including protection profiles when applicable). This primarily includes conformity assessment rules (e.g.  common criteria evaluation of products or assessment of systems and services).
5. Testing Compliance & Interoperability:This type of document addresses requirements and specifications  for setting-up interoperability tests or testing systems or for setting-up tests or testing systems that will provide  automated checks of compliance of products, services or systems with specific set(s) of technical specifications.

Numbering Scheme

A consistent numbering for such documentation was searched with the aim to identify a single and consistent series of  eSignature standards and with the aim to enable each document to keep the same number whatever maturity level it  reaches through its lifetime. The numbering scheme being used is defined as follows:

• DD L19 xxx-z

Where:

• DD  indicates the deliverable type in the standardisation process (SR, TS, TR and EN)
• L
  when set to 4: identifies a CEN deliverable,
  when set to 0, 1, 2, or 3: identifies an ETSI deliverable and the type of deliverable in the  standardisation process

019 for ETSI published Special Reports (SR)
119 for ETSI published Technical Specification (TS) and Technical Report (TR)
219 for ETSI published Standard (ES) and ETSI Guide (EG)
319 for ETSI published European Norm (EN)
419 for CEN published Technical Specification (TS) or European Norm (EN)

• 19  indicates the series of standardisation documents related to eSignatures
  ETSI/CEN may further extend this numbering system in line with their own practices.

• xxx  indicates the serial number (000 to 999):

where Xxx identifies the area:

0-generic to a number of areas;
1-Signature Creation and Validation;
2-Signature Creation Devices;
3-cryptographic suites;
4-Trust Service Providers  supporting eSignatures;
5-Trust Application Service Providers;
6-Trust Service Status Lists Providers);

where xXx identifies a sub-area within the identified area, or 0 for documents generic to a given area;
where xxX identifies the type of document:

0-Guidance;
1-Policy and Security Requirements;
2-Technical Specifications;
3-Conformity Assessment;
4- Testing Compliance and Interoperability.

• -z  identifies multi-parts as some documents may be multi-part documents.

Additional numbering for identifying parts and versions will be in line with ETSI or CEN conventions depending on which organisation publishes the document.

Defined documents: Generic

Guidance

TR 119 000  Rationalised structure for Electronic Signature Standardisation
This document provides the framework for the x19 000 series of documents on Electronic Signature standardisation. It  specifies the schema for electronic signature standardisation. It also provides the basis for the provision of business guidance provided in the other areas and reference the business guidance for signature creation and validation (TR 119  100) as the recommended starting point for the analysis of requirements in particular for those target audiences being  stakeholders wishing to introduce and implement eSignatures in a business electronic process. It includes a basic  classification on assurance levels to be used across all the areas. In addition, it establishes definitions of commonly  applicable terms.
TR 419 010  Extended Rationalised structure including IAS
This document proposes an extension for the Rationalised structure for Electronic Signature Standardisation to cover  Electronic Identification, Authentication and Signatures.
SR 019 020  Rationalised Framework of Standards for AdES in Mobile environments
This document will provide details on the framework of standards (including potential architectures and relevant  scenarios) required for the creation and validation of advanced electronic signatures in the mobile environment  (Advanced Electronic Signatures in Mobile Environments).

Policies

TR 119 001  Rationalised Framework for Electronic Signature Standardisation: Definitions and  abbreviations
This document will list all definitions & abbreviations used in documents of the rationalised framework and serve as  reference. Documents from the rationalised framework will either include definitions / abbreviations by reference to TR  119 001 and/or by copying definitions from TR 119 001.

Defined documents: Signature generation and validation

Guidance

EN 319 142  PDF Advanced Electronic Signatures (PAdES)

This multipart document contains all the specifications related to Advanced Electronic Signatures embedded within PDF documents. It includes the base specification and associated profiles, and in particular.

• PAdES Overview – a framework document for PAdES:This document provides a framework for the set of profiles for PAdES. It provides a general description of support for signatures in PDF documents including use of XML signatures to protect XML data in PDF documents; it also lists the features of the different profiles specified in other parts of the document; finally it describes how the profiles may be used in combination.
• PAdES Basic – Profile based on ISO 32000-1: This document profiles the use of PDF signatures, based on CMS, as described in ISO 32000-1, for its use in any application areas where PDF is the
  appropriate technology for exchangeof digital documents including interactive forms.
• PAdES Enhanced – PAdES-BES and PAdES-EPES Profiles:This document profiles the use of PDF Signatures specified in ISO 32000-1 with an alternative signature encoding to support signature formats equivalentto the signature forms CAdES-BES, CAdES-EPES and CAdES-T as specified in EN 319 122.
• PAdES Long Term – PAdES-LTV Profile:This document profiles the electronic signature formats found in ISO 32000-1 to support Long Term Validation (LTV) of PDF signatures. It specifies a profile to support the equivalent functionality to the signature forms CAdES-X Long and CAdES-A as specified in EN 319 122 in a single profile PAdES-LTV, by incorporation ofnewly specified PDF objects conveying the required validation material.
  PAdES for XML Content – Profiles for XAdES signatures:This document defines profiles for the usage of XAdES signatures, as defined in EN 319 132, for signing XML content within the PDF containers, including the following situations:
  • One XML document (compliant with an arbitrary XML language, like Universal Business Language for e-Invoicing) that is completely or partially signed with at least one enveloped XAdES signature and that is incorporated within a PDF container.
  • Signed (with XML Sig or XAdES signature) dynamic XML Forms Architecture forms.
• Visual Representations ofElectronic Signatures:This document specifies requirements and recommendations for the visual representations of Advanced Electronic Signatures (AdES) in PDFs. This covers:
  • Signature appearance: The visual representation of the human act of signing placed within a PDF document at signing time and linked to an Advanced Electronic Signature.
  • Signature validation representation: The visual representation of the validation of an Advanced Electronic Signature.
• PAdES Baseline Profile:This document specifies a profile identifying a common set of options that are appropriate for maximizing interoperability between PAdES signatures.

NOTE 1:  The baseline profile defines a baseline profile for PAdES that provides the basic features necessary for a wide range of business and governmental use cases for electronic procedures and communications to be applicable to a wide range of communities when there is a clear need for interoperability of AdES signatures to be interchanged across borders. In particular it takes into account needs for interoperability of AdES signatures used in electronic documents issued by competent authorities to be interchanged across borders in the context of the EU Services Directive.
NOTE 2: When no specific use case would have requirements not satisfied by the baseline profile, no other specific profile will be added. Should it be otherwise, new profiles would be build on the baseline profile, unless the actual requirements would avoid it.
TS 119 152  Architecture for Advanced Electronic Signatures in Mobile Environments
This document will identifies the architectural components, protocol requirements and sequence of interactions required for scenarios based on those in SR 019 020
EN 319 162  Associated Signature Containers (ASiC)

This multipart document contains all the specifications related to the so-called Associated Signature Container. That is containers that bind together a number of signed data objects with Advanced Electronic Signatures applied to them or time-stamp tokens computed on them. This document includes the base specification and associated profiles, and in particular:

• an Overview of ASiCand its profiles, and the relationship between them.
• Associated Signature Containers (ASiC) – Core specifications:This document specifies the format for a single container binding together a number of signed objects (e.g. documents, XML structured data, spreadsheet, multimedia content) with either AdvancedElectronic Signatures or time-stamps. This uses package formats based on ZIP and supports the following signature and time-stamp token formats: CAdES signature(s) as specified in EN 319 122, XAdES detached signature(s) as specified in EN 319 132; and RFC 3161 [i.16] time-stamp tokens.
• ASiC Baseline Profile:This document specifies a profile identifying a common set of options that are appropriate for maximizing interoperability between ASiC containers.

NOTE 1:  The baseline profile defines a baseline profile for ASiC that provides the basic features necessary for a wide range of business and governmental use cases for electronic procedures and communications to be applicable to a wide range of communities when there is a clear need for interoperability of AdES signatures, on which ASiC is based, to be interchanged across borders. In particular it takes into account needs for interoperability of AdES signatures used in electronic documents issued by competent authorities to be interchanged across borders in the context of the European Services Directive.
NOTE 2: When no specific use case would have requirements not satisfied by the baseline profile, no other specific profile will be added. Should it be otherwise, new profiles would be build on the baseline profile, unless the actual requirements would avoid it..
EN 319 172  Signature Policies
This document addresses signature policies to be used in the management of electronic signatures within extended business models. This is a multi-part document whose internal structure is shown below:

• Part 1 – Signature Policies:This document elaborates the concept of signature policy documents, addresses relevant aspects of their usage, and specifies the constituent parts of a signature policy and their semantics.
  This provides a standardised table of content for human readable. It also includes a common EU signature policy which may be used for qualified electronic signatures and advanced electronic signatures supported by qualified certificates in Europe.
• Part 2 – XML format for Signature Policies:This document specifies a XML format for those parts of the Signature Policy that may be structured and are worth to be automatically processed by both signing and verifying applications. This document also specifies the processes to be performed by the aforementioned applications while using this format during the generation or the validation of electronic signatures.
• Part 3 – ASN.1 format for Signature Policies:This document specifies an ASN.1 format for those parts of the Signature Policy that may be structured and are worth to be automatically processed by both signing and verifying applications. This document also specifies the processes to be performed by the aforementioned applications while using this format during the generation or the validation of electronic signatures.

Conformity Assessment

EN 319 103  Conformity Assessment for Signature Creation and Validation Applications (& Procedures)
This document introduces the three aspects of assessment detailed in separate specifications:

a)  Assessment of user environment against policy requirements: the conformity rules for assessing conformity of SCA or SVA against Policy Requirements. This will show the complete process for performing complete assessment and make some reference to other conformity assessment guidance (including technical specifications, protection profiles, signature policies.
b)  Assessment of products and applications for electronic signature creation and validation against protection profiles.
c)  Assessment of conformity to Advanced Electronic Signature formats and protocols.
d)  Assessment of conformity of a specific machine processable signature policy to the business process policy requirements.
NOTE:  Assessment may require use of testing compliance or interoperability.

Testing Conformance & Interoperability

TS 119 104  General requirements on Testing Conformance & Interoperability of Signature Creation and Validation
This set of documents specifies general requirements for testing conformance and interoperability of signature creation and validation applications.
As a general principle, TS 119×04 documents are meant to group common requirements to all potential sub-parts with regards to testing conformance & interoperability. It could also be used as an introductory document to how testing conformance & integrity is dealt with in the sub-areas (e.g. general principles and requirements for PlugTests).
TS 119 124  CAdES Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of CAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 319 103) with policies requiring conformity to CAdES formats and procedures. First, it will define test suites as completelyas possible for supporting the organization of interoperability testing events where different CAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical conformance of CAdES signatures against the relevant CAdES related technical specifications.
This is a multi-part document covering the following topics:

• Test suites for testing interoperability of CAdES signatures:This document would be used by those entities interested in testing the interoperability of tools that generate and verify CAdES signatures not adhering to any specific profile, but compliant with the mother CAdES specification as defined in EN 319 122.
• Test suites for testing interoperability of Baseline CAdES signatures:This document would be used by those entities interested in testing the interoperability of tools that generate and verify CAdES signatures that claim to be compliant with the CAdES Baseline Profile as specified in EN 319 122.
• Specifications for testing conformance of CAdES Signatures:This document will specify, among other things, rules for testing conformance of signatures against the CAdES specification. It will allow developing a tool that can automatically check that a CAdES signature is fully conformant with the relevant aforementioned specifications, without claiming any statement on its validity.
• Specifications for testing conformance of Baseline CAdES Signatures:This document will specify, among other things, rules for testing conformance of signatures against the CAdES Baseline Profile specification. It will allow developing a tool that canautomatically check that a CAdES Baseline signature is fully conformant with the relevant aforementioned specifications, without any statement on its validity.
• Specifications for testing conformance of CAdES Signatures validation:This will allow developing a tool that can automatically check that a generated CAdES signature is fully conformant with the relevant aforementioned specifications and validate the signature according to EN 319 102.

NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential development and/or maintenance of a reference implementation.
TS 119 134  XAdES Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of XAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 119 103) with policies requiring conformity to XAdES formats and procedures. First, it will define test suites as completelyas possible for supporting the organization of interoperability testing events where different XAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical conformance of XAdES signatures against the relevant XAdES related technical specifications.
This is a multi-part document structured as follows:

• Test suites for testing interoperability of XAdES signatures:This document will be used by entities interested in testing tools that generate and verify XAdES signatures not adhered to any specific profile, but compliant with the mother XAdES specification as defined in EN 319 132.
• Test suites for testing interoperability of Baseline XAdES signatures:This document will be used by entities interested in testing tools that generate and verify XAdES signatures that claim to be compliant with the XAdES Baseline Profile as specified in EN 319 132.
• Specifications for testing conformance of XAdES Signatures:This document will specify, among other things, rules for testing conformance of signatures against the XAdES specification. It will allow developing a tool that can automatically check that generated XAdES signatures are fully conformant with the relevant aforementioned specifications, without any statement on their validity.
• Specifications for testing compconformance liance of Baseline XAdES Signatures:This document will specify, among other things, rules for testing conformance of signatures against the XAdES specification. It will allow developing a tool that canautomatically check that a XAdES Baseline signature is fully conformant with the relevant aforementioned specifications, without claiming any statement on its validity.
• Specifications for testing conformance of XAdES Signatures validation:This should allow developing a tool that could automatically check that the XAdES signatures generated by a certain tool are fully conformant with the relevant aforementioned specifications and validate the signature according to EN 319 102.

NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential development and/or maintenance of a reference implementation.
TS 119 144  PAdES Testing Conformance & Interoperability

This document provides technical specifications for helping implementers and accelerating the development of PAdES signature creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 319 103) with policies requiring conformity to PAdES formats and procedures.
First, it will define test suites as completely as possible for supporting the organization of interoperability testing events where different PAdES related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical conformance of PAdES signatures against the relevant PAdES related technical specifications.
This is a multi-part document structured as follows:

• Overview.
• Test suites for testing interoperability of PAdES signatures:This document will be used by entities interested in testing tools that generate and verify PAdES signatures not adhered to any specific profile, but compliant with the mother PAdES specification as defined in EN 319 142.
• Test suites for testing interoperability of Baseline PAdES signatures:This document will be used by entities interested in testing tools that generate and verify PAdES signatures that claim to be compliant with the PAdES Baseline Profile as specified in EN 319 142.
• Specifications for testing compconformance liance of PAdES Signatures:This document will specify, among other things, rules for testing conformance of signatures against the PAdES specification. It will allow developing a tool that can automatically check that generated PAdES signatures are fully onformant with the relevant aforementioned specifications, without any statement on their validity.
• Specifications for testing conformance of Baseline PAdES Signatures:This document will specify, among other things, rules for testing conformance of signatures against the PAdES Baseline Profile specification. It will allow developing a tool that could automatically check that a PAdES Baseline signature is fully conformant with the relevant aforementioned specifications, without claiming any statement on their validity or not.
• Specifications for testing conformance of PAdES Signatures validation:This will allow developing a tool that can automatically check that a PAdES signature is fully conformant with the relevant aforementioned specifications and validates the signature according to EN 319 102.

NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential development and/or maintenance of a reference implementation.
TS 119 154   Testing Conformance & Interoperability of AdES in Mobile environments
This document will provide technical specifications for helping implementers and accelerating the development of creation and validation applicationsfor advanced electronic signatures in mobile environments.
TS 119 164  ASiC Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of ASiC containers creation and validation applications. The test results may also be used in conformity assessment for signature creation and validation applications (EN 319 103) with policies requiring conformity to ASiC formats and procedures.
First, it will define test suites as complete as possible for supporting the organization of interoperability testing events where different ASiC related applications may check their actual interoperability. Additionally, it will include the specifications required for building software tools for actually testing technical conformance of ASiC against the relevant ASiC related technical specifications.
This is a multi-part document covering the following topics:

• Overview.
• Test suites for testing interoperability of ASiC:This document will be used by entities interested in testing tools that generate and verify ASiC not adhered to any specific profile, but compliant with the mother ASiC specification as defined in EN 319 162.
• Test suites for testing interoperability of Baseline ASiC:This document will be used by entities interested in testing tools that generate and verify ASiC that claim to be compliant with the ASiC Baseline Profile as specified in EN 319 162.
• Specifications for testing conformance of ASiC:This document will specify, among other things, rules for testing conformance of signatures against the ASiC specification. It will allow developing a tool that can automatically check that generated ASiC are fully conformant with the relevant aforementioned specifications, without any statement on their validity.
• Specifications for testing conformance of Baseline ASiC:This document will specify, among other things, rules for testing conformance of signatures against the ASiC specification. It will allow developing a tool that can automatically check that Baseline ASiC are fully conformant with the relevant aforementioned specifications, without claiming any statement on their validity.
• Specifications for testing conformance of ASiC validation:This will allow developing a tool that can automatically check that ASiC are fully conformant with the relevant aforementioned specifications and that validates the signature according to EN 319 102.

NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential development and/or maintenance of a reference implementation.
TS 119 174   Testing Conformance & Interoperability of Signature Policies
This document provides technical specifications for helping implementers and accelerating the development of Signature Policies. The test results may also be used inconformity assessment for signature creation and validation applications (EN 319 103) with policies requiring conformity to machine processable Signature Polices format specifications.
First, it will define test suites as complete as possible for supporting the organization of interoperability testing facilities where different Signature Policy based applications may check their actual interoperability.
Additionally, it will include the specifications required for building software tools for actually testing technical conformance of machine processable Signature Policies against the relevant technical specifications.

Defined documents: Signature related devices

Guidance

TR 419 200  Business Driven Guidance for Signature Creation and Other Related Devices
This document provides guidance for the selection of standards for electronic signature devices for given business requirements.

Policy & Security Requirements

Policy and Security Requirements for Signature Creation Devices

No requirement has been identified for this type of document as requirements for the use of signature creation devices is addressed as part of the policy requirements of the signing environment in EN 319 101.

EN 419 211  Protection Profiles for Secure Signature Creation Devices
This document specifies the security requirements for a SSCD which is the target of evaluation. It follows the rules and formats of the Common Criteria v3.
This is a multi-part document covering the following topics:

• Part 1- Overview: An introduction to the SSCD protection profiles.
• Part 2 – Device with key generation:This document specifies a protection profile for an SSCD that performs its core operations including the generation of signature keys in the device. This profile may be extended through extensions specified in other parts.
• Part 3 – Device with key import: This document specifies a protection profile for an SSCD that performs its core operations including import of the signature key generated in a trusted manner outside the device.
• Part 4 – Extension for device with key generation and trusted communication with certificate generation application: This document specifies an extension protection profile for an SSCD with key generation that support establishing a trusted channel with a certificate-generating application. This profile may be extended through extensions specified in other parts.
• Part 5 – Extension for device withkey generation and trusted communication with signature creation application: This document specifies an extension protection profile for an SSCD with key generation that additionally supports establishing a trusted channel with a signature-creation application.
• Part 6 – Extension for device with key import and trusted communication with signature creation application:This document specifies an extension protection profile for an SSCD with key import that additionally supports establishing a trusted channel with a signature-creation application.Additional protection profiles or other form of security certification and security evaluation processes may be required, to ensure that they offer the relevant level of security, for other types of devices such as, e.g.:
  • Mobile phones with hardware-based security (TEE, MTM, etc.).
  • HSM being recognised as an SSCD.
  • SSCD used for mass signing operations (e.g. for signing a series of documents).

EN 419 221  Protection profiles for TSP Cryptographic modules

This multi-part document specifies protection for cryptographic device devices used by Trust Service Providers. It covers the following topics:

• Part 1 – Overview: This part of EN 419 221 provides an overview of the protection profiles specified in other parts of TS 419 221.
• Part 2 – Protection profile for Cryptographic module for CSP signing operations with backup – high security level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93 [i.1]) for signing operations, with key backup, at a high level of security. Target applications include root certification authorities (certification authorities who issue certificates to other CAs and who are at the top of a CA hierarchy) and other certification service providers where there is a high risk of direct physical attacks against the module.
• Part 3 – Protection profile for Cryptographic module for CSP key generation services – high security level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93 [i.1]) for generating signing keys for use by other parties, at a high level of security. Target applications include root certification authorities and other certification service providers where there is a high risk of direct physical attacks against the module.
• Part 4 – Protection profile for Cryptographic module for CSP signing operations – high security level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by certification service providers (as specified in Directive 1999/93 [i.1]) for signing operations, without key backup, at a high level of security. Target applications include root certification authorities (certification authorities which issue certificates to other CAs and is at the top of a CA hierarchy) and other certification service providers where there is a high risk of direct physical attacks against the module.
• Part 5: Protection profile for Cryptographic module for TSP signing and authentication – moderate security level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by trust service providers for signing operations and authentication services at a moderate level of security. This protection profile includes support for protected backup of keys. The target of this part is:
  a)  provision of cryptographic support for TSP signing operations including applications such as certification authorities who issue qualified and non-qualified certificates to end users, level 1 signing services as identified in EN 419 241, data “sealing” by or on behalf of a legal entity, time-stamping services and validation services; and
  b)  provision of both symmetric and asymmetric cryptographic support for TSP authentication services, for example for authenticating users of signing services as specified in EN 419 241. This profile assumes that the cryptographic module is in a physically secured environment and that there is a low risk of untrusted personnel having direct physical access to the device.

EN 419 231  Security requirements for trustworthy systems supporting time-stamping
This document defines security requirements for a time-stamping system which consists of at least a time-stamping unit (a set of hardware including an internal clock and software creating time-stamp tokens) and of administration and auditing used to provide time-stamping services.

Informative annexes will provide check lists for conformity assessment.

EN 419 241  Trustworthy Systems Supporting Server Signing
This document is to become a multi-part document including general security requirements and protection profiles for Trustworthy Systems (TWSs) supporting server signing. The document is intended for use by developers and evaluators of a Server Signing Application and of its components. The details for this document have yet to be agreed in CEN TC 224 Working Group 17.
EN 419 251  Protection Profiles for Authentication Devices
This multi-part document defines security requirements for conformity of an authentication hardware device (such as, for example, a smart card or USB token) from the perspective of a security evaluation.
This multi-part document covers the following aspects:

• Part 1defines a PP for a device with only the core features and key import. It is the minimum product.
• Part 2defines a PP for a device with key import, key generation, trusted channel with the CA, trusted channel with the Administration application and administration.
• Part 3defines additional featuresthat can be added to part 1 or part2 in order to define a new PP with enhanced features.

EN 419 261  Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures

Requirements
This document establishes security requirements for trustworthy systems and technical components that can be used by a TSP in order to issue qualified and non-qualified certificates.

Technical specifications

EN 419 212  Application Interfaces for Secure Signature Creation Devices
This standard describes an application interface and behaviour of the SSCD in the context of Identification, Authentication and Electronic Signature (IAS) services.

This is a multi-part document covering the following topics:

• Part 1: Introduction.
• Part 2 describesBasic services for electronic signatures:This document specifies mandatory mechanisms for cryptographic devices such as smart cards, hardware security modules to be used as SSCD, and covers user validation, signature creation, device authentication, password-based mechanisms, establishment of a secure channel and key generation.
• Part 3 describesAdditional servicesin the context of electronic signatures:This document specifies mechanisms to support services around Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD mechanisms already described in Part 1 to enable interoperability and usage for IAS services on a national or European level. It also specifies additional mechanisms like Client/Server authentication, role authentication, symmetric key transmission between a remote server and a smart card, signature cryptographic verification, identity management and privacy mechanisms.
• Part 4 describesContext specific authentication protocols for SSCDs:This document specifies context specific authentication protocols for SSCDs, covering first the migration to suitable Authentication Protocols, e.g. for further context specific use for other transport layers e.g. NFC, and second a glossary including the unambiguous definition of the security properties employed by the proposed protocols.

Conformity Assessment
EN 419 203  Conformity Assessment of Secure Devices and Trustworthy systems
This document provides guidance on conformity assessment of Secure Creation Devices against the specifications EN 419 211 and guidance on conformity assessment for trustworthy systems against the specifications EN 419 221, EN 419 231, EN 419 241, EN 419 251 and EN 419 261.The guidance is intended for use by designated bodies, assessors, evaluators and manufacturers. Technical Conformance & Interoperability Testing
No requirements identified so far for such a document.

Defined documents: Cryptographic Suites

Guidance
TR 119 300  Business Driven Guidance for Cryptographic Suites
This document provides guidance for the selection of cryptographicsuites for given business requirements.
NOTE:  Regular maintenance of cryptographic suites specifications should be ensured and mechanisms for ensuring this should be proposed and implemented.

Technical Specifications
TS 119 312  Cryptographic Suites for Secure Electronic Signatures
This document defines a number of cryptographic suites for secure electronic signatures including a list of hash functions and a list of signature schemes, as well as the recommended combinations of hash functions and signatures in the form of “signature suites” to support Advanced Electronic Signatures.
Technical Conformance & Interoperability Testing
No requirements identified so far.

Defined documents: TSPs Supporting Electronic Signatures

Guidance

TS 119 400  Business Driven Guidance for TSPs Supporting Electronic Signatures
This document provides guidance for the selection of standards for TSPs for given business requirements.
NOTE:  When there would be a need for identifying and producing specific Business Driven Guidance for specific types of TSPs supporting electronic signatures, the Rationalised Framework model allows usage of TR 119 410, TR 119 420, TR 119 430, etc. documents for such purpose.

Policy & Security Requirements

EN 319 401  General Policy Requirements for TSPs Supporting Electronic Signatures
This document specifies policy requirements for TSPs Supporting Electronic Signatures that are independent of the type of TSP.
EN 319 411  Policy & Security Requirements for TSPs Issuing Certificates
This multi-part document specifies policy and security requirements for TSPs issuing certificates. It references EN 319 401 for generic requirements.
This is a multi-part document including the following topics:

• Part 1 – Overview: This part provides an overview of the other parts of this document. It also describes the relationship of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined in the “Signature Creation and Other Related Device” area.
• Part 2 – Policy requirements for TSP issuing qualified certificates.
• Part 3 – Policy requirements for TSP issuing public key certificates.
• Part 4 – Policy requirements for TSP issuing web site certificates.
• Part 5 – Policy requirements for TSP issuing Attribute Certificates.

Informative annexes will provide check lists for conformity assessment.
EN 319 421  Policy & Security Requirements for TSPs providing Time-Stamping Services

This document specifies policy requirements for TSPs providing Time-stamping services based on RFC 3161. It references EN 319 401 for generic requirements.
Similarly to EN 319 411, this multi-part document may be organised to include the following topics:

• Overview: This part provides an overview of the other parts of this document. It also describes the relationship of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined in the “Signature Creation and Other Related Device” area.
• Policy requirements for TSPs providing Time-stamping services. Informative annexes will provide check lists for conformity assessment.

EN 319 431  Policy & Security Requirements for TSPs providing Signature Generation Services

This document specifies policy requirements for TSPs providing signature generation services. It references EN 319 401 for generic requirements.

Similarly to EN 319 411, this multi-part document may be organised to include the following topics:

• Overview: This part provides an overview of the other parts of this document. It also describes the relationship of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined in the “Signature Creation and Other Related Device” area.
• Policy requirements for TSPs providing Signature Generation services. Informative annexes will provide
  check lists for conformity assessment.

EN 319 441  Policy & Security Requirements for TSPs providing Signature Validation Services
This document specifies policy requirements for TSPs providing Signature Validation Services. It references EN 319 401 for generic requirements.
Similarly to EN 319 411, this multi-part document may be organised to include the following topics:

• Overview: This part provides an overview of the other parts of this document. It also describes the relationship of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined in the “Signature Creation and Other Related Device” area.
• Policy & Security requirements for TSPs providing Signature Validation services. Informative annexes will provide check lists for conformity assessment.

Technical Specifications

EN 319 412  Profiles for TSPs issuing Certificates
This document provides specifications for specific profiles applicable to TSPs issuing certificates including qualified and other forms of certificates. It provides certificate profiles and a profile extension which aim to facilitate interoperability of (qualified) certificates issued to natural person, legal person or to organisation as website certificate,
for the purposes of (qualified) electronic signatures, (qualified) electronic seals, peer entity authentication, data authentication, as well as data confidentiality.
This is a multi-part document including the following topics:

• Part 1 – Overview.
• Part 2 – Certificate profile for certificates issued to natural persons.
• Part 3 – Certificate profile for certificates issued to legal persons.
• Part 4 – Certificate profile for website certificates issued to organisation (Baseline and Extended Validation).
• Part 5 – Qualified certificate statements for qualified certificate profiles.

EN 319 422  Profiles for TSPs providing Time-Stamping Services
This document specifies a profile for the format and procedures for time-stamping as specified in RFC 3161.
EN 319 432  Profiles for TSPs providing Signature Generation Services
This document specifies a profile for the format and procedures for TSPs providing Signature Generation Services.
EN 319 442  Profiles for TSPs providing Signature Validation Services
This document specifies a profile for the format and procedures for TSPs providing Signature Validation Services.

Conformity Assessment

EN 319 403  Trust Service Provider Conformity Assessment – Requirements for conformity assessment bodies assessing Trust Service Providers
This document contains requirements for the competence, consistent operation and impartiality of conformity assessment bodies assessing conformity of Trust Service Providers (TSP) to standardized criteria for the provision of trust services. Requirements and guidance set out in the present document are independent of the class of trust service provided.
EN 319 413  Conformity Assessment for TSPs Issuing Certificates
This (multi-part) document specifies requirements and provides guidance for the assessment of TSPs issuing certificates.
NOTE:  It may be assumed that any requirement relating to completion of conformity testing might be covered here and reference the appropriate Technical Conformance & Interoperability Testing documents.
This is a multi-part document including the following topics:

• Conformity Assessment for Policy Requirements for TSP issuing Certificates.

EN 319 423  Conformity Assessment for TSPs providing Time-Stamping Services
This document specifies requirements and provides guidance for the assessment of TSPs providing time-stamping services.
This is a multi-part document including the following topics:

• Conformity Assessment for Policy Requirements for TSP providing time-stamping services

EN 319 433  Conformity Assessment for TSPs providing Signature Generation Services

This document specifies requirements and provides guidance for the assessment of TSPs providing Signature

Generation Services.

This is a multi-part document including the following topics:

• Conformity Assessment for Policy Requirements for TSP providing Signature Generation Services.

EN 319 443  Conformity Assessment for TSPs providing Signature Validation Services
This document specifies requirements and provides guidance for the assessment of TSPs providing Signature Validation Services.

 
This is a multi-part document including the following topics:

• Conformity Assessment for Policy Requirements for TSP providing Signature Validation Services.

Testing Conformance & Interoperability

Not applicable so far.
NOTE:  At the current date, no requirement for such documents has been identified. It may however be the case that specifications for conformity checker tools could be identified in the future such as conformity checker for generated Trust Service tokens such as qualified certificates, public key certificates against a specific profile, or time-stamp tokens.

Defined documents: Trust Application Service Providers

Guidance

TR 119 500  Guidance for Trust Application Service Provider

This document provides guidance for the selection of standards for trusted application service providers for given business requirements.
The document identifies a number of relevant Trusted Application Services using electronic signatures in different business areas, and whose provision has already been standardized. Additionally, for each of the services, it provides guidance for the selection of the suitable standards, ensuring in this way their correct provision and interoperability across the European Union.
SR 019 530  Study on standardisation requirements for e-Delivery services applying e-Signatures

This document will define Electronic Delivery (e-delivery) services and investigate applicable requirements from those existing in the market (ETSI, CEN, private standards and pilots’ outcome) proposing rationalised and well organized requirements for Electronic Delivery Applying Electronic Signatures and its possible relation to Registered E-Mail.

Policy & Security Requirements

EN 319 511  Policy & Security Requirements for Registered Electronic Mail (REM) Service Providers
This document specifies policy and security requirements for REM service providers required to be recognized as a provider of this type of services. It might define different conformity levels for each style of operation and the corresponding set of requirements to be satisfied in each level. This document also addresses requirements on Information Security Management and Security requirements for REM systems. It references EN 319 501 for generic requirements.
NOTE:  Whether a “Security (Protection) Profile for Trustworthy systems used by REM Service Providers” should be merged within those specific policy & security requirements is yet to be further analysed.
This multi-part document includes:

• Overview. This part provides an overview of the other parts of this document. It also describes the relationship of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined in the “Signature Creation and Other Related Device” area.
• Policy requirements for REM Service Providers.
  Informative annexes will provide check lists for conformity assessment.

EN 319 521   Policy & Security Requirements for Data Preservation Service Providers (DPSPs)
This document specifies policy and security requirements for DPSPs. It references EN 319 501 for generic requirements.
It may address specific Information Security Management Systems or Data Preservation Systems (DPS), by specifying specific security requirements for Data Preservation Service Providers to abide by, when implementing and managing a DPS, in order to provide Data Preservation Services that are trustable and reliable from the Information Security viewpoint. This document does not address any   archival specific issues, like definition of data metadata structure and methods to build them, links between data to implement virtual folders, etc.
NOTE:  Whether a “Security (Protection) Profile for Trustworthy systems used by Data Preservation Service Providers” should be merged within those specific policy & security requirements is yet to be further analysed.
This multi-part document includes:

• Overview. This part provides an overview of the other parts of this document. It also describes the relationship of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined in the “Signature Creation and Other Related Devices” area.
• Policy requirements for Data Preservation Service Providers.
  Informative annexes will provide check lists for conformity assessment.

Technical Specifications

EN 319 512  Registered Electronic Mail Services
This document provides technical specifications for the provision of Registered Electronic Mail. This is a multi-part document whose structure is detailed below:

• Framework, Architecture and Evidence:This is a document structured in three sub-parts, as detailed below:
  • Registered Electronic Mail Overview
  • a framework document:This document provides an overview of the whole set of specifications included in the Technical Specification.
  • Architecture:This document provides an overall view of the standardized service, addressing the following aspects:
    • Logical model, namely: components, styles of operation,
    • Roles within a service provider, grouping of providers in administrative domains.
    • Interfaces between the different roles and providers.
    • Relevant events in the data objects flows and the corresponding evidence.
      Trust building among providers pertaining to the same or to different administrative domains.
  • Evidence semantics and format:This document fully specifies the set of evidence managed in the context of the service provision. The document fully specifies the semantics, the components, and the components’ semantics for all the evidence. The document also specifies different formats for all the
    evidence in different syntax, namely: XML, ASN.1 and PDF.
• Messages formats and bindings:This part specifies different formats for the messages and the different bindings for different transport protocols. This is a document structured in two sub-parts, as detailed below:
  • SMIME on SMTP. This document specifies the format of the data objects when SMIME structures are used for conveying them, and when the transport protocol used is SMTP.
  • SOAP on HTTP:This document specifies the format of data objects when SOAP structures are used for conveying them, and when the transport protocol used is HTTP.
• Interoperability profiles:This part contains several sub-parts. Each sub-part specifies profile(s) for seamless exchange of data objects across providers that use different formats and/or transport protocols.

NOTE 1:  Its internal structure will very much depend on the different relevant systems specified and built across Europe, as during the last years a number of specifications and non interoperable systems based on them, have been developed.
NOTE 2:  Requirements for support of Registered Electronic Delivery requires further investigation.
EN 319 522  Data Preservation Services through signing
This document specifies technical requirements for services providing document signing in support of data preservation. It specifies the requirements on the use of electronic signatures and time-stamping to maintain the authenticity and integrity of documents when stored over long periods. This can be applied to a single document or a set of documents, including multi-media objects, held in a container. An initial study will identify standardisation requirements and how this relates to general standardisation for archiving and data preservation. Conformity Assessment
EN 319 513  Conformity Assessment of Registered Electronic Mail Service Providers
This document specifies requirements and provides guidance for the supervision and assessment of a Registered Electronic Mail Service Provider based on general requirements and guidance for conformity assessment specified in EN 19 403.
EN 319 523  Conformity Assessment of Data Preservation Service Providers
This document specifies requirements and provides guidance for the supervision and assessment of a DPSP based on general requirements and guidance for conformity assessment specified in EN 319 403.

Testing Conformance & Interoperability

TS 119 504  General requirements for Technical Conformance & Interoperability Testing for Trust Application Service Providers
This document specifies general requirements for specifying technical conformance and interoperability testing for TASPs.

TS 119 514  Testing Conformance & Interoperability of Registered Electronic Mail Service Providers
This document defines test suites that support interoperabilitytests among entities that plan to provide this type of services. This is a multi-part document, whose structure is detailed below:

• Test suites for interoperability testing of providers using same format and transport protocols:This document is for those providers that implement the service provision using the same combination of format and transport protocols, i.e. there will be two test-suites one for the providers using SMIME on SOAP and another for those using SOAP on HTTP.
• Test suites for interoperability testing of providers using different format and transport protocols: This document is for those providers that implement the service provision using different combinations of format and transport protocols. This document defines test-suites for the interoperability profiles for REM.
• Testing conformance:This document specifies the tests to be performed for checking conformity against EN 319 512. This provides the basis for a tool that automatically checks that the messages and evidence set generated by a certain provider are fully conformant with the relevant aforementioned specifications.

Defined documents: Trust Service Status Lists Providers

Guidance

TR 119 600  Business Driven Guidance for Trust Service Status Lists Providers
This document provides guidance for the selection of standards for Trusted Service Status Lists Providers for given business requirements.

Policy & Security Requirements

EN 319 601  General Policy & Security Requirements for Trust Service Status Lists Providers
This document will specify general policy and security requirements for providers issuing status information of trusted services. It will describe different models on which such providers may operate, how this influences the way the content of the lists should be interpreted and specific criteria for the provision of revisions to TSL information, which should be published by the providers.
EN 319 611  Policy & Security Requirements for Trusted List Providers
This document will specify specific policy requirements for issuers of Trusted List, a profile of Trust Service Status List, as they are defined in CD 2009/767/EC [i.19] as amended by CD 2010/425/EU [i.20]. This would build on the requirements in EN 319 601.
Technical Specifications
TS 119 602  Trust Service Status Lists Format

This document will contain specifications related to Trust Service Status Information Formats (Trust Service Lists – TSL). This may be a multi-part document including:

• Trust Service Status Lists Structure
  This part specifies the Trust Service Status List structure. Each of the fields within the TSL is described to a level of detail sufficient to derive a consistent format specification.
• ASN.1 Representation of Trust Service Status Lists
  This part specifies the ASN.1 structures to be used when implementing an ASN.1-version of TSLs.
• XML Representation of Trust Service Status Lists
  This part specifies the XML structures to be used when implementing an XML-version of TSLs.

TS 119 612  Trusted Lists
This document contains the specifications related to Trusted Lists (TL) for their use in the context of Directive 1999/93/EC [i.1] and of the Services Directive 2006/123/EC [i.14], as they are defined in CD 2009/767/EC  amended by CD 2010/425/EU.
NOTE 1: Migration of this TS as an EN is not planned yet and will depend on the adoption of the proposal for a regulation on electronic identification and trust services for electronic transactions in the internal market that will supersede Directive 1999/93/EC.
NOTE 2:  As conceptually TL or TSL can be used for providing status information on the approval of any type of provision of any type of Trust Service Token by any type of Trust Service Provider, the document structure proposed here is flexible enough to allocate sub-areasto determined categories of such services. As an example, TL or TSL could be used for publishing in a Europe-wide common way, the status of the determination of conformity of a signature creation device against the requirements laid down in Annex III of Directive 1999/93/EC [i.1] (SSCD) made by a Member State Designated Body. It is likely that for such a purpose, a specific baseline profile of TL specifications as per TS 119 612 would be required.

Conformity Assessment

EN 319 603  General requirements and guidance for Conformity Assessment of TSSLPs

This document will provide the rationale, rules and guidance on conformity assessment concerning the processes and products around the issuance and processing of Trust Service Status Lists.
EN 319 613  Conformity Assessment of Trusted List Providers

This document will specify the specific conformity rules for assessing conformity against

EN 319 612 specifications related to both the generation and conformity validation of Trusted Lists, a profile of Trust Service Status Lists.

Testing Conformance & Interoperability

TS 119 604  General requirements for Testing Conformance & Interoperability of TSLs

This document will specify general requirements for specifying technical conformance and interoperability testing for TSLs. This may include test suites and specifications for conformity testing tools testing ASN.1 and /or XML representation of TSLs. This document will be used by those entities interested in testing tools that generate and verify Trust Service Status Lists in their ASN.1 or XML representation compliant with the specification TS 119 602. This is a multi-part document that includes:

• Testing specifications for technical conformance & interoperability testing of ASN.1 representation of the Trust Service Status Lists:This document will be used by those entities interested in testing tools that generate and verify Trust Service Status Lists in its ASN.1 representation conformant with the specification TS 119 602.
• Testing specifications for technical conformance & interoperability testing of XML representation of the Trust Service Status Lists:This document will be used by those entities interested in testing tools that generate and verify Trust Service Status Lists in their XML representation conformant with the specification TS 119 602.

TS 119 614  Test suites and tests specifications for Technical Conformance & Interoperability Testing of Trusted Lists
This document provides technical specifications for helping implementers and accelerating the development of tools for creating and issuing Trusted Lists. First, it will define test suites as completely as possible for supporting the organization of interoperability testing events where different Trusted List related applications may check their actual interoperability. Additionally, it will include the specifications required for building up software tools for actually testing technical conformance of Trusted Lists against the relevant Trusted List related technical specifications:

• Test suites for testing interoperability of XML representation of Trusted Lists:This document will be used by those entities interested in testing tools that generate and verify Trusted Lists in their XML representation compliant with TS 119 612.
• Specifications for testing conformance of XML representation of Trusted Lists:This document will specify, among other things, rules for testing compliance ofTrusted Lists against Trusted List specifications. It should include not only rules for the static aspects of the Trusted Lists, i.e. the contents of a certain instantiation of the Trusted List, but also rules for testing dynamic aspects of the Trusted List, i.e. specific relationships among elements present in consecutive instantiations of one Trusted List as a result of certain very well specified events (Trusted List life cycle-related rules). It should allow developing a tool that could automatically check that the Trusted Lists generated by a certain tool are fully conformant with the relevant aforementioned specifications.