TDL Meeting
7-8 April 2014 //Vienna
Sprint Proposal
The key of a legal on line signature:
The inseparable link between
e-Authentication, e-Signature and e-Validation
Description of innovation
Certiway’s Ecosystem
 Introduction of assurance levels in real time transactions
 Real-time contractualisation of each bilateral relationship and
provision of legal claim
 Validation platform, CERTIWAY, to guarantee end-to-end trust:
revocation list management, data domiciliation & data
consolidation, accountability between all service providers,
recovery, resilience (ISO 27006 and 27035), interoperability
Description of innovation
Certiway’s Ecosystem
 Description of a use case of new trust services and e-ID regulation (eIDAS) for
cross border digital signature, applicable for handling real time processing of
mass transactions.
Use Case including:
-
a strong e-Authentication
TDL
Microsoft
-
a qualified electronic signature creation device
TrustSeed
-
a validation of qualified electronic signatures
CertiWay
-
Legal evidence and privacy’s protection
CertiWay
The urgent needs of Businesses and Users
• New control technologies for digital identities – e-authentication
– Establishing trust frameworks and increasing the interoperability of
trust services
– New design principles for easy and cheap deployment of complex
architectures, e.g. architecture serving complex identity
infrastructures
• New solutions digital signature, easy, cheap and legal
– Easy to use, easy to deploy
– Insurance levels for guarantees
The urgent needs of Businesses and Users
– Compliant with upcoming European Regulations :
REGULATION on electronic identification and trust services for electronic
transactions in the internal market
(eIDAS Regulation)
REGULATION on the protection of individuals with regard to the processing of
personal data and on the free movement of such data
(General Data Protection Regulation)
DIRECTIVE concerning measures to ensure a high common level of network
and information security across the Union
(NIS Directive)
Benefits
• The innovation linking in real time… :








From a basic to a high eID security level
Strong authentication
Bilateral contracts
e-Signature and their validation
Validation (authentication, signature and delivery)
Control of the document to sign : its integrity and these mandatory data
Respect of the privacy
Assurance levels
… is the only way to be compliant with the three upcoming
European Regulations.
This innovation makes your business get a head start.
Benefits
In the meantime, the innovation allows :
- an effective protection of the data of citizens and of businesses
“PRIVACY BY DESIGN”
- only the electronic exchanges previously agreed
“ACCOUNTABILITY” & “TRACEABILITY”
- Focus on your core business and entrust liability to the qualified trust
service Providers
“ENTRUST LIABILTY”
- as a consequence: the drastic reduction of fraud and the capability to
save money
“STRUGGLE AGAINST CYBER CRIME”
Use Case:
1.
Joining TDL
Sign legally online the TDL membership agreement
Application form contains:
–
–
TDL Membership
Member accepts
articles of Association
&
Rules and Policies
–
Prospective member
applies for
membership
–
Signature
Contact details and billing
information
Adherence to Articles of
Association
Adherence to rules & policies
Weakness in process!
Board of Directors
approves applications
Written application
send to the TDL office
1. No control if the signature is from
an authorised representative
2. No bilateral signature
3. No version management of signed
AoA & Rules and Policy connected
to the signature
2.
By signing online
in compliance to the upcoming regulations
Authorised to
access TDL office
365 Agreements
Signature of
agreement
Signature of
agreement
by TDL Board
of Directors
Storage of
sealed legal
proof
documents
by applicant
Electronic agreements
 Probative value
 Proof of exchange
 Attribute for invoicing
 Attribute for access 365
 Proof of acceptance
 Legal archiving (WORM)
Stored in the cloud:
• Applicant Company Z
• Agreement version .X
• Rules & Policies version .Y
E-authentication
platform
E-signature
platform
Validation
platform
TDL office 365
General flowchart of the processes
TDL countersigns agreement without membership fee
Prospective member
PenSeal Signature
and Verification
Service
MS Azure Sharepoint
TDL Entreprise
Application Portal
TDL Board
Validation Service
Provider
Validation Request
Contract deposit
Signature validation and hash creation
Step 3
Signature validation approved notification
Request for reviewing contract
contract is shown to TDL Board
Authentication + Signature Request
Strong Authentication – Phase 1
Strong Authentication Activation
Strong Authentication – Phase 2
PIN Entry
Approved
Validation Request
PIN Check
Service Invocation of Electronic Signature
Receipt Proof Creation
Contract Sign
Signature Proof Creation
Step 4
Contract Signed + Proofs deposit for archiving
Contract Signature information for TDL Board
Contract Signature Notification for prospective member
Proofs Transfer request
Use case overview
• Immediate Perspective
In our solution, we use the Microsoft claim system completed by the TDL
check of the supporting documents uploading by the Prospective Member.
• Tomorrow Perspective
There will be different attribute providers that will be in charge to attest
the authorized signees of companies .
Feedback on the sprint
What have been done so far:
 Researched the interface between the Microsoft e-Authentication
platform
 Researched the interface with TDL office 365
 Worked out the workflow
… and What needs to be done:
 Implementation of a use case in TDL community
Costs estimation for the Sprint
Total budget for the sprint: € 81.000
Requested budget: €25.000
Method of cost estimation: 3 persons x (nb man days) x (500€)
Already executed: approx. 8 man days = 12k euros
• Conceptual design and technical feasibility check
• Use case description
• Research aspects of relying party (TDL contracting)
• Preliminary workflows
Needed to finalize the sprint (refer to slide 18 with details)
•
•
•
•
•
Analysis (legal functional): 10 man days
Design phase : 10 man days
Implementation phase : 16 man days
Dissemination of results (public paper): 10 man days
Costs for availability technical platform: 6.000,-
Use Case – Implementation view
TDL membership agreement signing
Month 1
Month 5
Month 2 to 4
Legal
Sprint Contrac ng
1
Legal and
design
2
Set up
Sprint specifica ons
Applica on Set up
System and security Setup
Implement. Authen ca on WS
Implement. Signature WS
Implement. Other WS and forms
Implementa on
3 of Web services
?
QA and test
Beta test
4
QA and
beta Test
Service Launch
5
Launch
Produc on
TDL
TrustSeed
Use Case – Implementation view
Signing the TDL membership agreement
TDL Sprint requirements
• Design phase :
– Detailed storyboard and technical details
– Review of existing components and apps
– Technical specification
– Prototyping API’s
 Validation for implementation phase
• Implementation phase :
– TDL uses OFFICE SHAREPOINT 2013 on 365: need technical description of
document formats, web application
– UIA Authentication service: need technical description of service
– Access to a TDL test environment: office365 and E-authentication (test
bed)
– WSDL and service point addresses of existing web services
Contribution to the
TDL ATTPS Testbed & TDL innovation lines
•
Trusted stack
– Trust framework architecture providing e-commerce middleware to guarantee probative value
of any ”interchange” transaction and payment delivery.
– Trust service provides an claim to prove validity of audit (level and duration)
•
Data life cycle management
– Revolving probative value to extend the life cycle of the digital signature. (also part of
regulation)
– Legal archiving of signatures & documents in the cloud and proof of exchange (transparency).
– Management of transaction recovery (traceability of the transaction)
•
Service integrity
– Guarantees the integrity of the documents
•
ATTPS TESTBED
– Other relyping parties and attribute providers can keep autohorized signees of companies.