Our industry-led initiative was launched under the auspices of the Information and Communications Technologies Standards Board (ICTSB) in the beginning of 1999. The objective is to build a reference framework for the technical implementation of the EU Directive on Electronic Signatures, the adoption of which will ensure a coherent European framework for electronic signatures.
After a preliminary investigation phase, during which contributions of regional and international consortia and fora were taken into consideration, we are now well ahead in preparing the first set of draft deliverables. We have already had the opportunity to discuss about the scope of the EESSI work items with national regulators and interested market players, now preparing to implement the provisions of the Directive at national level, during the EESSI Open Seminar "Electronic Signature Standardization Initiative: The National Dimension" held in Paris on 11 & 12 of last May.
In light of
the encouraging conclusions of this seminar (see also the presentations),
and the progress in the preparation of our deliverables that will
have been made by Autumn, we would like to present the EESSI draft
specifications to all organisations involved and to discuss how
the EESSI reference model could contribute to the need for a global
model that will facilitate international electronic exchanges.
Speakers include key market players from relevant international
activities in the three continents as well as participants from
standardization organisations and industry consortia involved in
the harmonisation in this field.
Chair: Mr. Claude Boulle, Chair of EESSI SG, Bull SA, France
György
Endersz 
(Chair of the ETSI/SEC ESI WG, Telia AB, Sweden): the
EESSI work programme in the international perspective
Dr Endersz is a senior scientist within the Information Security area and works for Telia Research AB, a subsidiary of Telia AB. Telia AB is the largest telecom operator in Sweden. With a MSC in telecommunications and a PhD in applied electronics, Dr Endersz has been active in the field of information security, PKI and certificate based services since 1989. Earlier areas of experience include microwave and fibre optic systems and data communications. Within the field of his experience, Mr Endersz acted as Chair of the COST 225 "Secure Communications" project, major contributor to the architecture design of BOLERO (a prototype system for the electronic form of the "Bill of Lading"), and contributor to areas such as interoperability requirements for secure electronic business transactions, technical and market analysis of future TTP services and security analysis of PKI-based payment systems. Dr Endersz is currently Chair of the ETSI Technical Committee Security (ETSI SEC) and the ETSI Electronic Signature and Infrastructure Working Group (ESI WG).
Chair: Mr. Robert Temple, EESSI SG, Head of IT Security in BT, UK
Panel formed by: Industry market players active in the building of global trust infrastructure & services.
US
PKI: Mr.
Richard Guida , Chair Federal PKI Steering Committee, US
Mr Guida was appointed as a member of the Government Information Technology Services Board (Champion for Security) and Chair of the Federal Public Key Infrastructure Steering Committee in April 1988. The US Federal PKI SC comprises over 50 members from more than 24 Federal agencies. In parallel with these functions, Mr Guida joined the Treasury Department in October 1998 as a Senior Technical Advisor to the Chief Information Officer. In August 1999, Mr Guida was also appointed by the Secretary of Commerce to their Computer Systems Security and Privacy Advisory Board. With a background in electrical and nuclear engineering and business administration, Mr Guida has worked for the US Federal government since 1973 and has published numerous technical or professional articles on nuclear matters, information security and government policy issues.
PKI
Forum: Ms.
Lisa Pretty , Executive Director, US
Mstty wa Pres appointed as Executive Director of the PKI Forum in February 2000. In this role, Lisa directs all aspects of the PKI Forum's business including sales, marketing, membership/programme management and public relations. Ms Pretty works very closely with the Executive Board and Working Groups Chairs to help the Forum achieve its goal of accelerating the adoption of PKI as a critical enabler of e-business. Ms Pretty brings several years of experience in the information security market in the Forum and has held key executive roles at Certicom Corp. and Baltimore Technologies. In these roles, Ms Pretty participated in many standards and industry alliance organisations and was a frequent speaker on the topic of public-key technology at conferences and events. Previously, Ms Pretty began her career as technologist and held positions in NCR and the University of Guelph. This past experience in technical roles provides her with an appreciation of the interoperability and implementation challenges facing vendors and users of PKI technology.
Radicchio: Mr.
Marc Sievers , Director Business Development, Sonera SmartTrust,
Germany
Mr Sievers chairs the Radicchio Working Group "Legal and Regulatory Environment for Wireless PKI". Prior to joining Sonera SmartTrust at its founding in 1998, Mr Sievers, an attorney-at-law, was Deputy Director at the German Federal Ministry for Research and Technology. In this position, Mr Sievers served, among other incumbencies, on a three-member task force in charge of the conception and development of the initial drafts of the German Multimedia Law, a central part of which is today Germany's path breaking the Digital Signature Act.
Identrus: Mr.
John Bullard , Managing Director Participant Relations &
Sales, UK
Mr Bullard joined Identrus LLC in July 1999 as a full time member of the Executive Management Team from Barclays PLC, the UK-based financial services business, being itself one of the banks involved in the creation of Identrus. Prior to that, Mr Bullard had been seconded to Identrus after a career in Barclays of over 20 years. Mr Bullard with his team is now responsible for taking on and managing relationships on a global basis with financial institutions seeking to make use of the Identrus offering. Mr Bullard held senior management positions in Barclays spanning both commercial and investment banking in London, New York, San Francisco and extensive experience in Europe. For the past two years, Mr Bullard has focussed on Barclay's e-commerce initiatives and the e-commerce regulatory landscape.
GTA: Mr.
John Tunstall , General Manager, UK
ECOM: Mr. Tokio
Yonekura , Research Director, Japan
Mr Yonekura is a Research Director in ECOM, the Electronic Commerce Promotion Council of Japan. In this position, Mr Yonekura manages the Authentication / Notary Working Group, which contains 3 sub-Working Groups and five Task Forces and has as members more than 100 companies.
[Mr Yonekura has kindly provided the following information about
the Electronic Commerce Promotion Council of Japan:
The Japan EC/CALS Organisation (JECALS) has been active in business-to-business
electronic commerce, the Electronic Commerce Promotion Council of
Japan (ECOM) in business-to-consumer and the Center for the Informatization
of Industry (CII) has been active in electronic data exchange. Since
JECALS and ECOM were dissolved in March 2000, industry has assembled
to establish a new organisation, the Electronic Commerce Promotion
Council of Japan (ECOM) to facilitate close co-operation in promoting
electronic commerce and standardization such as XML/EDI and STEP
(standards concerning expression and exchange of product model data),
which had been carried out separately in each organisation. Therefore,
three organisations (CII, ECOM and JECALS) integrated into ECOM
in 1 April 2000.
ECOM's sriat is managed by JIPDEC (Japan Information Processing Development Corporation, founded in 1967].
Questions to the panellists:
Could you indicate the extent to which you have been following EESSI developments?
Does any of your activities overlap with / conflict with / complement EESSI?
To which extent do you expect the EESSI deliverables to be useful
to achieving the objectives you have spoken of in your presentation?
Are there any changes we could implement which would make your use
of our deliverables more likely?
Chair: Mr. John Ketchell, EESSI SG, Director CEN/ISSS
Mr Ketchell was appointed Director of CEN's new Information Society Standardization System (ISSS) on 1 July 1997, created as a focal point for standards-related activities in this area, including open Workshops reaching consensus on technologies and self-regulation issues. Previously, Mr Ketchell was responsible for external co-ordination activities within the European Telecommunications Standards Institute (ETSI), where he was also responsible for the secretariat of a High-Level Task Force and subsequent arrangements concerning the reorganisation of the Institute's activities. Mr Ketchell was the Secretary to the European Information and Communication Technologies (ICT) Standards Board (ICTSB) from its inception. An economist and linguist, Mr Ketchell's previous career was in the United Kingdom public administration, with a marked bias towards European Union matters, including the regulatory and standards aspects of radiocommunications.
ISO/IEC
JTC1: Mr.
Walter Fumy , Vice President Technologies Trusted Networks &
Applications, Siemens, Germany
Dr Fumy is Vice President of Technology of Trusted Networks & Applications at Siemens AG. In this position, Dr Fumy's work ranges from cryptographic research to security consulting and participation in international security fora. Dr Fumy has published more than 60 papers and books in these areas, has served on numerous programme committees, and was programme Chair of Eurocrypt'97. For many years Dr Fumy has been involved in the standardization of security techniques, currently serving as Vice-Chair of ETSI TC Security and Chair of ISO/IEC JTC 1/SC 27 "IT Security Techniques".
APEC: Mr.
Steve Orlowski , Leader APEC Electronic Authentication Task Group,
Australia
Mr Orlowski is a special adviser of the IT Security Policy in the Information and Security Law Division of the Australian Attorney-General's Department. Mr Orlowski's duties focus on the development and implementation of national and international policies and strategies for the security of information systems including Australia's National Information Infrastructure. Mr Orlowski is leader of the APEC Electronic Authentication Task Group. This is a grouping of economies in the Asia Pacific rim. The Task Group has prepared an issues paper on electronic authentication and a number of Annexes on specific technology groupings. The Task Group also oversights the work of the PKI Interoperability Expert Group. Concurrently with the above tasks, Mr Orlowski has also represented Australia at various committees of the OECD, APEC and the United Nations dealing with IT security and he is also member of a number of committees of the Standards Association of Australia dealing with IT security and electronic commerce issues.
WAP
Forum: Mr.
Timothy Wright , Chair WAP Forum Security Group, Vodafone, UK
Mr Wright joined Vodafone in 1995 to work under the new Fraud Control Team and moved internally to the research group in 1997 where he has concentrated on security, both of Vodafone systems and security standardization. In this position Mr Wright has been heavily involved in GSM and 3GPP security standards work and was nominated Chair of the WAP Forum's security group in spring 2000. With a background in Electronics and Information Sciences, Mr Wright began his career in telecommunications with the STC (currently NortelNetworks) research group in Harlow and worked on propagation and network modelling and GSM standards including security.
W3C: Mr.
Joseph Reagle , Policy Analyst, US
Mr Reagle has been closely involved in the intersection of Web technology and social concerns throughout the 1990s. Presently Mr Reagle is a co-Chair of the joint IETF/W3C XML Signature Working Group. With a background in computer science and a graduate degree in technology policy from MIT, Mr Reagle has held appointments as a research engineer at MIT's Laboratory for Computer Science, a policy analyst and Working Group Chair at the World Wide Web Consortium, and a Fellow at the Berkman Center of the Harvard Law School. Mr Reagle led the development of the W3C's methods for technology development in a global policy context and initiated W3C's privacy, copyright, and trademark policies. Mr Reagle has also contributed to the design of the Platform for Privacy Preferences Project (P3P), which enables users to be informed of and to control the collection, use and disclosure of their personal information on the web.
Open
Group: Mr.
Ian Lloyd , Director Security & eCommerce Programs, US
Director of the Security and eCommerce groups with the Open Group, Mr Lloyd has a 20 year background in the IT industry, covering hardware and software vendors and latterly consulting engagements with end users. Within the Open Group, Mr Lloyd and the Security Working Group are working towards the development of a new security architecture that is required to support e-business. This work lays the ground for further standards that are required, particularly in the area of interoperability.
Could you indicate the extent to which you have been following EESSI developments?
Would you support our deliverables in the International Standardization process?
If no, are there any changes we could implement which would make you support our deliverables in the International Standardization process?
Chair: Mr. Robert Temple, EESSI SG, Head of IT Security in BT, UK
As Head of the IT Security Unit of BT Advanced Communications Engineering, Mr Temple leads a team of over twenty security consultants based at various locations in England and Wales, but predominantly at Adastral Park where BT's research activities are centred. The team has expertise in the entire range of IT and telecommunications network security. Mr Temple has worked for BT for over twelve years in the systems development field concentrating on IT security for the past nine years. Prior to his current role, Mr Temple has held various posts in both technical and corporate security including Head of Group Security Policy. For the past few years Mr Temple's principal technical area of work has been around the commercial deployment of PKI. Mr Temple is Secretary of BT's Cryptography Steering Group and BT's principal technical adviser on the commercial deployment of cryptography. In this role, Mr Temple provides support to BT's Regulatory Affairs Department and E-business Unit in their dealings with the UK government and European Commission
Panel formed by: Representatives from the previous panels
Dear Colleagues,
Firstly I'd like to thank you all for your contribution to making our open seminar so successful. The overwhelming consensus was that EESSI was broadly on the right track and that we were doing useful and timely work.
The following improvements and forward looking suggestions for EESSI were made:
Extending the deliverables to cover issues below the CP & CPS to promote interoperability. The example quoted was personnel vetting standards, although there are more technical ones such as levels of assurance and mapping between different signature and certificate classes, for example between what EESSI defines and the US Federal PKI project.
We need to consider the issue of client behaviour in the signature creation environment and the "What you see is what you sign" concept particularly in the light of the constraints imposed by current mobile telephone screens. A plea was made (by the PKI Forum!) that we explicitly limit our work to deliverables deploying Public Key Cryptography.
EESSI needs to further strengthen our co-operative work with other standards-making bodies such as those represented at the seminar. EESSI should support interoperability trials between the PKI Forum and the EEMA-led PKI Challenge. One option is the setting up of a Bridge CA for issuers of qualified certificates.
Your suggestions are currently being considered as we construct our 2001 work programme. Thank-you once again for your interest in our work.
Robert Temple on behalf of the EESSI Steering Group.