Objective

e-Signature is among the Digital Service Infrastructure Building Blocks (DSI-BB) defined in the Draft guidelines for trans-European telecommunications networks (COM(2013) 329 final). It is part of the “electronic identification and authentication” DSI-BB defined as “this refers to services to enable cross border recognition and validation of e-identification and signature”. Both signature-creation and signature-validation are addressed. 

Electronic signature means “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” (Signature Directive 1999/93/EC). The main purpose is binding an e-Document to an entity so that some legal value is associated.

The e-Signature SAT covers signature-creation (by the signatory) and signature-validation (by a relying party) as its core architecture framework. It relies on the EU e-Signature legislation (mainly the Signature Directive and the upcoming e-IDAS Regulation) as the legal backbone, the EU e-Signature Standards Framework as the interoperability backbone, respectively. 

e-Signature Creation Service defines a service that uses an application to generate signatures that adhere to the specification.

e-Signature Validation Service defines a service that uses an application to verify signatures according to the specification.

Interoperability for e-signatures requires that all parties adhere to the same format and standards when generating and verifying signatures. This framework provides the format and standards to be used, and maintains these over time.   The e-Signature Standards Framework covers numerous standards and specifications. It is best described by the CEN and ETSI “Rationalised Framework for Electronic Signature Standardisation”. Many European states have issued various forms of eSignature solutions. With the upcoming eIDAS Regulation the provisions on eSignatures that originally were provided by the Signature Directive get amended. The e-SENS eSignature building block is based on and will support eIDAS as policy basis.

The e-SENS also supports mobile signature solutions taking the advantage of mobility to establish cross border e-Signature services by using a mobile signing device.

Version:1.1.1
Status:Transition
Set of ABBs:

eSignature Mobile

eSignature Creation

eSignature Validation

 

Scope

The aim of e-Signature SAT is to meet e-signature needs of the e-SENS project. Although there are many tools that already have a cross-border interoperability aspect included and/or are used by several Member States (MS) which should also fulfill the e-SENS requirements. In case of a need arises from domain requirements this SAT will try to check possibilities to provide a tool that can meet the needs by taking account all constraints. Aside the BBs that will be provided by the e-SENS, numerous tools exist for electronic signatures, many MS provides open source solutions, commercial tools are available, or e-Signature functionality is integrated in some COTS products. Any of these tool supporting the e-Signature standards framework as the high-level generic building block is to be seen as building the e-Signature ecosystem: The general principle is, that e-Signature components that meet the standards framework and have proven interoperability with it shall be considered meeting the Building Block requirements.

Trust validation during signature validation is not in the scope of e-Signature BB rather it interacts with trust services defined by Trust Services SAT.

Generic requirements

Requirement
ID

Requirement description

Compulsory

Source

R-eSig-B1

eSignature Document (Document/Evidence/Container) Signing services shall be provided.

Yes

R5.1-UC1-23
R5.2-UC1-9
R5.2-UC2-33 R5.4-UC1-11
R5.4-UC1-23
R5.4-UC2-23

R-eSig-T1

eSignature Document (Document/Evidence/Container) Signing services shall be provided.

Yes

R5.1-UC1-24
R5.3-UC1-2
R5.3-UC2-2
R5.3-UC4 -2
R5.4-UC1-39
R5.4-UC2-39
R5.4-UC1-47
R5.4-UC2-47

R-eSig-T2

Creation, Validation, and Time stamping Services are to be compliant with EU decisions and mandates.

Yes

R5.4-UC1-25
R5.4-UC2-25
R5.4-UC1-39
R5.4-UC2-39
R5.4-UC1-40
R5.4-UC2-40
R5.4-UC1-42
R5.4-UC2-42

R-eSig-T4

Validation Services should support the EU Trusted Lists of Certification Service Providers.

Yes

R5.1-UC1-24
R5.1-UC1-33

R-eSig-B2

For non-repudiation purposes acknowledgements shall be signed.

Yes

R5.1-UC1-28
R5.4-UC1-6
R5.2-UC2-33

R-eSig-T5

eSignature Validation and Verification Services shall be provided.

Yes

R5.1-UC1-33
R5.1-UC2-13
Feasability Assessment -1
Feasibility Assesment – 2
R5.2-UC2-34
R5.3-UC1-3
R5.3-UC2-3
R5.3-UC4-3 R5.4-UC1-1
R5.4-UC1-25 R5.4-UC2-25
R5.4-UC2-40

Use Cases and Scenarios

 

Use Case

Generic e-Signature Use Case

Description

The following use case shows generic events when a signer signs a document and/or a verifier validates a signed one.

Actors

  1. Signer of the document
  2. Verifier of the signed document.

Goals

Providing non-repudiation and integrity of data exchanged among services.

Assumptions

An eDocument has been created.
The Signer possesses an e-SENS Signature Policy or an acceptable policy by signature verifier.
Signer has electronic signature keys.

Artefacts

If Signed Documend has been verified and validated succesfully, the eDocument is processed by the verifier.

Flow

Basic Flow of Events:

  1. Signer signs the document using electronic signature keys according to the Signature Policy.
  2. The signed document is transferred to the Verifier.
  3. Verifier verifies and validates the signed document
    1. Verifier validates the signature of the signed document
    2. Verifier validates the certificate of Signer.

      Alternative Flows:
      3.a If Signature Validation is not completed successfully, the Verification and Validation process is rejected.
      3.b If Certificate Validation is not completed successfully, the Verification and Validation process is rejected.

Solution Patterns and Variability

Pattern VariationABB Configuration
Using eSignature on Transport SecurityDuring eDelivery services, in order to protect integrity and to provide non-repudiation messages are signed using eSignature Creation ABB. Since the eDelivery processs must be complete, the receiving party should validate the signature to check integrity using eSignature Validation ABB. Hence creation and validation of signatures are held in the same process.esignature Creation and eSignature Validation
Signing Business DocumentsBusiness documents can be signed using eSignature Creation ABB according to business process needs. Depending on the use case the validation can be established later on seperately as part of another business process.esignature Creation
Validating Business DocumentsSigned business document should be validated using eSignature Validation ABB.eSignature Validation
Signing Business Documents on Mobile EnvironmentWhen Mobile signature environment is available for the users business documents can be signed using eSignatures Mobile ABBeSignatures Mobile

Orchestration and Topology of ABBs

Figure 1: Orchestration of e-Signature ABBs.

Business view

This section provides an overview of business sub-processes

Figure 2: Sign Document Business Sub-process Archimate Business View

Figure 3: Verify and Validate Document Business Sub-process Archimate Business View

Application view

The relation between the ABBs of e-Signature and the services provided by them are given in Figure 4.

Figure 4: Topology of ABBs

Figure 5: Application Structure for Signature Creation Service, Archimate Application View

Figure 6: Application Structure for Signature Validation Service, Archimate Application View

Figure 7: Application Structure for Mobile Signature Service, Archimate Application View

Information level

Figure 8: Archimate Information View

Contributors

NameSurnameOrganizationCountry
ElifUstundag SoykanTUBITAKTurkey
VuralCelik

TUBITAK

Turkey

CagatayKarabat

TUBITAK

Turkey

MelisOzgur Cetinkaya

TUBITAK

Turkey

EdonaFasllija

TUBITAK

Turkey

MuhammetYildiz

TUBITAK

Turkey

Thomas Zefferer

e-SENS.AT ARGE

Austria

BojanSuzic

e-SENS.AT ARGE

Austria

HerbertLeitold

e-SENS.AT ARGE

Austria

History

Version

Date

Changes made

Modified by

0.2

17.03.2014

Template

Klaus Vilstrup Pedersen

0.3

09.07.2014

Template update (Generic requirement..)

Sven / Elif

0.4

16.07.2014

e-Signature Inputs

Elif Ustundag Soykan, Edona Fasllija

1.106.04.2015Added Topology View, Restructured wrt Reference ArchitectureElif Ustundag Soykan
1.213.04.2015Editorial ChangesCagatay Karabat
  • No labels