Advertisement

Towards eIDAS as a Service

  • Detlef HühnleinEmail author
Conference paper

Abstract

Cloud computing promises to provide great advantages and many analysts expect a significant growth of the cloud services market. In a similar manner the forthcoming European regulation on electronic identification and trusted services for electronic transactions in the internal market [eIDAS-EP] is expected to ease electronic identification, authentication and signatures (eIDAS) in Europe. The present contribution discusses whether and how the two approaches can be combined in order to provide services for electronic identification and authentication of entities, the creation, verification, validation and preservation of electronic signatures and the registered delivery of documents in an efficient manner using cloud computing techniques.

Keywords

Cloud Computing Cloud Service Electronic Signature Legal Person Reference Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1999/93/EC] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31999L0093
  2. [2014/148/EU] Commission Implementing Decision of 17 March 2014 amending Decision 2011/130/EU establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market, notified under document C(2014) 1640, Text with EEA relevance, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX-:32014D0148
  3. [BSI TR-03125] Federal Office for Information Security: Preservation of Evidence of Cryptographically Signed Documents, BSI TR-03125, https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03125/BSITR03125.html
  4. [BYV+09] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg & I. Brandic: Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation computer systems, 25(6), 599-616, 2009, https://svn.inf.ufsc.br/luis.custodio/TCC-Dantas/Artigos/Bom/10.1.1.144.8937.pdf
  5. [CEN15480-3] Comité européen de normalisation (CEN): Identification card systems — European Citizen Card — Part 3: Interoperability using an application interface, CEN/TS 15480-3, 2014Google Scholar
  6. [COM(2012)238] European Commission: Proposal for a regulation of the European Pariament and of the Council on electronic identification and trust services for electronic transactions in the internal market, 2012, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0238:FIN:EN:PDF
  7. [eIDAS-PR] European Commission: Draft Regulation “on electronic identification and trusted services for electronic transactions in the internal market”, Press Release 20.09.2012, http://ec.europa.eu/digital-agenda/en/news/draft-regulation-electronic-identification-and-trusted-services-electronic-transactions-0
  8. [eIDAS-EP] European Parliament: Electronic identification and trust services for electronic transactions in the internal market, as adopted by the European Parliament on 3rd of April 2014, http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0282 [ETSI102640] ETSI TS 102 640: Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM), Part 1-6
  9. [HPS+12] D. Hühnlein, P. Petrautzki, J. Schmölz, T. Wich, M. Horsch, T. Wieland, J. Eichholz, A. Wiesmaier, J. Braun, F. Feldmann, S. Potzernheim, J. Schwenk, C. Kahlo, A. Kühne, H. Veit: On the design and implementation of the Open eCcard App. In: Sicherheit 2012 GI-LNI (2012), http://subs.emis.de/LNI/Proceedings/Proceedings195/95.pdf
  10. [HHK+14] D. Hühnlein, G. Hornung, M. Kubach, V. Mladenov, H. Roßnagel, S. Sädtler, J. Schmölz, T. Wich: SkIDentity – Trusted Identities for the Cloud, in [KRR14]Google Scholar
  11. [ISO29115] ISO/IEC 29115: Information technology — Security techniques — Entity authentication assurance framework, International Standard, 2013Google Scholar
  12. [KRR14] H. Krcmar, R. Reussner, B. Rumpe (ed.): Trusted Cloud Computing, Springer, to appearGoogle Scholar
  13. [MaM14] MarketsandMarkets: Cloud Computing Market (IaaS, PaaS, SaaS) to Reach $121.1 Billion by 2015 – New Report by MarketsandMarkets, Press Release 08.02.2014, http://www.prweb.com/releases/cloud-computing/market/prweb11560677.htm
  14. [NIST-800-63-2] NIST: Electronic Authentication Guideline, Special Publication 800-63-2, August 2013, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf
  15. [NIST-800-145] National Institute of Standards and Technology: The NIST definition of cloud computing, NIST special publication 800-145, http://csrc.nist.gov/publications/PubsSPs.html#800-145, 2011
  16. [RFC3161] C. Adams, P. Cain, D. Pinkas, R. Zuccherato: Internet X.509 Public Key Infrastructure – Time- Stamp Protocol (TSP), IETF RFC 3161, 2001, www.ietf.org/rfc/rfc3161.txtGoogle Scholar
  17. [RFC4998] T. Gondrom, R. Brandner, U. Pordesch: Evidence Record Syntax (ERS), IETF RFC 4998, 2007, www.ietf.org/rfc/rfc4998.txt
  18. [RFC6749] D. Hardt, Ed.: The OAuth 2.0 Authorization Framework, IETF RFC 6749, 2012, www.ietf.org/rfc/rfc6749.txt
  19. [SAML(v2.0)] S. Cantor, J. Kemp, R. Philpott, E. Maler: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf, 2005
  20. [STORK-D2.3] B. Hulsebosch, G. Lenzini, and H. Eertink: Quality authenticator scheme, STORK Deliverable D2.3, final, 03.03.2009, https://www.eid-stork.eu/dmdocuments/public/D2.3_final._1.pdf
  21. [STORK-D.5.8.1b] J. Alcalde-Moraño, J. L. Hernández-Ardieta, A. Johnston, D. Martinez, B. Zwattendorfer: STORK Deliverable D5.8.1b – Interface Specification, 08.09.2009, https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=960
  22. [SuKa11] S. Subashini, V. Kavitha: A survey on security issues in service delivery models of cloud computing, Journal of Network and Computer Applications, 34(1), 2011, pp. 1-11Google Scholar
  23. [TJA10] H. Takabi, J. B. Joshi, and G. J. Ahn: Security and Privacy Challenges in Cloud Computing Environments, IEEE Security & Privacy, 8(6), 2010, pp. 24-31Google Scholar
  24. [TC-Europe] European Commission: Establishing a Trusted Cloud Europe, A policy vision document by the Steering Board of the European Cloud Partnership, 2014, http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=4935
  25. [WHP+13] Wich, T., Horsch, M., Petrautzki, D., Schmölz, J., Hühnlein, D., Wieland, T., Potzernheim, S.: An extensible platform for eID, signatures and more, In: Proceedings of Open Identity Summit 2013, LNI, vol. 223, 2013. pp. 55–68, http://www.ecsec.de/pub/2013_OID_Platform.pdf

Copyright information

© Springer Fachmedien Wiesbaden 2014

Authors and Affiliations

  1. 1.ecsec GmbHMichelauGermany

Personalised recommendations