OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

egov message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [egov] e-Government uses "Authority-stamp-signatures"


Anders
Thanks for this information.  I suggest we take a closer look at this in our Best Practices sub-committee and I'll add it to their agenda.
John



Anders Rundgren <anders.rundgren@telia.com>

20/12/2002 10:48

       
        To:        egov@lists.oasis-open.org
        cc:        
        Subject:        [egov] e-Government uses "Authority-stamp-signatures"



Dear All,

It may be interesting to know that Swedish authorities are currently launching a Web Services-like system called SHS, where authorities communicate with each other through web-server "nodes" where out-going messages are automatically signed by the authority identified as an "entity" (organization), rather by an individual associated to the authority.

For the majority of messages there will be no individual signatures (such may though be stored locally as proof if implemented).   For those messages that for some reason would benefit from individuals' signatures also being transmitted, such signatures are a part of message "payload".  That is, the outermost "authoritative" signature is always the sending organization's.
 
This scheme deviates quite a bit from the US Federal PKI, but I believe that the SHS-system is a considerably more workable architecture, as it actually mimics the time-proven principles currently used for maybe 99.9% of all "e-transactions" as represented by banks all over the world, as well as supplier-manufacturer networks.

 
The Estonian and Italian e-Government are apparently deploying the same principles in their systems.
 
A further indication of the viability of this scheme, is that banks are currently world-wide launching something called 3D Secure (a.k.a. "Verified by VISA"), that is a consumer-based on-line payment system where the bank signs the final transaction given to the merchant.  I.e. the bank can be seen as the "authority" and the consumer as the "employee".
 
The recently launched OASIS PKI TC is likely to address this old/new type of inter-organization security-architecture that is very simple to deploy compared to requiring full-scale PKI-solutions in every desktop-computer.  That is, client-PKI can be added when technically and economically feasible without breaking the architecture.
 
Anders Rundgren
Senior Internet e-Commerce Architect
 
 

PLEASE NOTE: THE ABOVE MESSAGE WAS RECEIVED FROM THE INTERNET.

On entering the GSI, this email was scanned for viruses by the Government Secure Intranet (GSI) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.

GSI users see http://www.gsi.gov.uk/main/new2002notices.htm for further details. In case of problems, please call your organisational IT helpdesk.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC