CEN/ISSS Workshop on Electronic Signatures (WS/E-Sign)Secretariat: UNINFO, Gianluca Ramunno, IT Uninfo: Address: corso Galileo Ferraris, 93 - 10128 Turin - Italy Tel.: +39 (011) 501027 * Fax: +39 (011) 501837 E-mail: uninfo@uninfo.polito.it Gianluca Ramunno: Tel. +39 (011) 2210245 E-mail: ramunno@uninfo.polito.it

CEN/ISSS WS/E-Sign N 0329 replaces WSES N 0323

2003-08-28

Title:

Confirmed Business Plan for the CEN/ISSS Workshop on Electronic Signatures CEN/ISSS WS/E-SIGN 2002 -2003 Confirmed version dated 18 July 2003 (WSES N 0323)

_____________________________________________________________________ Source: WS/E-Sign Chairman and Secretariat _____________________________________________________________________ Background/Content/Remarks: The WS/E-Sign Business Plan (BP) 2002-2003, given in this document, contains all modifications of the BP agreed at the Sophia Antipolis meeting, September 26th 2002 and reflects the results of discussions and decisions up to and at the Barcelona meeting, February 13th 2003, including the timetable and scope reformulation for most of Areas. After the Graz meeting, June 5th 2003, the formal status of the areas D4 and L have been updated according to the meeting decisions.

The updated BP (WSES N 0323) was distributed in WS/E-Sign for confirmation by silent approval. The two weeks confirmation period ended on 1st of August 2003 with no comment and only a request from a WS member to be removed from the list of supporting companies (Attachment 2). This request has been acknowledged. Furthermore, since in WSES N 0323 the updates of the sections 5.1, 5.2 (chairmanship and secretariat status), 5.3 (resource allocation) and 7 (contact points) according to the Graz meeting decision have been omitted, these updates have been included in the present version of the BP.

Attachment 1: Projects and Deliverables

Attachment 2: Member Companies and their Representatives

Pages: 16 + 4 (Attachement 1) + 8 (Attachement 2)

___________________________________________________________________________________

Actions: For information.

Business Plan 2002 - 2003

for the CEN/ISSS Workshop on Electronic Signatures

CEN/ISSS WS/E-SIGN

1. Status of this Business Plan During its meetings in 2001 and early 2002 WS/E-Sign has discussed the overall status of the work, ongoing activities and the need for further activities (see Annex 1).

Subsequently the Commission and CEN/ISSS finalized their negotiations for an additional funding of the E-Sign WS. The originally agreed budget will be enlarged in order to allow the maintenance and re-formulation of the deliverables, where appropriate, in the light of the comments made by the Commission’s experts in the context of the proposals to the Article 9 Committee, and of other maintenance issues that have come to light.

This version for silent approval includes the modifications agreed at the Sophia Antipolis meeting, September 26th 2002 and reflects the results of discussions and decisions at the Barcelona meeting, February 13th 2003, including the timetable and scope reformulation for most of Areas. After the Graz meeting, June 5th 2003, the formal status of the areas D4 and L have been updated according to the meeting decisions. This version includes also the updates of the sections 5.1, 5.2 (chairmanship and secretariat status), 5.3 (resource allocation) and 7 (contact points) according to the Graz meeting decision. Since approved, this version will be the official and definitive version of the 2002-2003 BP until the next Workshop meeting, when the BP will be updated according to the meeting decisions.

2. Workshop Supporters This Business Plan is approved by the existing membership of WS/E-SIGN, of which the current list is given in Annex 2 (companies and their representatives).

3. Workshop objectives The Workshop will continue the work that was started early 2000 in response to the requirements identified by the European Electronic Signature Standardization Initiative (EESSI), to produce a set of standards, enabling the use of electronic signatures in line with the Electronic Signatures Directive.

The CEN/ISSS activities will be fully co-ordinated with those carried out by ETSI.

An overview of WS/E-Sign activities and approved CWAs is given in Annex 1.

The feeling that the set of produced CWAs is wide-ranging and well comprehensive, was shared by almost every WS member. The EESSI standardization process should not go too deep into detail, with new specifications, in order to achieve total interoperability: at the current stage of technology and of technical specifications, this is a task that only the IT producers can multilaterally achieve.

Besides new projects to complete the set of necessary specifications for the application of electronic signatures in the scope of WS/E-Sign, maintenance projects for approved CWAs are an important part of the ongoing Workshop.

Maintenance includes: • updating of references to specifications outside the EESSI domain,

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page2/16 /

• incorporating new experiences and developments, • fine tuning with other EESSI specifications.

4. Workshop's Work Programme The "Area X" references relate to the EESSI report that was originally the basis of this Workshop's work programme. In some cases, the Workshop decided to split a specific area into several sub-areas, and additional codes have been added for new areas identified since the start of the work.

4.1. Area AB: Technical Report on advanced and non advanced electronic signatures and their informative value (relevance as legal evidence)

4.1.1. Scope The project focuses on electronic signatures that purport to be equivalent to handwritten signatures.

It compares civil v common law requirements for signature creation and the role of qualified electronic signatures as the equivalent of formal legal requirements for signing under existing laws.

The project analyses the relevance and relative weight of the various components of electronic signatures as identified under the Directive. This means the relevance of the technical components to the electronic signature itself, and their value in proving the electronic signature; also the operational requirements in relation to certification service providers, as set out in Annex II, and supported by the framework for voluntary accreditation and national supervision in Art 3.

It focuses on the validity of electronic signatures under the Directive, not the legal effects of electronic signatures, nor the transactions that they support.

It considers signatures created by natural persons only: specifically, it will not deal with signatures created on behalf of legal persons, nor those created by automated means.

This work seems necessary in consideration of the diverse approach to the implementation of the Directive in national laws.

4.1.2. Timeframe Target date for approval of the CWA: Q3 2003.

4.1.3. Resources The drafting of each CWA will be done in a Project Team; the total resource allocated to these Project Teams is 44 man-days. The team shall be of 2 lawyers (one of the common law, one of the civil law) and a technical expert, with specific knowledge in the morphology of the signature and the features of signature creation and verification procedures. Familiarity with the CWA 14365 deliverable is preferred.

4.1.4. Deliverables 1 CWA (Technical Report)

4.1.5. Timetables - Call for Experts: mid August 2002; extended Call for Experts: October 18th 2002, - Experts’ selection: November 19th 2002,

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page3/16 /

- 1st Meeting of the Project Team: February 14th 2003, - Interim draft: by June 1st, - Discussion of draft: at Workshop meeting in Graz,, - Public comments: by August 1st 2003, - Revised version: by September 8th 2003, - Final approval: Q3 2003 (possible Workshop September meeting).

4.1.6. Formal status Selected Experts of the Project Team AB:

Grawrock, David (PTL); INTEL Corporation

Hill, Jane; Chambers of Benet Hytner QC

Van Eecke, Patrick; Bogaert & Vandemeulebroeke law firm (Landwell)

The first version of this area has been approved at Sophia Antipolis meeting as a formal amendment to the previous formulation of the BP. The PT was requested to redraft the title and the scope of this section, presenting the results latest at the Barcelona meeting. The current version of the BP for Area AB reflects the results of the Barcelona meeting, including the timetable revision and the scope reformulation as requested during the meeting. The total resource allocation for this area has been updated according to the information provided by CEN/ISSS.

4.2. Area D4: Reformulation of CWA 14167-1 as a CC Protection Profile

4.2.1. Scope The D1 deliverable CWA 14167-1 describes Security requirements for a Trustworthy System Managing Certificates for Electronic Signatures. The requirements are there formulated in plain language, although somewhat inspired by Common Criteria. However, the deliverable lacks sufficient clarity, and also contains some requirements that might be regarded as organizational.

For cryptographic modules which may be used by CSPs, CWA 14167-2 and 14167-3 already describe the requirements in the form of Common Criteria Protection Profiles [CC PP]. It has now been proposed that a similar PP description of the requirements of the complete Trustworthy System as described in CWA 14167-1 should be developed using the Common Criteria.

The views of members of the E-SIGN workshop fall into two distinct groups - those who feel that such a step is both desirable and feasible and those who feel that it is impractical and of little utility. In order to establish a firm basis for deciding whether such a task has the necessary support of the workshop, the first phase of the project will be to undertake a pre-study to investigate the justification for such a course of action.

The pre-study will:

1) Undertake a technical assessment of CWA 14167-1, identifying the technical aspects within it which could be identified for re-formulation as a CC PP, assessing the possibility of applying the CC PP approach to the overall assessment of a Trustworthy System rather than a modular CC PP approach. The study should develop a high-level Scope and TOE Description for the foreseen PP, to further clarify the extent of the PP.

2) Consider market acceptance aspects, specifically the complexity, time and cost implications of the proposed technical solutions for application to real-world TWSs in the existing and short-term commercial environment, and the potential impact upon European CSPs who wish to offer services based upon appropriately assessed TWSs. The study will also review the possible advantages and disadvantages of developing a

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page4/16 /

CC PP from the aspects of vendors, CSPs and supervision bodies. The possible risk of increasing costs for vendors and CSPs will be carefully examined.

The pre-study report produced by the assigned study team will report on its approach of the study, the sources from which input has been derived, and its findings and make a case for further work, which could include (but is not specifically limited to) proposals that no further work be undertaken, that further study is required, that re-formulation should proceed on the basis of a partial transformation (and explain how), or that full re-transformation should be undertaken.

The report will also give a view on what future role the existing CWA 14167-1 would have, should a new CWA be produced, and in the case of further work of any kind being recommended, what budget would be required.

The continuation of the project into a second phase to perform the development of the PP will thus be subject to a renewed decision by the E-SIGN Workshop, based on the findings of the pre-study. If such a continuation is approved, an expert team will then be selected to perform the re-formulation of the existing deliverable D1 in order to define the technical security requirements in the form of a Common Criteria Protection Profile, taking into account any scoping direction resulting from the pre-study report. During that work, other relevant Protection Profiles developed by vendors and other organizations will be carefully studied and used as input to the work.

Finally, the PP itself will be evaluated by a third-party evaluation facility, and subsequently certified and registered by a competent body.

4.2.2. Resources Phase 1: Pre-Study

A team of up to four experts is required, one assigned as Coordinator/Editor of the report. The experts should have expertise in the formal assessment of IT systems and products, including CC evaluation, IT audit and other relating conformity assessment mechanisms; the drafting of CC PPs; the operation of TWSs from a CSP’s perspective. The selected team should represent a balance of views with regard to the prospects of undertaking the proposed reformulation and be capable of effective cooperation notwithstanding their different starting positions. A budget of 2 man-months should be allocated.

Phase 2: Development of Protection Profile

It is envisaged that, if approved, this phase will require three experts, spending totally 6 man-months. This expert team will require specific competence in the are of TWSs and writing CC PPs and will be different experts from those used in Phase 1.

Phase 3: Evaluation and Certification of Protection Profile

If Phase 2 is approved, one expert, spending totally 1 man-month for interaction with evaluation and certification bodies.

External costs for evaluation and certification bodies: maximum € 20 000.

4.2.3. Timeframe Target Date for Pre-Study Report: no target date, activity waiting for funding.

Target Date for CWA: no target date, activity waiting for funding.

4.2.4. Deliverables 1. CWA: Pre-Study Report: On the feasibility and viability of developing a Protection Profile for

Trustworthy Systems managing Certificates for Electronic Signatures based upon CWA 14167-1.

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page5/16 /

2. CWA 14167-4: Protection Profile for Trustworthy Systems managing Certificates for Electronic Signatures.

4.2.5. Timetable - Call for Experts: mid August 2002;

- Experts’ selection: October 11th 2002;

- 1st Meeting of the Pre-Study Expert Team: to be defined;

- Presentation and possible approval of Pre-Study phase: to be defined;

- Confirmation of the PP development Expert Team: to be defined;

- Draft version of the CWA PP online: to be defined;

- Final approval of CWA: to be defined.

4.2.6. Formal status Selected Experts of the Project Team D4:

Nilsson, Hans (PTL); Hans Nilsson Consulting

Lacombe, Jean-Pierre; FIDENS SAS

Killmann, Wolfgang; T-Systems ISS GmbH

At the 26 September 2002 Sophia Antipolis meeting Farrukh Ahmad, Wolfgang Killmann, Hans Nilsson and Richard Wilsher were asked to redraft this section of the BP. The current version of this area has been approved by on-line voting (see SoV: WSES-0225 October 24th 2002) as a formal amendment to the previous formulation of the BP.

The activities have not been started, no funding is actually available. Therefore at the Graz meeting on the 5th of June 2003 it was decided to suspend the activities of this Area (see WSES-0328, section 2, action B-03-02/03).

4.3. Area K: Interoperability Requirements for smart cards used as SSCDs (Work Item - already approved by the Workshop for 2001)

The European Directive on electronic signatures (93/1999/EC) with the procedure set out in articles 3, 8 and 9 is one of the first examples of co-regulation, i.e. a structured interaction between top-down regulation and self-regulation. The Directive needs a reliable set of technical standards (not just one) in order to achieve its goal to combine the need of regulation with the needs of innovation and free competition. To support such ambitious goals the European Union has promoted and funded the European Electronic Signature Standardization Initiative. Despite its name, EESSI has attracted active interest also from American and Asian organizations. Until now these standards regarding Secure Signature Creation Devices (SSCDs) contain requirements which are not restricted to special devices representing SSCDs.

4.3.1. Scope/Characteristics Interoperability Requirements for smart cards used as SSCDs - Use of smart cards for creating electronic signatures and storage of other PKI objects.

The following facts that show a clear need for defining interoperability requirements for smart cards as an example for SSCDs:

a) Smart cards have already proven their reliability in practice in respect of

i. quality assurance (successful evaluations)

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page6/16 /

ii. interoperability issues (existing international and national standards), which can be used as base for the elaboration of the CWA

b) Smart cards can be used as representative for SSCDs checking the consistency of the requirements from the existing CWAs (F, G1, G2, ...).

Scope: The document shall specify the application interface to SmartCards during the usage phase, used as Secure Signature Creation Devices (SSCD) to enable interoperability and usage of those cards on a national or European level.

The specification is based on the EU directive on electronic signatures and takes into account E-SIGN documents and standards mentioned in the scope to be respected.

The functionalities described in this document map the general requirements of the EU directive to asymmetric techniques as required by the corresponding protection profile and cover additional services, useful in signature environments.

The specification is separated into two parts.

Part 1 describes the mandatory services for the usage of SmartCards as SSCDs. This covers the signing function, storage of certificates, the related user verification, establishment and use of trusted path and channel, key generation and the allocation and format of resources required for the execution of those functions and related cryptographic token information.

Part 2 describes optional services based on the same technology as available in signature devices. This covers key decipherment and client (card holder) server authentication, signature verification and related cryptographic token information.

4.3.2. Resources Two Experts (PT leader, editor) are needed and the total resource allocation for this area is 86 man-days. The previous activity has been done on a voluntary basis.

4.3.3. Timeframe The Work on the CWA has been started on a voluntary basis from Q4 2001, and shall be finished by Q1 2004.

4.3.4. Deliverable One CWA with two parts

4.3.5. Timetable - Call for Experts: mid August 2002; - Experts’ selection: October 11th 2002; - 1st Meeting of the Project Team: October 23rd 2001 on a voluntary basis, - CWA Part 1:

• Interim Report: draft document, for discussion: March 2003, • Revised Draft for public comment: May 2003, • Final Draft and Voting: July 2003;

- CWA Part 2 • Interim Report: draft document, for discussion: October 2003, • Revised Draft for public comment: December 2003, • Final Draft and Voting: January 2004.

4.3.6. Formal status ___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page7/16 /

Selected Experts of the Project Team K:

Meister, Gisela (PTL); Giesecke & Devrient

Scherzer, Helmut; IBM Deutschland GmbH

The first version of this area has been approved as a formal amendment to the previous formulation of the BP at Sophia Antipolis meeting, where the PT was requested to specify the scope. The current version of the BP for Area K reflects the results of the Barcelona meeting, including the timetable revision and the scope reformulation as requested during the meeting. The total resource allocation for this area has been updated according to the information provided by CEN/ISSS.

4.4. Area V: Three new parts of the EESSI Conformance Assessment Guide

This Work Programme item is a proposal from the existing WA-V team for the development of conformity assessment guidance related to CEN Workshop Agreements and ETSI Technical Specifications resulting from the EESSI Work Programme 2001.

4.4.1. Scope/Content of the Deliverable The previously approved CWA 14172 Parts 1, 2, 3, 4, and 5 provides guidance on conformity assessment of services, processes, systems, and products related to electronic signatures. In the EESSI Work Programme 2001, new CWAs and ETSI TSs have been developed for which conformity assessment guidance is required:

- Guidance on conformity assessment of Signature Creation Devices supporting non-qualified electronic signatures (‘5.2’ signatures) against the Protection Profile Area specified in the CWA 14365 (to be published as CWA 14172 Part 6)

- Guidance on conformity assessment of Cryptographic Modules for CSP Signing Operations against the Protection Profile specified in CWA 14167-2 of Area D2 (MCSO-PP) and Cryptographic Modules for CSP Key Generation Services against the Protection Profile specified in CWA 14167-3 (CMCKG-PP) of Area D2 (to be published as CWA 14172 Part 7)

- Guidance on conformity assessment of CSPs issuing public key certificates against the Policy Requirements specified by ETSI TS 102 042 (to be included in the revision of the existing CWA 14172 Part 2).

- Guidance on conformity assessment of Time-Stamping Authorities against the Policy Requirements specified by ETSI TS 102 023 (to be published as CWA 14172 Part 8)

A commensurate revision to CWA 14172 Part 1 will be provided to ensure that the General part of the CWA continues to provide introduction and general guidance to the whole CWA series.

4.4.2. Resources The drafting of CWA 14172 Parts 6, 7, and 8, will be done in a Project Team, the already existing Parts 1 and 2 will be revised and the existing parts 3, 4 and 5 will be updated regarding the references to the new and revised parts; the total resource allocated to this Project Team is 37 man-days.

4.4.3. Timeframe Target date for approval: Q4 2003, kick off in Q1 2003

The work will be undertaken as a package, with all above-mentioned parts being prepared within the same time period and subsequently each part of the CWA being presented at the same time for individual review and voting by the Workshop.

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page8/16 /

4.4.4. Deliverables 3 new CWAs (CWA 14172 Parts 6, 7, and 8), revision of 2 existent CWAs (CWA 14172 Parts 1 and 2) and update of the introduction chapter of the CWA 14172 Parts 3, 4 and 5.

4.4.5. Timetable - Call for Experts: August 2002; - Experts’ selection: October 11th 2002; - 1st Meeting of the Project Team, start of Work: April 2003; - First draft WA-V deliverables for WS e-discussion: 12 May 2003; - Disposition of comments and second version of drafts for discussion at WS/E-Sign June

meeting: 28 May 2003;

- Third draft for public comments: 16 June 2003 until 14 July 2003; - Disposition of comments and fourth draft for second round of public comments:

28 July 2003 until 25 August 2003; - Disposition of comments and final draft for approval at E-Sign September meeting:

15 September 2003.

4.4.6. Formal status Selected Experts of the Project Team V:

Sauer, Jan (PTL); SQC

Wilsher, Richard G.; the Zygma partnership

The first version of this area has been approved at Sophia Antipolis meeting as a formal amendment to the previous formulation of the BP. In addition, the PT Leader has proposed some scope amendments that, if approved, will cause moving the revision activities of CWA 14172 Part 1 and 2 (and updating references in the introduction chapter of CWA 14172 Part 3, 4 and 5) from the Area Maintenance to the Area V. The current version of the BP for Area V reflects the results of the Barcelona meeting, including the timetable revision and the scope reformulation as requested during the meeting. The total resource allocation for this area has been updated according to the information provided by CEN/ISSS.

4.5. Area L, New Project: Provision of Certificate Status information to Relying Parties (partially voluntary and partially funded expert team)

4.5.1. Scope/Characteristics Preliminary note The original Area L scope specifies: “LDAP referrals, X500 directory coupling, etc. would [as well] be covered”

Different configuration of X.500 CSAs, LDAP Servers, etc. may actually lead to non interoperability in this field, but the current Area L effort doesn’t address it, since one single CWA covering both subjects (i.e.: “provision of Certificate Status information” and “repository servers configuration”) would be too heterogeneous. Additionally, the skill sets required for the two areas are different: the provision of Certificate Status information requires being familiar with CRL, OCSP, XKMS, while the repository servers configuration requires skills on X.500 directories and LDAP server configuration and interoperability.

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page9/16 /

Therefore this Project Team will only address the provision of Certificate Status information, while it is recommended that a different CWA covers the repository servers configuration, possibly in liaison with other Bodies, such as IETF PKIX.

Project Team scope The objective of this task is to define standard methods for the provision of Certificate Status information to Relying Parties.

Relying Parties should not trust a certificate if they cannot ascertain that it is valid, i.e. that it is within its validity time frame and that it is neither suspended nor revoked. Existence of a certificate validation path from the Relying Parties to the certificate issuing CA is assumed.

The two currently most implemented methods to provide Certificate status information are: Certificate Revocation Lists, in their different “flavours” (i.e. Delta CRL, indirect CRLs, etc.), and Online Certificate Status Protocol. Both methods provide for a number of optional fields which, if differently set by CSPs, may lead to non interoperable systems. This could hinder an actual free movement of goods and services in the European internal market.

The purpose of this specification is to support really interoperable means to provide certificate status information to any Relying Party in any EU member state, regardless of which member state the CSP is located in. This will be achieved by defining standard profiles for Certificate Revocation Lists (CRL) complying both with ISO/IEC 9594-8 (2001) and RFC 3280, and for Online Certificate Status Protocol (OCSP) complying with RFC 2560.

The task will be split into the following activities:

1. Analysis of current techniques, their pros and cons. Techniques studied would be: CRLs (Base, Distribution Points, Delta, Indirect, Scope etc.); and Online techniques such as OCSP.

These techniques will be assessed according to the following criteria:

a) Current Maturity of Technique

b) Adoption of Technique by industry

c) Practicality of deploying the Technique

d) Impact of the Technique on both the CSP and the Relying Party

e) Compliance with EU directive and where possible to standards produced by EESSI.

XKMS will also be investigated to assess its current usage spread. Based on this assessment it will be decided if a similar profiling activity is worth later on doing at this stage of their implementation, or if it is instead premature.

The investigation will be based on a survey on Industry/Customer/Standard-bodies to determine what is currently being deployed and how well that has worked.

2. Standard profiles for CRL and OCSP Responses are the goals of this project. For OCSP a profile of the current RFC 2560 document will be produced.

The task scope will mainly focus on the requirements of Qualified Certificates but many inferences will be present for supporting Non-Qualified Certificates as well.

4.5.2. Resources An initial voluntary effort is being performed to implement the survey and to draft a summary of its outcomes.

Subsequently, 3 person months are necessary of at least 2 funded technical experts familiar with:

• ETSI TS 101 862 (Qualified Certificate Profile),

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page10/16 /

• CWA 14167-1 (Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures),

• ISO/IEC 9594-8 (2001) (Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks),

• RFC 3280 (Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL) Profile). April 2002.

• RFC 2560 (X.509 Internet Public Key Infrastructure – Online Certificate Status Protocol – OCSP).

4.5.3. Timeframe • Start of work: September 2002

• Interim Report: June 2003

• Final version of the CWA for comments: July 2003

• Final approval: September 2003

4.5.4. Deliverable Two CWAs

CRL profile •

• OCSP profile.

4.5.5. Timetable

- Call for Experts: August 2002; - Voluntary experts selection: October 11th 2002; - 1st Meeting of the Project Team: conference call on October 15th 2002; - Deadline to submit answers to the survey: January 24th 2003; - First Report Draft: by the beginning of February 2003; - Window for questionnaire replies / comments on current draft closes: March 14th 2003; - New draft with all replies to questionnaire - end of voluntary effort - comments windows

opens: March 31st 2003; - Comments window closes: April 15th 2003; - New draft with proposed CRL/OCSP profiles, comments window opens: May 19th 2003 or 1

month after EESSI SG “GO”; - Comments window closes: 1 month later (June 19th 2003); - New draft: 1 month later (July 19th 2003); - Vote: September 2003 workshop meeting.

The timetable from 31/3/2003 on, is subordinated to effort funding.

4.5.6. Formal status Selected Experts of the Project Team L:

Ruggieri, Franco (PTL); FIR DIG Consultants

Serret, Xavier; GEMPLUS

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page11/16 /

The first version of this area has been approved as a formal amendment to the previous formulation of the BP at Sophia Antipolis September 26th, 2002 meeting, where the PT was requested to specify the scope and focus by February 2003. This specified scope has been provided to the chairman by the PT leader on January 28th 2003 and has been included in the draft version of the BP for comments and discussion at the Barcelona meeting. The current version of the BP for Area L reflects the results of the Barcelona meeting, including the timetable revision and the scope reformulation as requested during the meeting. The total resource allocation (only partially voluntary) for this area has been updated according to the information provided by the PT leader. At the Graz meeting on the 5th of June 2003 it was decided to end the activities of this Area and to allocate them to ETSI (see WSES-0328, section 7.3, action G-03-06/08).

4.6. New Project: Area M Maintenance of approved WS/E-Sign CWAs

The European Directive on electronic signatures (93/1999/EC) with the procedure set out in articles 3, 8 and 9 is one of the first examples of co-regulation, i.e. a structured interaction between top-down regulation and self-regulation in the European Standards Organizations.

The Directive needs a reliable set of technical standards (not just one) in order to achieve its goal to combine the need of regulation with the needs of innovation and free competition. To support such ambitious goals the European Union has promoted and funded the European Electronic Signature Standardization Initiative. Despite its name, EESSI has attracted active interest also from American and Asian organizations. This can be explained only in part with the quality of the produced standards (they could have been copied or referenced): an outstanding reason for that is the absolutely new position that CWAs (and their creation process) have within the legal system.

Additionally some official national standards bodies (e.g. UNINFO, Italy) are starting the procedure in order to make of the EESSI deliverables officially recognized national standards. In the wake of this process technical amendments are likely to be suggested. The E-Sign WS has to be structured in order to be able to transform such valuable inputs in an improvement of the deliverables.

Finally it has to be considered that the internationalization of the EESSI deliverables is part of the work that EESSI has to carry out. In order to make the set of technical specifications more accepted internationally, the ability to manage inputs coming from other international organizations is a key asset for success.

4.6.1. Need for Maintenance and Scope The following considerations illustrate a clear need for the maintenance of CWAs developed by WS/E-Sign:

a) The technical specifications reference several other technical specifications: some of these have been revised, improved, or modified; in some cases new technical specifications have been defined that are specific for PKIs and for security of electronic signatures. In particular there a clear case for a more sharp definition of the strong interrelation between the following areas

i. Area F and Areas G1-G2,

ii. Area F and Areas D1-D2,

iii. Area F and Area AA,

iv. Area AA and Areas G1-G2,

v. Area D2 and Area G1.

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page12/16 /

b) Technical specifications are per se a moving target. The co-regulative approach of the European Union in order to avoid over-regulation requires that the legal norms are made more flexible through the reference to technical specifications.

c) In the process of approving the CWAs, there are many detailed issues and sub-specifications that are a “nice-to-have”: often they do not get properly addressed in the CWA approval procedure because of lack of time or of resources. This “nice-to-haves” should be integrated into the technical specifications in order to improve their usability

d) The European Directive on electronic signatures itself has a clause that provides a review with regard to possible amendment two years after its coming into force. Although at present it seems improbable that amendments will be proposed in the next few months, there still is a clear case for improving the technical specifications. In fact the co-regulation approach aims at giving to the improvements of technical specifications or regulations the chance to have a more direct influence on legislative innovations.

4.6.2. Resources The total resource allocated to this Project Team (of four experts) is 120 man-days.

The Project Team shall:

1. Follow evolution of international technical standards referenced in the approved CWAs,

2. Follow the evolution of national and international legislations on electronic signatures,

3. Follow the EESSI standardization process.

The Project Team shall also propose amendments to the approved CWAs, in order to:

a. better integrate the different technical specifications (in particular those of different CWAs),

b. complete specifications or add guidelines,

c. promote legislative innovation,

d. implement legislative innovation, i.a.,

e. react to amendments to standards referenced into the CWAs.

The Project Team can ask, through CEN, some of the experts that drafted the original CWA (or contributed to its amendment) to join the maintenance team for a determined amount of time, in order to complete some specific tasks.

4.6.3. Timeframe Target date for approval of the CWA: Q3 2003, with the current funding.

4.6.4. Deliverables 1. Revision of approved CWAs to be published by the Secretary on the WS website and

approved by the plenary meeting of WS/E-Sign, when the re-wordings and amendments have substantially changed the original CWA. This should happen no more then once a year.

2. Proposals to be submitted to the WS plenary meeting concerning new standardization activities, related to the approved CWAs.

4.6.5. Timetable - Call for Experts: mid August 2002; - Experts selection: October 11th 2002;

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page13/16 /

- 1st Meeting of the Project Team: Barcelona, February 14th 2003; - Interim Reports: draft documents, for workshop discussion and public comments: Q2 2003; - Revised version of the CWAs online: Q2 2003; - Final approval: Q3 2003.

4.6.6. Formal status Selected Experts of the Project Team M:

Nilsson, Hans (PTL); Hans Nilsson Consulting

Ruggieri, Franco; FIR DIG Consultants

Wilsher, Richard G.; the Zygma partnership

Killmann, Wolfgang; T-Systems ISS GmbH

The first version of this area has been approved at Sophia Antipolis meeting as a formal amendment to the previous formulation of the BP. In the current version the timetable has been modified according to the information provided by the PT leader at the Barcelona meeting, 13 February 2003, including the timetable revision as requested during the meeting. Since area M is in charge to review deliverables that are already well known, the PT leader evaluated that in this case there is no need for two separate and subsequent rounds of comments (as decided at the Barcelona meeting). Therefore the two rounds have been combined in only one, both for workshop discussion and public comments. The total resource allocation for this area has been updated according to the information provided by CEN/ISSS.

4.7. Deliverables already developed and approved by WS/E-Sign The Workshop has already delivered the CWAs given in Annex 1.

5. Resource Requirements

5.1. Workshop Chair and Working Group Convenors The Workshop Chairman, as elected at the meeting of February 2001, is Mr. Riccardo Genghini. At Sophia Antipolis meeting on September 2002, his mandate has been extended up to the end of the workshop which is deemed at the 2Q 2003 (see section 8 of the revised version of the Sophia Antipolis meeting report (WSES-216rev): “The WS Chairman should be appointed for a two years period. Riccardo Genghini’s period would end in Spring 2003. The Participants agreed that it makes no sense to change the Chairman for the last three to four month of the Workshop. Therefore they asked Riccardo Genghini to chair the Workshop up to its end.”). Since the at the Barcelona meeting (February 2003) some WS activities have been planned to be ended by January 2004, after the meeting it was decided to proceed to the Chairman election at the Graz meeting in June 2003. The Participants at this meeting re-elected Riccardo Genghini for a new period of two years (respectively up to the expected earlier closing of the Workshop after the Business Plan has been fulfilled successfully). See section 3 of the Graz meeting report (WSES N 0328).

In addition, Working Group Convenors will be selected among the Workshop's members, on an as-needed basis.

Workshop Chair and Working Group Convenors work on a voluntary basis.

5.2. Workshop and Working Group Secretariat

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page14/16 /

DIN has planned to act as Workshop Secretariat until the end of June 2003. Starting from the 1st of July 2003 the Workshop Secretariat has been shifted to UNINFO in the person of Gianluca Ramunno. See section 3 of the Graz meeting report (WSES N 0328).

5.3. Editors and Project Teams In most work areas, there is a requirement for a Project Team, i.e. a team of paid experts that are given the task of a large editing job in a short period of time. This tool can be used in those cases where there is a requirement to produce a substantial piece of new text for the Workshop's consideration in a short time frame.

The creation of a Project Team requires the agreement by the Workshop of detailed Terms of Reference in each case. Background information on Project Teams can be at http://www.cenorm.be/isss/Workshop/WS-rules/guide.doc. In the current Business Plan, the following resource requirements for Project Teams have been identified (excluding the Area D4 project not currently funded and including all the Area L activities, even if these activities will stop on April 15th 2003 unless they will be funded):

Project Paid Resources/ man-days

Partially Voluntary

Resources/ man-days

Experts

Area AB: Technical Report on advanced and non advanced electronic signatures and their informative value (relevance as legal evidence)

44 3 (PT)

Area K:

Interoperability Requirements for smart cards used as SSCDs

(Work Item - already approved by the Workshop for 2001)

86 2

Area V:

Three new parts of the EESSI Conformance Assessment Guide and revision of part 1 and 2

37 2

Area L (New Project) Provision of Certificate Status information to Relying Parties

60 2 Partially

voluntary experts

Area M (New Project): Maintenance of approved WS/E-Sign CWAs

120 4 (PT)

5 Projects 287 60

13 11

5.4. Liaison and visibility A certain amount of funding may be provided for travel and subsistence arrangements to attend meetings of other bodies, and to ensure the wider visibility of the Workshop, with approval of the EESSI Steering Group and the CEN/ISSS Director. In particular the links with a APEC, Asia PKI Forum, ISP TCs and IETF PKIX have to be considered, previous co-ordination with similar

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page15/16 /

___________________________________________________________________________________ CEN/ISSS WS/E-Sign N 0329 Page16/16 /

activities of EESSI and ETSI E-SIGN. For international visibility the Chair shall work in a structured way in co-operation with ETSI ESI.

6. Liaison The principal liaison will be with the ETSI TC ESI (formerly ETSI SEC ESI). The following principles for collaboration have been agreed between CEN/ISSS and ETSI:

• For each of the work areas, the leadership is allocated either to CEN/ISSS or to ETSI SEC.

• The lead body will define the deliverable(s) relevant to the work areas under its responsibility, and will have them included in its work plan, in accordance with the usual procedures.

• CEN/ISSS and ETSI SEC will hold regularly co-located meetings of the CEN/ISSS workshop(s) and the ETSI SEC (groups) involved in the EESSI standardization programme.

• The attendance to the meetings of the relevant workshop(s) in CEN/ISSS and working group(s) in ETSI SEC will be open to the delegates participating in the other body. Mailing lists will be exchanged.

• The general co-ordination of the technical activity of the bodies will be ensured by the Chairmen and Project Leaders.

• The Secretariats of CEN/ISSS and ETSI will actively contribute to a smooth co-operation.

In addition, appropriate channels for liaison will be established with the groups and initiatives listed in Annex A of the EESSI Report, such as:

• ECAF (European CA Forum)

• European Cooperation for Accreditation (EA)

• Information Signature Committee of the American Bankers Association (ABA)

• IETF PKIX working group

• ISO/IEC JTC1/SC27

• UNINFO-STT

• Various national projects and bodies, to be specified in updates to the present Business Plan.

7. Contact points Riccardo Genghini, Workshop Chairman: riccardo.genghini@sng.it Gianluca Ramunno, Workshop Secretary: ramunno@uninfo.polito.it Luc Van den Berghe, CEN/ISSS Workshop Manager: luc.vandenberghe@cenorm.be WS/E-Sign web site: http://www.uninfo.polito.it/WS_Esign/

CEN/ISSS Workshop on Electronic Signatures (WS/E-Sign) Secretariat: UNINFO, Gianluca Ramunno, IT Uninfo: Address: corso Galileo Ferraris, 93 - 10128 Turin - Italy Tel.: +39 (011) 501027 * Fax: +39 (011) 501837 E-mail: uninfo@uninfo.polito.it Gianluca Ramunno: Tel. +39 (011) 2210245 E-mail: ramunno@uninfo.polito.it

Attachment 1 of the WS/E-Sign Business Plan 2002/2003; WSES N 0329

2003-08-26

CEN/ISSS WS/E-Sign Business Plan Projects and Deliverables since January 2000 BP Projects 2000 (WSES N 0001)

Deliverables BP Projects 2001/2 (WSES N 0139)

Deliverables BP Projects 2002/3 (WSES N 0323)

Terminology for EESSI documents (WSES N 123) Area AA:

Extension of SSCD requirements towards specific applications/ environments and towards e-commerce applications (Art5.2) (new work item; 2 CWAs)

CWA 14355: Guidelines for the implementation of Secure Signature-Creation Devices; 2001-12-17 (WSES N 0183rev.) CWA 14365: Guide on the Use of Electronic Signatures, Version 1.1, 2002-09-26 Protection Profile — Software Signature-Creation Device SCDev-PP; Version 0.33 (WSES N 0221)

Area AB: Technical Report on advanced and non advanced electronic signatures and their informative value (relevance as legal evidence)

Security requirements for trustworthy systems and products (EESSI area D)

WD Area D1: Security requirements for trustworthy systems and products (work already ongoing)

CWA 14167-1: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures; 2001-08-01 (WSES N 161)

Area D4: Reformulation of CWA 14167-1 as a CC Protection Profile (Suspended activity, since not currently funded)

CEN/ISSS WS/E-Sign N 0329 A1 Page 1

BP Projects 2000 (WSES N 0001)

Deliverables BP Projects 2001/2 (WSES N 0139)

Deliverables BP Projects 2002/3 (WSES N 0323)

Area D2:Security requirements for trustworthy systems and products (new work item; 2 CWAs)

CWA 14167-2: Cryptographic Module for CSP Signing Operations - Protection Profile (MCSO-PP); 2001-11-09 (WSES N 178) Draft CWA 14167-3: Cryptographic Module for CSP Key Generation Services - Protection Profile - CMCKG-PP – for voting Version: 0.08, September 12, 2002 (WSES N 220)

Security requirements for secure signature creation devices (EESSI area F)

WD; Explanatory memorandum concerning the two versions of the CWA Drafts on Area F, 2000-11-29 (WSES N 118)

Area F: Security requirements for secure signature creation devices (work already ongoing, 2 CWAs)

CWA 14168: Secure Signature-Creation Devices, version 'EAL 4', 2001-03-01 (WSES N 136) CWA 14169: Secure Signature-Creation Devices, version 'EAL 4+', 2001-03-01 (WSES N 137) Memorandum: CC-Evaluation of WS/E-Sign CWA Area F (WSES N 177)

Signature creation environment (EESSI area G, G1)

WD Area G1: Security Requirements for Signature Creation Systems (work already ongoing)

CWA 14170: Security Requirements for Signature Creation Systems; 2001-03-12 (WSES N 141)

Signature verification process and environment (EESSI Area G, G2)

WD Area G2: Procedures for electronic signature verification (work already ongoing)

CWA 14171: Procedures for Electronic Signature Verification; 2001-03-13 (WSES N 140)

Area K: Requirements for smart cards used as SSCD (new work item)

WS E-Sign Working Draft: Application Interface for SmartCards used as Secure Signature Creation Devices, Version 0.8 Release 0; 2002-03-02 (WSES N 195) Area K Internal Working Draft: Application Interface for SmartCards used as Secure Signature Creation Devices, Version 0.12; 2002-11-03

Area K: Interoperability Requirements for smart cards used as SSCDs (Work Item - already approved by the Workshop for 2001) Area K Internal Working Draft: Application Interface for SmartCards used as Secure Signature Creation Devices, Version 0 Release14; 2003-02-28

CEN/ISSS WS/E-Sign N 0329 A1 Page 2

BP Projects 2000 (WSES N 0001)

Deliverables BP Projects 2001/2 (WSES N 0139)

Deliverables BP Projects 2002/3 (WSES N 0323)

Conformity assessment of products and services for electronic signatures (EESSI area V)

WD Area V: Conformity assessment of products and services for lectronic signatures (work already ongoing; 5 CWAs)

CWA 14172-1: EESSI Conformity Assessment Guidance: Part 1 – General; 2001-03-15 (WSES N 143) CWA 14172-2: EESSI Conformity Assessment Guidance: Part 2 - Certification Authority services and processes; 2001-03-15 (WSES N 144) CWA 14172-3: EESSI Conformity Assessment Guidance: Part 3 - Trustworthy systems managing certificates for electronic signatures; 2001-09-24 (WSES N 170) CWA 14172-4: EESSI Conformity Assessment Guidance: Part 4 - Signature creation applications and procedures for electronic signature verification; 2001-04-17 (WSES N 165) CWA 14172-5: EESSI Conformity Assessment Guidance: Part 5 - Secure signature creation devices 2001-04-17 (WSES N 166)

Area V : Tree new parts of CWA 14172 Guidance on conformity assessment Part 6: ... of Signature Creation Devices supporting non-qualified electronic signatures (‘5.2’ signatures) against the Protection Profile Area specified in the CWA 14365 Part 7: ... of Cryptographic Modules for CSP Signing Operations against the Protection Profile specified in CWA 14167-2 of Area D2 (MCSO-PP) and of Cryptographic Modules for CSP Key Generation Services against the Protection Profile specified in CWA 14167-3 (CMCKG-PP) od Area D2 Part 8: ... of Time-Stamping Authorities against the Policy Requirements specified by ETSI TS 102 023 Revision of two existing parts: Part 1 revised: General Part 2 revised: ... of CSPs issuing public key certificates against the Policy Requirements specified by ETSI TS 102 042 Area L: Provision of Certificate Status information to Relying Parties (New Project, voluntary and not funded expert team)

First Draft: N 0236

CEN/ISSS WS/E-Sign N 0329 A1 Page 3

CEN/ISSS WS/E-Sign N 0329 A1 Page 4

BP Projects 2000 (WSES N 0001)

Deliverables BP Projects 2001/2 (WSES N 0139)

Deliverables BP Projects 2002/3 (WSES N 0323)

Area M - Maintenance: Maintenance of approved CWAs, except for the CWA 14172 Part 1 and 2 (New Project) Draft Revised CWA 14167-1 (without FIPS references): N 0235

CEN/ISSS WS/E-Sign Member Companies and their Representatives 28/08/2003

Annex 2 of the BP 2002/2003 N 0329

Name Country RFC 822Function

Company:

GR csioulis@dsa.grSIOULIS, Christos E. WS member

UK jon.wort@btclick.comWORT, Jon WS member

Company: ABN-AMRO Bank

NL jan.bartelen@nl.abnamro.comBARTELEN, Jan WS guest

Company: AFNOR/DTIC

FR sylvie.arbouy@afnor.frARBOUY, Sylvie WS member

Company: Agencia de Certificación Electrónica, A.C.E.

ES drodriguez@ace.esRODRIGUEZ REY, Jesús David WS member

Company: Akela

FR francoise.bousquet@akela.frBOUSQUET, Francoise WS member

Company: Aql

FR pascal.chour@aql.frCHOUR, Pascal WS expert

Company: A-SIT

AT vesna.hassler@a-sit.atHASSLER, Vesna WS guest

AT Herbert.Leitold@a-sit.atLEITOLD, Herbert WS expert

Company: A-Trust GmbH

AT hirschbuegl@a-trust.atHIRSCHBÜGL, Friedrich WS guest

AT Christoph.Reissner@A-Trust.atREISSNER, Christoph WS guest

Company: atsec information security GmbH

DE helmut@atsec.comKURTH, Helmut WS expert

Company: Baltimore Technologies Ltd

UK fahmad@baltimore.comAHMAD, Farrukh WS expert

IR brehon51@eircom.netKIRWAN, Mary P. WS member

Company: BANESTO

ES mjma@notes.banesto.esMARTINEZ ALVAREZ, Manuel Jacinto

WS member

Company: BDC EDV Consulting

AT helmut.biely@bdc.atBIELY, Helmut WS Member

Company: BNL Multiservizi SPA

IT antonio_casinelli@bnlmultiservizi.itCASINELLI, Antonio WS guest

IT remo@t-bizcom.comTABANELLI, Remo WS member

Page 1/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: Bogaert & Vandemeulebroeke law firm (Landwell)

BE Patrick.Van.Eecke@landwell.beVAN EECKE, Patrick WS Expert

Company: BULL

FR alain.filee@bull.netFILÉE, Alain WS member

FR jose.lavancier@bull.netLAVANCIER, Jose WS member

FR Denis.Pinkas@bull.netPINKAS, Denis WS member; PT leader

Company: Bundesamt für Sicherheit in der IT

DE gast@bsi.deGAST, Thomas WS member

DE keus@bsi.deKEUS, Klaus WS member

Company: Bundesverband Deutscher Banken

DE ulrike.linde@bdb.deLINDE, Ulrike WS member

DE Alexander.Salomon@bdb.deSalomon, Alexander WS member

Company: Cardlife B.V.

NL arkel@cardlife.nlVAN ARKEL, Jan WS member

Company: CEN/ISSS

BE john.ketchell@cenorm.beKETCHELL, John WS guest

BE luc.vandenberghe@cenorm.beVan den BERGHE, Luc WS guest

Company: CEN/ISSS/WS-DIR

DK era@tdcadsl.dkANDERSEN, Erik WS member

Company: Centre of International and European Economic Law

GR zoikard@spark.net.grKARDASIADOU, Zoi WS member

Company: Chambers of Benet Hytner QC

UK jh@janehill.comHILL, Jane WS member

Company: Communications Authority of Hungary

HU Renyi@hif.huRENYI, Istvan WS member

Company: Covington & Burling

BE ealbert@cov.comALBERT, Edmund Jason WS member

Company: Cryptomathic

B matt@cryptomathic.comLANDROCK, Matt WS member

Company: CyberLaw Services

UK rita.esen@cyberlaw.uk.netESEN, Rita WS member

Company: Danish Standards Association

DK ob@ds.dkNIELSEN, Ove Bardenfleth WS member

Company: Datelnet Smart Services B. V.

NL bert.snel@siemens.nlSNEL, Lambertus WS member

Page 2/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: DATEV eG

DE karl-adolf.hoewel@datev.deHÖWEL, Karl-Adolf WS member

Company: DCSSI

FR david.baudet@sgdn.pm.gouv.frBAUDET, David WS member

FR stephanie.cleuet@wanadoo.frCleuet, Stephanie WS member

Company: Deutsche Bank

DE Sven.Barnack@db.comBARNACK, Sven WS member

Company: Deutsche Post

DE o.breme@deutschepost.deBREME*, Oliver WS guest

Company: Deutsche Telekom

burkhard.fuchs@t-systems.comFUCHS, Burkhard WS guest

DE Ernstg.Giessmann@t-systems.comGIESSMANN, Ernst G. WS member

Company: DG Enterprise

BE Anne.LEHOUCK@cec.eu.intLEHOUCK, Anne WS guest

Company: DIN

DE ingo.wende@din.deWENDE, Ingo WS member

Company: DTI

UK gordon.manning@dti.gsi.gov.ukMANNING, Gordon WS member

Company: Dutch Government

NL jan.pasmooij@eap.nlPASMOOIJ, Jan WS guest

Company: Echelon Consulting Ltd.

UK glbr30761@blueyonder.co.uk; geoff.liLister, Geoff WS guest

UK chris.powell@echelonltd.comPowell, Christopher WS member

Company: ECP.NL

NL antonpronk@compuserve.comPRONK, Anton WS member

NL rene@vka.nlVAN DEN ASSEM, Rene WS member

Company: Enterprise Ireland

IE RORY.POWER@ENTERPRISE-IREPOWER, Rory WS member

Company: Entrust Limited

CA robert.zuccherato@entrust.comZUCCHERATO, Robert WS member

Company: ERGO SOLUTIONS

NO mads.henriksveen@sds.noHENRIKSVEEN, Mads WS member

NO asbjorn.hovsto@sds.noHOVSTO, Asbjorn WS member

Company: Ernst & Young Audit - ISAAS

FR lionel_vodzislawsky@ernst-young.frVODZISLAWSKY, Lionel WS member

Company: European Forum of Semioticians

BE efs@skynet.beGEROME, Paul WS member

Page 3/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: EXCELSIS Informationssysteme GmbH

DE ilja.ohliger@iosc.deOHLIGER, Ilja WS member

Company: FHI-SIT

DE bruno.struif@darmstadt.gmd.deSTRUIF, Bruno WS expert

Company: FIDENS SAS

FR fidens@wanadoo.frLACOMBE, Jean-Pierre WS Guest

Company: Finnish Communications Regulatory Authority

FI sami.kilkkila@ficora.fiKILKKILÄ, Sami WS member

FI eeva.lantto@ficora.fiLANTTO, Eeva WS member

FI timo.lehtimaki@ficora.fiLEHTIMÄKI, Timo WS member

Company: FIR DIG Consultants

IT f.ruggieri@flashnet.itRUGGIERI, Franco WS member

Company: Forschungszentrum Karlsruhe

DE arnd.weber@itas.fzk.deWEBER, Arnd WS member

Company: Forskningsministeriet

DK Phs@vtu.dkSORENSEN, Palle H. WS member

Company: GEMPLUS

FR edmond.kouka@gemplus.comKOUKA, Edmond Félix WS member

FR michel.lombard@gemplus.comLOMBARD, Michel WS member

FR beatrice.peirani@gemplus.comPEIRANI, Béatrice WS member

FR xavier.serret@gemplus.comSERRET, Xavier WS member

Company: Giesecke & Devrient

DE gisela.meister@de.gi-de.comMEISTER, Gisela WS Member; WG chair

DE dirk.wacker@de.gi-de.comWacker, Dirk WS member

Company: Hans Nilsson Consulting

SE hans@hansnilsson.seNILSSON, Hans WS member

Company: Hardam Consultancy

NL e.hardam@hardamconsultancy.nlHARDAM, Edward WS guest

Company: IBM Deutschland

DE MESSERJ@de.ibm.comMESSER, Johannes WS member

Company: IMQ S.p.A.

IT claudia.piccolo@imq.itPICCOLO, Claudia WS member

Company: Independent

BE nap.van.zuuren@pandora.beVAN ZUUREN, Nap WS member

Company: Independent Centre for Privacy Protection Schleswig Holstein

DE LD6@datenschutzzentrum.deKÖHNTOPP, Marit WS guest

Page 4/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: Independent Consultant, Security

UK rhw@makra.demon.co.ukWILLMOTT, Robert WS member; PT leader

Company: InfoCamere SCpA

IT carolina.simonato@infocamere.itSIMONATO, Carolina WS member

Company: Informatik Kooperation GmbH

DE Ulrike.Korte@sparkassen-informatik.dKORTE, Ulrike WS member

Company: Information Security Consultant

ezu@ascure.comvan Zuuren, Erik R. WS guest

Company: Institute for Applied Information

AT elf@vamp.atLEITGEB, Ernst WS member

Company: INTEL Corporation

USA david.grawrock@intel.comGRAWROCK, David WS expert

Company: International Post Corporation

DE hajo.bickenbach@2b-advice.comBICKENBACH, Hajo WS member

Company: IXACT Security Inspection and Consulting AG

CH riess@ixact.chRIESS, Hans Peter WS member

Company: JH Consulting Ltd.

UK jeremy.hilton@jhconsulting.co.ukHILTON, Jeremy WS member

Company: Lios Geal Consultants, Ltd

IE henryryan@eircom.netRYAN, Henry WS member

Company: Mellon Technologies S.A.

GR Stefanos.Karapetsis@mellon.com.grKARAPETSIS, Stefanos WS member

Company: Microsoft

UK drace@microsoft.comRACE, David WS guest

UK MROE@MICROSOFT.COMROE, Michael WS member

Company: Min. Economy

BE beltest@mineco.fgov.beMERKEN, Vincent WS member

Company: Ministerio de Trabajo y Asuntos Sociales

ES jgarcia@mtas.esGARCIA CELADA, Joseba M. WS member

ES mgendive@mtas.esGENDIVE RIVAS, Miguel WS member

Company: Ministry of Industry

FR laurent.perdiolat@industrie.gouv.frPERDIOLAT, Laurent WS member

FR frederic.tatout@industrie.gouv.frTATOUT, Frédéric WS guest

Page 5/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: Ministry of Telecommunications and Post

NL ronald.vdluit@dgtp.minvenw.nlVAN DER LUIT, Ronald WS member

Company: Nimbus Network GbR

DE arno.fiedler@nimbus-network.deFIEDLER, Arno WS Guest

Company: Novaris Pharma AG

CH gernot.gmelin@pharma.novartis.comGMELIN, Gernot WS member

Company: Office for Personal Data Protection, CZ

CZ jan.hobza@uoou.czHOBZA, Jan WS guest

Company: PBS

DK pef@pbs.dkFjelbye, Peter WS member

Company: PKI Overheid

NL info@PKIoverheid.nlKUIPER, Eleonora WS member

Company: Population Register Centre of Finland

FI merja.hovi@vrk.intermin.fiHOVI, Merja WS member

FI tuire.saaripuu@vrk.intermin.fiSAARIPUU, Tuire WS member

Company: RegTP

DE Alexander.Kuehn@RegTP.DEKÜHN, Alexander WS member

D kerstin.reschke@regtp.deReschke, Kerstin A. WS guest

DE juergen.schwemmer@regtp.deSCHWEMMER, Jürgen WS member

Company: Rundfunk und Telekom Regulierungs-GmbH

AT dieter.kronegger@rtr.atKRONEGGER, Dieter WS member

AT ulrich.latzenhofer@rtr.atLATZENHOFER, Ulrich WS member

Company: Sauer Quality Consulting

NL jan.sauer@sqc.nlSAUER, Jan WS expert

Company: Schlumberger

FR gaston@montrouge.tt.slb.comGASTON, Lorenzo WS member

FR presty@montrouge.tt.slb.comPRESTY, Renaud WS member

Company: Secorvo Security Consulting

DE kelm@secorvo.deKELM, Stefan WS member

Company: Security & Standards

UK pope@secstan.comPOPE, Nick WS member

ross@secstan.comROSS, John WS member

Company: Setec Oy

FI Jussipekka.Leiwo@setec.fiLEIWO, Jussipekka WS member

Company: Shell Services International

UK nick.p.mansfield@is.shell.comMANSFIELD, Nick WS guest

Page 6/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: Signature Perfect KG

UK reason@signature-perfect.comEASON, Richard Mark Lloyd WS member

DE rschmoldt@signature-perfect.comSCHMOLDT, Rolf WS Member

Company: SISGEM

FR leroux@noos.frLE ROUX, Yves WS guest

Company: SIZ Informatikzentrum der Sparkassen

DE andreas.bertsch@siz.deBERTSCH, Andreas WS guest

Company: Slovak Ass. for Electronic Commerce

SK Andrea.moravcikova@flaw.uniba.skMORAVCIKOVA, Andrea WS member

Company: Smartis Marketing

Fran d.ankri@smartismarketing.comANKRI, David WS guest

Company: SRC GmbH

DE maximilian.reinders@src-gmbh.deREINDERS, Maximilian WS member

Company: SSB S.P.A.

IT fabio.omenigrandi@ssb.itOMENIGRANDI, Fabio WS guest

IT andrea.sansone@ssb.itSANSONE, Andrea WS guest

Company: Statskonsult

NO endre.grotnes@statskonsult.dep.noGROTNES, Endre WS member

Company: Studio Notarile Genghini

IT Riccardo.genghini@sng.itGENGHINI, Riccardo WS chair

IT daniela.rocca@sng.itROCCA, Daniela WS member

Company: STUZZA

AT josef.ferstl@a-trust.atFERSTL, Josef WS member

Company: Telecom Italia Inform. Techn. S.p.A.

IT gianluca.tovo@telecomitalia.itTOVO, Gianluca WS member

Company: Telenor AS

NO tor-hjalmar.Johannessen@Telenor.coJOHANNESSEN, Tor Hjalmar WS member

Company: TeleTrusT e. V.

DE peter.steiert@teletrust.deSTEIERT, Peter WS Guest

Company: Telia AB

SE Gyorgy.Endersz@teliasonera.comENDERSZ, György WS guest

Company: TIEKE Finnish Inform. Soc. Developm. Centre

FI reetta.riikonen@tieke.fiRIIKONEN, Reetta WS guest

Company: TIEKE, The Finnish IT Development Centre

FI erkki.kolehmainen@tieke.fiKOLEHMAINEN*, Erkki I. WS member

Page 7/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives

Name Country RFC 822Function

Company: T-Systems ISS GmbH

DE Wolfgang.Killmann@t-systems.comKILLMANN, Wolfgang WS expert

DE Volker.Schenk@T-Systems.deSCHENK, Volker WS guest

Company: TU Berlin

DE schering@zrz.tu-berlin.deSCHERING, Gerd WS Member

Company: Ubizen

andreas.mitrakas@be.ubizen.comMITRAKAS, Andreas WS member

Company: UBS AG

CZ matyas@fi.muni.czMATYAS Jr., Vaclav WS member

Company: UNINFO

IT dato@uninfo.polito.itACTIS DATO, Massimo WS member

IT ramunno@uninfo.polito.itRAMUNNO, Gianluca WS guest; WS secretary

sirocchi@uninfo.polito.itSIROCCHI, Carla WS member

Company: UPC / SAFELAYER secure communication

ES cruellas@ac.upc.esCRUELLAS*, Juan Carlos WS guest

ES medina@ac.upc.esMEDINA, Manuel WS member

Company: W3C

FR rigo@w3.orgWENNING, Rigo WS guest

Company: Zebsign

NO kristian.bergem@zebsign.noBERGEM*, Kristian WS guest

Company: Zygma partnership

UK rgw_zygma@compuserve.comWILSHER, Richard WS member, WG chair

Page 8/ 8CEN/ISSS WS/E-Sign Member Companies and Representatives