Electronic Signature Policy (ESP)


    The verification of the validity of the electronic signature of any electronically authenticated document carries a decision: shall we accept the electronic document as authentic (original) or not. The Electronic Signature Policy (ESP) describes the conditions upon which the electronic signatures can be considered valid for both the signing and verifying party and any other third party within a given business/transaction environment.

    Demonstration ESP: http://www.egroup.hu/pki/policies/egts/fphtest0.xml

    What is the Electronic Signature Policy?

    The Electronic Signature Policy is the set of rules concerning the creation and verification of electronic signatures, which rules define the validity of the signatures within the given framework. The rules of the ESP mainly concern the signing and verifying party and regulate the compilation, the interpretation and the validity checking of the certificates and the electronic signatures. The ESP must be available to all parties in an unambiguous and secure format.

    Standards and regulations used    

    The XML-based description of the ESP is created by exactly defining the fields of the schema set forth in the ETSI TR 102 038 - XML Format for Signature Policies specification. When creating the ESP, we consider the recommendations of the following standards and regulations:

    • RFC 3280 - X.509 Public Key Infrastructure Certificate and CRL Profile: Defines the Certificate and Certificate Revocation List (CRL) Profile conforming to the X.509 (v3) standard. Obsoletes RFC 2459 that was used earlier.
    • RFC 3039 - X.509 Public Key Infrastructure Qualified Certificates Profile: Defines the format of the so-called Qualified Certificates Profile that can be issued to only natural persons.
    • ETSI 101 862 v1.2.1 - Qualified certificate profile: Constraints of the qualified certificates issued by providers qualified according to the EU electronic signature directive.
    • ETSI TS 101 733 - Electronic signature formats: Defines requirements about the contents and the format of electronic signatures that guarantee long-term (several years of) non-repudiation.
    • ETSI TS 101 903 - XML Advanced Electronic Signatures (XadES): Requirements about XML-based electronic signatures created according to the standards of the IETF W3C XML workgroup.
    • ETSI TR 102 045 - Signature policy for extended business model:Extension to ETSI TS 101 733 for the authentication of general-purpose business communication in a non-repudiative way.
    • ETSI TR 102 041 - Signature Policies Report: Gives guidance on the technical, organizational and legal issues related to a signature policy.
    • ETSI - Signature Policies Tutorial: A description of ETSI TR 102 041 in a plain language.
    • PKCS #7: Cryptographic Message Syntax Standard: Describes general syntax for data that may have cryptography applied to it (encrypted or digitally signed).
    • RFC 3125 - Electronic Signature Policies: A draft standard that conforms to ETSI TS 101 733.
    • IT Commissioner of the Prime Minister's Office - Sample signature policy for KEAR: An ESP draft prepared for the Government Electronic Signature System (KEAR).
    Attachments:
    FileDescriptionLast Modified
    Download this file (fphtest0.xml)Electronic Signature PolicyElectronic Signature Policy file10/27/09 16:52
     
    ImpressumWebsite Disclaimer