Validation Authority solution for cross border recognition of e-s

Acronym of the case:

VASolution

Web address of the case:

http://va.dnv.com

Country of the case:

Norway

City/region:

Oslo

Posting Date:

13 May 2008

Last Edited Date:

13 October 2009

Author:

Leif Buene (Det Norske Veritas AS)

e-signature | validation | verification

Type of initiative

Project or service

Case Abstract

In 2008 DNV (Det Norske Veritas) put into operation a global and neutral Validation Authority to offer a new independent third party trust service to manage the process of verifying digital signatures and validating the accompanying digital identity (eID) certificates. In 2009 DNVâ€™s operations partner BBS (Business and Banking Solutions) in Norway took over the service, supported by DNV in the quality classification of eIDs. The VA service is a fully operational solution for cross border recognition of eIDs and e-signatures which is needed for organisations involved in international e-business, for example e-procurement.

Description of the case

Domain

eGovernment

Topic

eProcurement | Services for Businesses | High Impact Services with Pan-European Scope | Infrastructure | Interoperability

Sector

Communication (infrastructure) | Procurement

Start date - End date

January 2006 (Ongoing)

Date operational

March 2008

Target Users

Administrative | Business (self-employed) | Business (industry) | Business (SME)

Target Users Description

Any business or organisation who needs to be able to rely upon eIDs and/or e-signatures received from communicating parties in a B2B, B2G or C2G context.

Scope

International | National

Status

Operation

Language(s)

English

Policy Context and Legal Framework

EU's e-signature directive. The European Economic Area treaty. EU's principle of free flow of goods and services.

Project Size and Implementation

Type of initiative

IT infrastructures and products

Overall Implementation approach

Private sector

Technology choice

Standards-based technology | Mainly (or only) open standards

Funding source

Private sector

Project size

Implementation: Not applicable/not available

Implementation and Management Approach

The VA solution is implemented as an on-line subscription service. Â The VA Solution, marketed as the BBS Global Validation Service, is a pragmatic approach to the requirement to conduct business to high assured service levels both within and externally to the EU. Even if the solution as such is novel, the IT environment in which it runs is mature and well tested.

Technology solution

The VA solution is accessible via Web Services using an open, standards based XML schema. Standards are used as widely as possible, and interoperability is a major concern. The software engine of the solution is proprietary.

Impact, innovation and results

Impact

The business value of the VA solution can be summarized as follows:

It secures critical electronic services by enabling them with electronic IDs and signatures verified against the issuers and tested against organizational risk policies.
It allows full digitisation of business processes by removing the last barrier to paperless business (the handwritten signature) while maintaining consistent centralized compliance.
It extends e-business usage globally through policy-based interoperability and extended market reach beyond EU Qualified Certificates.
It assures low total cost of ownership by providing validation/verification as a service which is fast to implement and reduces the commercial resources required to conduct business internationally.
It offers strong and reliable trust partnership based on BBSâ€™s 30+ years of experience in operating national critical financial infrastructures, supported by DNV as independent assessor of eID quality.

Track record of sharing

The VA solution has been shared in numerous presentations at meetings, seminars and conferences in Europe and in the USA. It has drawn substantial interest and recognition from public sector as well as industry stakeholders.

Lessons learnt

The main lessons learnt are:

Even though the advantages of making use of eID and digital signatures (advanced electronic signatures) are substantial, the uptake of this technology in the market place is rather slow.
Public sector is an important driver for the deployment of eIDs and implementation of digital signatures.
Interoperability may not be restricted to within the EU. Many EU programs are collaborative with other Non-EU organizations yet still require the same levels of Trust.
The necessary technical solutions for wide spread use of eID and digital signatures are available. Implementation is dependent on management attention, understanding and decision which must be shown to be consistent, transparent and available against Service Level Agreements between all parties.

Multimedia Content Select a Tab

There isn't any image for this case

There isn't any Video for this case

Rundgren Anders

Business Model Question

23 June 2009 | 2470 Visits | Rating: No votes

I guess this service is designed in such a way that the receiver (relying party) is the entity that pays for validation?

Although this may sound like a good idea it only works for limited number of closed PKIs like the Swedish BankID.Â Most EU PKIs are as far as I know open, allowing anybody to validate a signature.

Leif Buene

24 June 2009 | 0 Visit | Rating: No votes

No, on the contrary - this is a solution that works even better for open PKIs.Â The idea is to relieve the Relying Party of the burden to validate e-signatures and eIDs on their own by providing this as a service to them.Â The solution will allow them to validate signatures based on eIDs from many different eID issuers with only one integration and agreementÂ - namely with the VA.Â

Furthermore, the solution will provide information about the quality of the eIDs and e-signatures (not only the validity) based on an independentÂ classification according to a quality classification scheme.Â Thus, it can provide a fitness-for-purpose assessment of the signatures/eIDs.