go to home page | go to navigation | go to page content | go to contact | go to sitemap
Home > Cases > eProcurement Forum > Bridge/Gateway Certification Authority (BGCA)
practice Bridge/Gateway Certification Authority (BGCA)

Bridge/Gateway Certification Authority (BGCA)

3691 Visits
| Comments |
starstarstarempty starempty starIn order to vote, you need to be logged in!

Acronym of the case:

BGCA

Web address of the case:

http://ec.europa.eu/idabc/en/document/2318/59...

Country of the case:

EU Institutions

Posting Date:

22 May 2008

Last Edited Date:

18 December 2009

Author:

Emilio Castrillejo (European Commission / DG Enterprise and Industry)
tags

esignatures | certificates | pki

Bridge/Gateway Certification Authority (BGCA) Logoemilio's picture

Type of initiative

  • Strategic initiative-imgStrategic initiative

Case Abstract

Civil servants in national public administrations that participate in European Commission projects run under the IDABC programme (http://ec.europa.eu/idabc) must use electronic certificates from the IDABC Public Key Infrastructure (PKI) (http://ec.europa.eu/idabc/en/document/2316/5927) for security of communications, encryption and electronic signature.

The main reason is that there is no established way, at present, for trust to be established in an electronic certificate from a Certification Authority (CA) other than one's own. The traditional PKI model assumes that this would be solved by 'cross-certification' and mutual recognition, but, by and large, these have not occurred.

Therefore, a mechanism to establish trust and confidence between these CAs is required in order to allow the use of national CAs certificates in European cross-border communications.

Such a mechanism is a 'bridge' or 'gateway CA'. IDABC examined the feasibility of establishing a bridge or gateway CA to act as an intermediate trust infrastructure between the PKIs of Europe's national public administrations.

The main conclusion is that such a bridge is technically feasible, but in order to implement it, a clear governance and administrative model has to be set up.

Description of the case

Domain
eGovernment
Topic
eIdentity and eSecurity | Infrastructure | Interoperability
Sector
Communication (infrastructure)
Date
January 2002 to October 2005
Date operational
October 2005
Target Users
Administrative
Target Users Description

Civil servants in national public administrations that participate in European Commission projects developed by the IDA/IDABC programmes.
However, the results are applicable to a larger audience: any person using electronic certificates in cross-border context.

Scope
International
Status
Ended
Language(s)
English

Policy Context and Legal Framework

The project was launched in the context of the IDA/IDABC programmes (http://ec.europa.eu/idabc) to facilitate interoperability with eCertificates of civil servants in national public administrations that participate in European Commission projects.

Project Size and Implementation

Type of initiative
IT infrastructures and products
Overall Implementation approach
Public administration
Technology choice
Standards-based technology
Funding source
Public funding EU
Project size
Implementation: €300-499,000

Implementation and Management Approach

A feasibility study examined the policy, organisational and technical issues for the establishment of an intermediate trust infrastructure between the Certification Authorities (CAs) used by the Member States' public administrations.

It addressed the main policy issues, the equivalence of certificate policies, provided model technical architectures, discussed the organisation and governance of the bridge CA, and the requirements for interoperability. To achieve this, meetings were conducted with voluntary Member States that had already set up certification services for their national public administrations or are well advanced in their planning in this area.

One of the recommendations of the feasibility study was that trust relationships could be established by the distribution of CTLs (certificate trust lists) electronically signed by a bridge CA.

A pilot was carried out to provide a proof of concept. This pilot demonstrated that a bridge was technically feasible.

Technology solution

The Certificate Authorities (CAs) are included in a TSL scheme according to standards as the TS 101.456 (Policy Requirements for CAs issuing Qualified Certificates) and TS 102.042 (Policy Requirements for CAs issuing Public Key Certificates). The pilot also analysed the expected standardisation by ETSI itself, APEC, the US Federal Bridge PKI as well as ISO committees.

Impact, innovation and results

Impact

Implementing a bridge only for European national public administrations would be a first step to create a practical solution to guarantee cross-border recognition of electronic signatures for general purposes.

Lessons learnt

-It is technologically possible to implement a bridge among certification authorities for cross border purposes, using the principle of Trust List (TSL).

-At the moment of finalising the pilot, no e-mail client nor SSL-browser supported TSL, therefore manual intervention is required to set-up a working system

-Further to the technical possibilities, an organisational and governance model has to be established in order to effectively implement a gateway among cross-border certification authorities.

Multimedia Content Select a Tab

    There isn't any image for this case
    There isn't any Video for this case
    Print Print this document
    In order to send a message you need to be registered at least one month and have earned more than 150 kudos.

    See Related Content

    Additional Documents

    go to the SEMIC web page
    About Us · Rules of conduct · Important Legal Notice · Contact Us · Site Map · FAQ · Glossary · RSS
    eGovernment