RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039.

Slides:



Advertisements
Similar presentations
® IBM Software Group © IBM Corporation WS-Policy Attachment- spec overview Maryann Hondo IBM.
Advertisements

Work on the Council of Europe/UNESCO Recommendation on the recognition of joint degrees Bologna follow-up Workshop Joint degrees – further development,
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Office of the Auditor General of Canada CANADA’S ADOPTION OF INTERNATIONAL STANDARDS ON AUDITING 20 FACTS PREPARERS of FINANCIAL STATEMENTS SHOULD KNOW.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Doc.: IEEE /0032r1 Submission January 2007 Donghee Shim et al, LG Electronics, Inc.Slide 1 Comments resolutions: Emergency call support in 11u.
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Wetlands Mitigation Policy Sudbury Wetlands Administration Bylaw April 27, 2015.
Health and Consumers Health and Consumers Identification and traceability of dogs and cats: the current EU legal framework and possible future developments.
The Internet IP Security PKI Profile of ISAKMP and PKIX draft-ietf-ipsec-pki-profile-03.txt Brian Korver Eric Rescorla.
Certification of Accounts. Certification of accounts » Audit Report on Financial (Attest) Audit is about expression of Auditor’s Opinion on the Financial.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Dr. Diganta Biswas School of Law Christ University, Bangalore.
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
Circulation of authentic instruments under Regulation 650/2012 speaker – Ivaylo Ivanov – Bulgarian Notary Chamber.
June Data Practices in Minnesota. June Outline for this presentation Minnesota data practices laws Classification of government data Government.
Abierman-rmonwg-17mar03 1 RMONMIB WG 56th IETF San Francisco, California March 17, 2003 Discussion: Admin:
How to Write a Critical Review of Research Articles
1 VIDEO SURVEILLANCE (public/private areas) TOMÁŠ MIČO The Office for Personal Data Protection of the Slovak Republic.
1 Mission Order No. 21 Partner Information Form. 2 Part I: Information About Proposed Activities:  Box 1: Name of prime contractor/recipient required.
Second expert group meeting on Draft fiche on delegated act on the European code of conduct on partnership (ECCP) Cohesion Policy
Annual seminar in Berlin – 27 th May Should EU corporate governance measures take into account the size of listed companies ? How ? Should a.
Seminar on Migration Legislation Ministry of Foreign Affairs of Guatemala 15 – 16 February 2007.
LDAP Items
Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
Legislative Texts. The legislative process in the EU Proposal, recommendation, communication from Commission, Green Paper, consultation, studies, draft.
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
1 Upgrading of the Framework Requirements for the Development of VQS in Bulgaria Dr Cloud Bai-Yun May 2006, Sofia EuropeAid/120164/D/SV/BG.
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Review of veterinary medicines legislation in 2010 Mario Nagtzaam Unit F2 „Pharmaceuticals“ Directorate-General Enterprise and Industry European Commission.
Recommendation 2001/331/EC: Review and relation to sectoral inspection requirements Miroslav Angelov European Commission DG Environment, Unit A 1 Enforcement,
1. Our submissions focus on : The two-stage amendment process The legal entity proposed to represent communities The recognition of customary rights Need.
S21: Reporting. Audit Reporting » The main objective is to ensure clear and informative reporting to the users of financial statements. » Audit Reports.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
The European SEA Directive Simon Marsden School of International Business, University of South Australia Module 1: Basics of SEA.
KMIP Support for PGP Things to take out Things to put in.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-01 Suresh Krishnan Ana Kukec Khaja Ahmed.
SonOf3039 Status Russ Housley Security Area Director.
Cultural Competence Considerations [and other alliterations] in International Research IRB 2 Continuing Education March 10, 2015.
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas
RPKI Certificate Policy Status Update Stephen Kent.
INTERNATIONAL AND TRANSBOUNDARY ENVIRONMENTAL ASSESSMENT LAW OCTOBER 29, 2012.
Draft fiche on delegated act on the European code of conduct on partnership (ECCP) Structured Dialogue Brussels, 19 September
Regulations Related to Video Surveillance in Georgia Sarajevo, 18 th Meeting of CEEDPA The Office of the Personal Data Protection Inspector.
OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.
© 2006 Open Grid Forum VOMSPROC WG OGF36, Chicago, IL, US.
An agency of the European Union Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070 Industry.
GDPR (General Data Protection Regulation)
New systematization of EU legal instruments in the Lisbon Treaty
European Union Law Law 326.
Work on the Council of Europe/UNESCO Recommendation on the recognition of joint degrees Bologna follow-up Workshop Joint degrees – further development,
Issues of personal data protection in scientific research
Vessels and Facilities that are Temporarily Out of Service or Laid-up
General Data Protection Regulation
Formats for long term signatures
Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop
Alignment of Part 4B with ISAE 3000
General Data Protection Regulations 2018
IESS Agenda point 7.3 DSS Meeting September 2014.
NATIONAL QUALIFICATIONS FRAMEWORK AMENDMENT BILL
Trustworthy Location ECRIT WG IETF 80 Tuesday, March 29, 2011
Presentation transcript:

RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039

Issues References and other minor editorial Subject DN attributes Scope Key usage qcStataments - mandatory use for QC and criticality

Subject attributes RFC 3039 text:  The subject field SHALL contain an appropriate subset of the following attributes:  Other attributes may be present but MUST NOT be necessary to distinguish the subject name from other subject names within the issuer domain. Attributes under consideration:  postalAddress (not supported by RFC 3280)  Title (function/position within an organization)

Scope – The two ways RFC 3039 way  Profile for Qualified Certificates but scope is not limited to that. RFC 3039 bis way?  Profile for ID certificates that also defines specific tools for QC

Scope RFC 3039 Abstract: This document forms a certificate profile for Qualified Certificates, based on RFC 2459, for use in the Internet. The term Qualified Certificate is used to describe a certificate with a certain qualified status within applicable governing law. Section 2: The term "Qualified Certificate" has been used by the European Commission to describe a certain type of certificates with specific relevance for European legislation. This specification is intended to support this class of certificates, but its scope is not limited to this application. Section 2: Within this standard the term "Qualified Certificate" is used more generally, describing the format for a certificate whose primary purpose is identifying a person with high level of assurance in public non-repudiation services. The actual mechanisms that will decide whether a certificate should or should not be considered to be a "Qualified Certificate" in regard to any legislation are outside the scope of this standard.

Scope – Reasons for change Some functions of RFC 3039 are not specific to QC or “public non-repudiations services”  biometricInfo Extension  Issuer and Subject DN attribute set  Attribute semantics definitions (PI definition)  SubjectDirectory attributes dateOfBirth; placeOfBirth; gender; countryOfCitizenship; and countryOfResidence.

Scope – RFC3039 bis 00.txt Abstract: This document forms a certificate profile, based on RFC 3280, for identity certificates issued to physical persons. Abstract: The profile defines specific conventions for certificates that are qualified within a defined legal framework, named Qualified Certificates. The profile does however not define any legal requirements for such Qualified Certificates. Section 2: Within this standard the term "Qualified Certificate" is used generally, describing a certificate whose primary purpose is to identify a person with high level of assurance, where the certificate meet some qualification requirements defined by an applicable legal framework.

Key usage RFC 3039  If the key usage nonRepudiation bit is asserted then it SHOULD NOT be combined with any other key usage, i.e., if set, the key usage non-repudiation SHOULD be set exclusively. RFC 3039bis 00.txt  Key usage settings SHALL be set in accordance with RFC 3280 definitions. Further conventions for key usage setting MAY be defined by certificate policies and/or local legal regulations. Motivation for change is highly dependent on scope

qcStatement Extension – mandatory use and criticality ETSI TS  Based on clear definition of QC as context for the standard  QC declaration through policy or qcStatement RFC 3039  No stipulation Proposal  RFC 3039 bis – no stripulation  TS bis – Mandatory use of qcStatament, May be critical