Home > Cases > Bridge/Gateway Certification Authority (BGCA)

Bridge/Gateway Certification Authority (BGCA)

Acronym of the case:

BGCA

Web address of the case:

http://ec.europa.eu/idabc/en/document/2318/59...

Country of the case:

EU Institutions

esignatures | certificates | pki


Posting Date: 22 May 2008
Last Edited Date: 18 December 2009

2404 Visits

starstarstar

Author:

Emilio Castrillejo (European Commission / DG Enterprise and Industry)EU Institutions | http://ec.europa.eu/idabc/eprocurement
Type of initiative
  • Strategic initiative
Case Abstract

Civil servants in national public administrations that participate in European Commission projects run under the IDABC programme (http://ec.europa.eu/idabc) must use electronic certificates from the IDABC Public Key Infrastructure (PKI) (http://ec.europa.eu/idabc/en/document/2316/5927) for security of communications, encryption and electronic signature.

The main reason is that there is no established way, at present, for trust to be established in an electronic certificate from a Certification Authority (CA) other than one's own. The traditional PKI model assumes that this would be solved by 'cross-certification' and mutual recognition, but, by and large, these have not occurred.

Therefore, a mechanism to establish trust and confidence between these CAs is required in order to allow the use of national CAs certificates in European cross-border communications.

Such a mechanism is a 'bridge' or 'gateway CA'. IDABC examined the feasibility of establishing a bridge or gateway CA to act as an intermediate trust infrastructure between the PKIs of Europe's national public administrations.

The main conclusion is that such a bridge is technically feasible, but in order to implement it, a clear governance and administrative model has to be set up.

Description of the case
Domain
eGovernment
Topic
eIdentity and eSecurity | Infrastructure | Interoperability
Sector
Communication (infrastructure)
January 2002 to October 2005
Date operational
October 2005
Target Users
Administrative
Target Users Description

Civil servants in national public administrations that participate in European Commission projects developed by the IDA/IDABC programmes.
However, the results are applicable to a larger audience: any person using electronic certificates in cross-border context.

Scope
International
Status
Ended
Language(s)
English
Policy Context and Legal Framework

The project was launched in the context of the IDA/IDABC programmes (http://ec.europa.eu/idabc) to facilitate interoperability with eCertificates of civil servants in national public administrations that participate in European Commission projects.

Project Size and Implementation
Type of initiative
IT infrastructures and products
Overall Implementation approach
Public administration
Technology choice
Standards-based technology
Funding source
Public funding EU
Project size
Implementation: €300-499,000
Implementation and Management Approach

A feasibility study examined the policy, organisational and technical issues for the establishment of an intermediate trust infrastructure between the Certification Authorities (CAs) used by the Member States' public administrations.

It addressed the main policy issues, the equivalence of certificate policies, provided model technical architectures, discussed the organisation and governance of the bridge CA, and the requirements for interoperability. To achieve this, meetings were conducted with voluntary Member States that had already set up certification services for their national public administrations or are well advanced in their planning in this area.

One of the recommendations of the feasibility study was that trust relationships could be established by the distribution of CTLs (certificate trust lists) electronically signed by a bridge CA.

A pilot was carried out to provide a proof of concept. This pilot demonstrated that a bridge was technically feasible.

Technology solution

The Certificate Authorities (CAs) are included in a TSL scheme according to standards as the TS 101.456 (Policy Requirements for CAs issuing Qualified Certificates) and TS 102.042 (Policy Requirements for CAs issuing Public Key Certificates). The pilot also analysed the expected standardisation by ETSI itself, APEC, the US Federal Bridge PKI as well as ISO committees.

Impact, innovation and results
Impact

Implementing a bridge only for European national public administrations would be a first step to create a practical solution to guarantee cross-border recognition of electronic signatures for general purposes.

Lessons learnt

-It is technologically possible to implement a bridge among certification authorities for cross border purposes, using the principle of Trust List (TSL).

-At the moment of finalising the pilot, no e-mail client nor SSL-browser supported TSL, therefore manual intervention is required to set-up a working system

-Further to the technical possibilities, an organisational and governance model has to be established in order to effectively implement a gateway among cross-border certification authorities.

Comments

This item has not yet been commented. Please feel free to send us a comment of your own.
Send Your Comment | View All

See Related Content

In order to send a message you need to be registered at least one month and have earned more than 150 kudos.
Share!

Additional Documents

2004 Technical ... (732.59 KB)2004 Technical ...
2004 Test ... (308.91 KB)2004 Test programme of the ...
2004 Trust List ... (1.11 MB)2004 Trust List Usage ...
2005 Pilot Test ... (469.31 KB)2005 Pilot Test - ...
2005 Pilot Test ... (1.36 MB)2005 Pilot Test - Testing ...
2005 Pilot Test ... (1.56 MB)2005 Pilot Test - Test Report
2005 Pilot Final ... (538.07 KB)2005 Pilot Final ...
2005 Pilot Final ... (795.92 KB)2005 Pilot Final ...
2005 Pilot Final ... (617.71 KB)2005 Pilot Final ...
SEMIC
About Us · Rules of conduct · Important Legal Notice · Contact Us · Site Map · FAQ · Glossary · RSS