260 likes | 282 Vues
OEWG 09-06-2011. Review existing Methods already in place for exchange of data - General Introduction Lex Moret, EL&I the Netherlands. Client Program (Certification of Agricultural Goods at Im and Export to a new future). Import (2002-2004) Export (2004 -2010)
 
                
                E N D
OEWG 09-06-2011 • Review existing Methods already in place for exchange of data - General Introduction Lex Moret, EL&I the Netherlands
Client Program (Certification of Agricultural Goods at Im and Export to a new future) Import (2002-2004) Export (2004 -2010) E-certification (2010-2011)
E-Certification Export Certification Kenya UNCTAD Pilot Republic of Korea Pilot China (Pilot USA)
Paradigms Use (defacto) standards Use solutions created by other countries (New Zealand) Create new solutions Versatile systems (support for multipe Standards) Reduce administrative burdens for the private sector
Digital Signature Equivalent of a stamped signature Binding to a person (or organisation) Difficult to copy XML
Electronic Signature (Digital Evidence) Authentication Integrity Non-repudiation In any step of the lifecycle
Diagram showing how a simple digital signature is applied and then verified
Standard ECONOMIC COMMISSION FOR EUROPE COMMITTEE ON TRADE Centre for Trade Facilitation and Electronic Business TBG “Security Project” hosted by TBG6 Recommendation No. 37 Digital Evidence Certification Recommendation SOURCE: The Chair ACTION: Review before further iteration of Open Development Process Step 5 – Public Review STATUS: Proposed Publication Draft
Decisions Signature type XML Dsig (W3c) (NL signing server) XAdES/BES XAdES-T XAdES-C Etc. DEC-R (recommended by TBG 5)
Decisions Hashing Algorithm SHA-1 SHA-256 (NL signing server) Etc. Signature/document relationship Enveloping (NL signing server) Enveloped
Certificate Mastering System (CMS) Functions Digital Signature • Acces Control + audit trail • Search • Download • Update (status) • Monitor XML DBMS
Functions Technology : Webservices (SOAP) Acces Control : UN/PW Implemenation : WSDL (tbd)
BUSINESS REQUIREMENTS SPECIFICATION (BRS) Business Domain: Government to Government electronic certification for traded agricultural commodities Business Process: Electronic transmission of data exchanged between government inspection and quarantine authorities involved in border Document Identification: Export Certificate Title: E-cert BRS UN/CEFACT International Trade and Business Processes Group: TBG15
Ⅱ. Business Process Status Transition Border Inspection – Permitted States for Transition Initial By SOAP Client of Import Agency Acknowledged Approved By Border Inspector Accepted Replaced Rejected ToBe Replaced Detained Withdrawn Request Replacement Replacement Authorised Revoked
Network (Internet Functions Digital Signature XML Secure Acces by foreign NPPO (HTTPS with 128 bit SSL)
Inspection Panning System System Architecture NL (SOA) Export Certiffication System Certificate Mastering System Signing & Verification System
Korea import from .. Internet Verfication server KOREA eCert system Certificate data Importing Country Plant Quarantine Information System (PQIS) Request Request Request SOAP Server SOAP Client Certificates Information Network eCert Response(XML) Certificate Mastering System(CMS) DB Exporting Country Request (Result Status update) SOAP Server SOAP Client Result Response(update result) accept_certificate reject_certificate detain_certificate request_replacement_certificate Signing server acknowledge_certificate accept_certificate reject_certificate detain_certificate request_replacement_certificateSigning server Import Inspector - Register the result
And not to forget ….. Emergency Procedures Disaster Recovery procedures
Interesting URL’s Creating Signing services : http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss Testing signing services : http://www.globaltrustfinder.com/XMLUs UN Recommendation on E-signatures: http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce/2001Model_signatures.html UN/CEFACT Recommendation No. 37: Signed Ditial Evidence Interoperability Recommendation, submitted for approval by the Architecture, Engineering and Construction Working Group – TBG6, 27 september 2010
Questions ? A.J.Moret Projectmanager Client International – NL +31653297989 A.J.Moret@MINLNV.nl