Announcements
- Thank you for your participation!! As of January 9th, 2013, the esMD AoR Digital Signatures / Delegation of Rights White Paper has been finalized. The document below as well as the text embedded within the Digital Signatures / Delegation of Rights White Paper Wiki reflect updates that were proposed and agreed upon during the formal Consensus Process. Please contact the Workgroup Lead or Support Lead if you have any remaining questions or concerns.
Works Approved Through Consensus
Date | Artifact Name | Artifact Links |
1/9/2013 | esMD AoR L1 SWG Report - Digital Signatures and Delegation of Rights | |
Works in Progress
Digital Signatures
Artifact Name | Description/Purpose | Status | Current Status/ Last Updated | Reviewers | Target Date for Completion |
| | | | | |
Delegation of Rights
Artifact Name | Description/Purpose | Status | Current Status/ Last Updated | Reviewers | Target Date for Completion |
| | | | | |
Meeting Materials
Meeting Date | Meeting Materials | Presentation Materials | Minutes | View Meeting Recordings |
December 5, 2012 | White Paper review postponed until Friday, 12/7/12, 2pm EST |
November 28, 2012 | White Paper review postponed |
November 21, 2012 | MEETING CANCELLED |
November 14, 2012 | MEETING CANCELLED |
November 7, 2012 | MEETING CANCELLED |
October 31, 2012 | Meeting Materials | Meeting Presentation (.pptx) | Meeting Minutes (.docx) | View on Vimeo |
October 24, 2012 | Meeting Materials | Presentation unavailable | Meeting Minutes (.docx) | View on Vimeo |
October 17, 2012 | Meeting Materials | Meeting Presentation (.pptx) | Meeting Minutes (.docx) | View on Vimeo |
October 10, 2012 | Meeting Materials | Meeting Presentation (.pptx) | Meeting Minutes (.docx) | View on Vimeo |
October 3, 2012 | Meeting Materials | Meeting Presentation (.pptx) | Meeting Minutes (.docx) | View on Vimeo |
September 26, 2012 | Meeting Materials | Meeting Presentation (.pptx) | Meeting Minutes (.docx) | View on Vimeo |
September 19, 2012 | Meeting Materials | Meeting Presentation (.pptx) | Meeting Minutes (.docx) | View on Vimeo |
Reference Documents
Digital Signatures
Standards
Document Link | Description | Version/Date |
NIST SP 800-63-1 (PDF) | NIST Electronic Authentication Guideline | Dec 2011 |
ITI TF-1 (PDF) | IHE IT Infrastructure Technical Framework: Volume 1: Integration Profiles | Revision 9.0 Aug 31, 2012 |
ITI TF-2a (PDF) | IHE IT Infrastructure Technical Framework: Volume 2a: Transactions Part A - Sections 3.1 - 3.28 | Revision 9.0 Aug 31, 2012 |
ITI TF-2b (PDF) | IHE IT Infrastructure Technical Framework: Volume 2b: Transactions Part B - Sections 3.29 - 3.51 | Revision 9.0 Aug 31, 2012 |
ITI TF-3 (PDF) | IHT IT Infrastructure Technical Framework: Volume 3: Cross-Transaction Specifications and Content Specifications | Revision 9.0 Aug 31, 2012 |
OASIS DSS Core Spec | Digital Signature Service Core Protocols, Elements, and Bindings. See also: All DSS Standards | Version 1.0 Apr 11, 2007 |
XMLdigsig | XML Signature Syntax and Processing, W3C Recommendations | Second Edition Jun 10, 2008 |
FIPS PUB 186-3 (PDF) | Digital Signature Standard | Jun 2009 |
IETF RFC 3820 | Internet X.509 PKI Certificate Profile | Jun 2004 |
IETF RFC 3850 | Internet X.509 PKI Proxy Certificate Profile | Jul 2004 |
IETF RFC 3851 | Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specifications | Jul 2004 |
IETF RFC 4998 | Evidence Record Syntax | Aug 2007 |
IETF RFC 5276 | Using the Server-Based Certificate Validation Protocol to Convey Long-Term Evidence Records | Aug 2008 |
IETF RFC 5280 | Internet X.509 PKI Certificate and Certificate Revocation List Profile | May 2008 |
IETF RFC 5698 | Data Structure for the Security Suitability of Cryptographic Algorithms | Nov 2009 |
IETF RFC 6277 | Online Certificate Status Protocol Algorithm Agility | Jun 2011 |
IETF RFC 6283 | XML Evidence Record Syntax | Jul 2011 |
FBCA X.509 Certificate Policy (PDF) | X.509 Certificate Policy for the Federal Bridge Certification Authority | Version 2.25 Dec 9, 2011 |
Industry Implementations
White Papers/Industry Reports
Document Link | Description | Version/Date |
OECD Digital Identity Management (PDF) | Digital Identity Management - Enabling Innovation and Trust in the Internet Economy. This paper is summarized here and includes the following reports:
| Winter 2011 |
EU eSignatures Report | Report on the operation of Directive 1999/93/EC on a Community framework for electronic signatures | Mar 15, 2006 |
EU eSignatures Action Plan | Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market | Nov 28, 2008 |
Federal Requirements
Delegation of Rights
Standards
Industry Implementations
White Papers/Industry Reports
Document Link | Description | Version/Date |
| | |
Federal Requirements
See all Author of Record SWG reference materials on the esMD Reference Materials page.
Workgroup Details
Objective:
Define process, artifacts and standards for transaction and document bundle digital signatures for esMD. Define credentials, artifacts and process for Delegation of Rights for esMD.
Makeup:
Requirements:
Digital Signatures:
- Must provide for non-repudiation as part of the credentials and artifacts
- Must ensure data integrity
Delegation of Rights:
- Must provide for non-repudiation (NIST definition) as part of the credentials and artifacts
- Revocable
In Scope:
Digital Signatures:
- Use Case 1 and 2 transactions
- AoR L1 (Signature binding to aggregated document bundle)
- Signature workflow
- Signature artifacts
- Identification of relevant standards
Delegation of Rights:
- Use Case 1 and AoR L1 Delegation of Rights requirements
- Delegation/Proxy workflow
- Delegation/Proxy artifacts
- Identification of relevant standards
Out of Scope:
Digital Signatures & Delegation of Rights:
Deliverable: Summary White Paper
Digital Signatures:
- Assumptions
- Statement of Problem
- Recommended Solution(s)
- Review of Standards (e.g., OASIS, IHE, HL7, ...)
- Transaction signature process
- Transaction artifacts to meet Use Case 1 and 2 requirements
- Document Bundle signature process
- Artifacts to meet AoR L1 requirements
- Data Integrity requirements
- Non-repudiation assurance
- Identify gaps in current policy impacting Digital Signatures
- References
Delegation of Rights:
- Assumptions
- Statement of Problem
- Recommended Solution(s)
- Review of Standards (e.g., OASIS, IHE, HL7, ...)
- Proxy/Delegation Credential/Artifact(s)
- Operational consideration for Proxy/Delegation Creation
- Scope/Content of Proxy/Delegation
- Revocation of Proxy
- Credential Transaction proxy requirements
- Transaction artifacts to meet Use Case 1 requirements
- Document Bundle proxy signature process
- Artifacts to meet AoR L1 signature proxy requirements
- Non-repudiation assurance
- Identify gaps in current policy impacting Delegation and Proxy
- References