www.FutureTrust.eu

over as ficer at ensure ect just id in the ehalf of e would for his dication in year wishes s future

Coordination efforts to enable the best possible presentation of the project are already under way and will arrive in the work package leaders’ mailboxes soon.

We are also looking forward to our next consortium meeting

bodies of standardisation to build the future framework for digital trust services that was envisioned in the original FutureTrust project proposal. Our prime focus in the coming year will lie, of course, on implementing our design and

FutureTrustBulletin

Edition No. 3June 2017

Maria BERCEA has takenFutureTrust’s Project OfFuturetrust A Look Backthe EC. She will help us

On Year One FutureTrust General Assembly February 2017the success of the projlike Dr. Markus MÜLLER d

Dear partners and friends of the project’s first year. On bFutureTrust project, it has been the whole consortium wone year since the project’s kick- like to thank Dr. MÜLLERoff meeting at RUB in Bochum outstanding work and deand we have just recently, end for FutureTrust’s successof May 2017 that is, hit our first

one and extend our bestbig deadline for deliverablesto him for success in hifrom almost all work packages.position and role. No less cordially making our pilots become greatFrom the side of administrational which is expected to take placewe welcome Ms. BERCEA to the exhibition pieces.and technological project in Belgrade in the autumn (dateproject and are looking forwardmanagement we are more than is tentative). This meeting’s It has been a great first year andto creating quality results withhappy to conclude that we were we are positive that the comingagenda will surely leave roomher as our contact at the EC.able to deliver everything the two years will build on the first.for an account of the project’s

project aspired to deliver in Together with all work package We are excited to slowly see thefirst year and the first reviewyear one. By virtue of the tightly leaders, the project management puzzle pieces fall into place. Let’smeeting. An important part of itknit consortium and efficient is currently preparing the first continue completing the puzzlewill, however, be dedicated tocommunication, we were able to of three yearly project review that is global trust in the comingdetermining and coordinatingensure that everything delivered meetings, where the project two years with diligence andhow to build on the large bodylives up to our quality goals. In a dedication!lead will have a first opportunity of conceptual and designconsortium of this size, a similar to engage in directly with Ms. work from year one, including, Best regardsbottom-line being down a third of BERCEA. The project review but not limited to, academicthe way is a remarkable result. FutureTrust Project Managementmeeting is expected to take publications, enhancing the

project’s international visibilityplace in late July in BrusselsIn the second half of May 2017, Teamon high-profile conferences for(date is tentative), where we willthe consortium was notified of

Disclaimer: Please note that all dates are subjectresearchers and practitioners.have the opportunity to presenta change of Project Officer byto changeOf course, we will continue tothe European Commission (EC). the project’s first year’s results

provide input to internationalEffective immediately, Ms. Alina- to her and a panel of experts.

A project funded under The European Commission program:www.FutureTrust.eu H2020 DS-05-2015 GA No: 700542

business portal “USP”, providing international approach of theidentification and authentication application. The pilot will use theFutureTrust Partnerfor single-sign-on and access of application to show the use case

Profile The Federal registered users, to the integrated of e-Signature validation, to sendFutureTrustbusiness related e-Services. a vivid signal for FutureTrust’sComputing Centre ofBulletin

service use to the AustrianEdition No. 3 User authentication is alsoAustria (BRZ)government and economicJune 2017 necessary when using webplayers.service communication for the

e-Services. USP offers a specificauthentication service to provethe applying organisation’s andthe respective agent’s authority. FutureTrust PartnerAfter the initial login at USP Profile The Publicthe authorised agent can open

Service Developmente-Services, one of which is theThe Federal Computing Centre ofe-Invoicing system that offersAustria – Bundesrechenzentrum Agency (PSDA)

partners, is leading the work several channels to transfer(BRZ) is the market-leadingpackage “Pilot” as well as the task e-Invoices to the AustrianeGovernment partner of the The Public Service Development“Pilot Description”. Furthermore, government including webfederal administration in Austria. Agency (PSDA) is a legal entityBRZ is involved in all other work service communication.Primarily, BRZ is in charge of of public law of the Ministry ofpackages in the project.infrastructure and this service has Justice of Georgia. PSDA wasThe validation of the certificate

successfully deployed more than created in July 2012 on the basisshould be done with the300 IT processes. of the Civil Registry AgencyFutureTrust validation service

(CRA) and gained new functions(ValS). If the document isOverall, BRZ supports more thanincluding the development ofAssessing the additionally digitally signed, the400 eGovernment applications thatpublic services using innovativee-Invoicing system will use ValSare used by five million users. It runs Applicability ofapproaches.again, to prove the e-Signature,one of Austria’s largest computing FutureTrust Services also using the FutureTrust Globalcentres, its own parallel computingNowadays, PSDA is increasinglyTrust Service List service (gTSL).centre and ensures one of the most For e-Invoicingfocusing on innovative productE-Invoices are not required by lawreliable infrastructures available.and service development withto be electronically signed, but itThe Federal Computing Centre of BRZ develops and operates the an eye on service quality andis also not prohibited, so this pilotAustria is also an internationally Austrian shared application expediency. This capacity of PSDAsets out to prove the concept andrenowned cooperation partner and “e-Invoice submission to the is at the disposal of all publicassess the applicability of thehas been part of projects such as Austrian Public Sector” by order institutions in Georgia, whichFutureTrust services.the Euritas (European Association of the Austrian Federal Ministry of either have no capacity, or findof Public IT service providers). For this pilot, the e-InvoicingFinance. The system is integrated it less feasible to maintain an in-

system is chosen because of theBRZ, as one of the piloting in the Austrian governmental

A project funded under The European Commission program:www.FutureTrust.eu H2020 DS-05-2015 GA No: 700542

house research and development team.

permit, with electronic signature and online

documents, according to the integration, the adoption of eIDASRegulation serves as a clear signal“Hague Convention Abolishingon how digital communicationthe Requirement of Legalisationto the EU will function for thefor Foreign Public Documents”FutureTrustupcoming decades.(Apostille Convention). WhileBulletin

there are a number of countriesEdition No. 3 In response, Georgia startedalready issuing e-Apostille, thereJune 2017 reviewing its legislation. As ais neither a unified, cross-border result, a new law on “Electronicvalidation service, nor the unified Document and Electronic Trustformat suitable for automated Services” was created and eIDASprocessing. Thus, the pilot aims was used as its basis. One ofto fill this gap and foster creation the FutureTrust partners, Publicof a more unified view on Service Development Agency of

authentication capabilities e-Apostilles. the Ministry of Justice of GeorgiaIn the context of e-Governance, Introduction of electronic (PSDA), is co-author of the draftPSDA can be regarded as one Additionally, PSDA participates insignature in Georgian banking law.of the core agencies, to which other work packages and activitiessector (joint project with the After active discussions with awell-developed e-Governance to contribute in overall success ofNational Bank of Georgia and wide range of public and privatesolutions are essential, as they the FutureTrust project.National Forensics Bureau) organisations, the draft lawunderpin the core mission of Introduction of e-Governance was initiated in the Parliamentthe organisation - to develop in local governments of Georgia. It was adopted inimproved public services for Introduction of e-Seal in the third (final) reading on 21people and organisations. As part private and public sector April 2017. Entry into forceGeorgia’s Way to eIDASof the broader e-Governance requires only some technicalIntroduction and promotion Written by The Publicagenda, development of trust steps; signature from theof Time-Stamping servicesservices plays an important role. Service Development President and official publicationPSDA, as the sole provider of that is expected to happenAgency (PSDA)PSDA is responsible for definingthese services in Georgia is thus soon. Drafting of secondary(WP3) and implementing (WP4)tasked to introduce necessary legislation (supervision, technicaleIDAS Regulation is a major stepone of the pilot projects, whichmeasures to ensure continuous regulations, etc.) has alreadyforward for the European Unionwill rely on FutureTrust coreadvancements of the technology been started and completion ofservices (such as Comprehensive (EU). It replaced a 15-years-oldand respective legal base. the work is also scheduled forValidation Service and Scalable directive and paved a way for

2017 .Preservation Service) and let users standardisation of many services,Relevant projects include: verify electronic endorsements of with particular focus on cross- The new legislation will mainly

the official electronic documents. border interoperability. For such cover the parts of eIDAS on trustIntroduction of electronic ID Such endorsements, called non-EU countries as Georgia, services. However, Georgia is alsocard and electronic residence Apostilles are now used on paper that is on its way to European actively working to improve its

A project funded under The European Commission program:www.FutureTrust.eu H2020 DS-05-2015 GA No: 700542

electronic identification schemes. Germany, Norway, Portugal, we presented the results of aSweden and United Kingdom). comprehensive security analysisIntroduction of Electronic ID Card FutureTrust WorkEven though all the countries of existing JSON securityin Georgia in 2011 was a major Package Updates support SAML, the SAML usage in libraries revealing new insightsFutureTrust step for allowing each and everythese countries is not compatible. and discovering differentBulletin citizen and alien to authenticateThis is caused by the usage of vulnerabilities. Such libraries areEdition No. 3 themselves in such electronicdifferent protocol and extension used in popular Single Sign-OnJune 2017 services as citizen’s portal versions, or security mechanisms. protocols like OpenID Connect

(https://my.gov.ge ). Currently, it Our analysis summarised in and OAuth.is planned to create a centralised deliverables 2.1 and 2.2.

In addition to the above-authentication system, fullyFinally, we worked on the mentioned results, we presentedcompatible with eIDAS, that will description of the trust our work at different well-knownbe used as a tool to authenticate We worked on the first deliverable foundations, which will be conferences and workshops like

persons in electronic services. on legal foundations of trust covered in deliverable 2.5. the TLS 1.3 Workshop on Design,The activity will be led by PSDA. and trustworthiness which was Implementation & Verification inOther activities related to WP2submitted in January. It comprises Paris.Membership of FutureTrust include:an analysis of the current state-consortium is considered by Our analysis of Single Sign-Onof-the-art in relation to EUPSDA as a great opportunity relevant standards resulted inprivacy and data protection lawfor bringing more eIDAS in the a paper titled SoK: Single Sign-and eIDAS, and derives a list ofcountry, and strengthening On Security – An Evaluation oftrustworthiness requirements.digital links between Georgia and OpenID Connect. This paper

Furthermore, we worked on the was presented at IEEE Europeanthe EU. analysis of relevant eID standards Symposium on Security andand discussed possible gaps. One The design work in WP3 advancedPrivacy 2017. It shows a systematicof the major gaps we identified as planned and the continuousanalysis of attacks on the OpenIDare missing documents on eID alignment of the parallel workConnect protocol, includingsystems and infrastructures in the different tasks (3.1new protocol vulnerabilities.implemented in different through 3.7) has produced veryBecause of our work, the OpenIDcountries. Only a few countries good drafts, which have passedConnect specification washave made their specifications internal review and are currentlyupdated to contain importantpublic and thus allowed us being finalised to meet the M12-countermeasures.to perform a comprehensive deadline. These deliverables

This year at OWASP Europe, wesecurity analysis. We were able will not only provide a solidprovided a three-day trainingto analyse the eID specifications foundation for the upcomingsession addressing the securityof 10 out of 31 countries offering development tasks, but also aof Single Sign-On protocols.eID services (Austria, Bulgaria, good basis for further strategical

Denmark, Finland, Georgia, Moreover, at the conference dissemination activities.

A project funded under The European Commission program:www.FutureTrust.eu H2020 DS-05-2015 GA No: 700542

WP2 SummaryTitle: FoundationsLead Partner: Ruhr University

Bochum,Germany

Contact: Dr Juraj Somorovsky

WP3 SummaryTitle: DesignLead Partner: ecsec – GermanyContact: Dr Detlef Hühnlein

For example, there will soon be a Closest deliverables are: D6.5: Exploitation,description of the eIDAS Ecosystem Contextual and SituationalThe implementation of thefor the https://eid.as website DescriptionGlobal Service Trust Status List,based on D3.1 and an interactiveFutureTrust foreseen for November 2017map tool, which visualises the D6.8: DisseminationBulletinexisting eIDAS Services on this Contextual and SituationalEdition No. 3 The definition ofinteractive map. For those of you, DescriptionJune 2017 FutureTrust pilot applicationwho do not want to wait for the infrastructure set-up, All deliverables including D6.1 arepublic release, there is a preview foreseen for December 2017 on schedule. EEMA has continuedavailable. The long-term plan is to coordinate the awareness ofOther deliverables are plannedto visualise the additional Trust FutureTrust across many industryfor 2018 and 2019.Lists produced all over the world meetings at the EU and beyond.in a similar manner.

In May, Jon Shamah delivered anFurthermore D3.1 will form the address entitled ‘The practicalbasis for a whitepaper in which implementation of the eIDASwe plan to highlight gaps in the regulation in Europe and beyond’standardisation landscape and introducing FutureTrust atpossible ways to fill the gaps in PORVOO 19 in Rome.ETSI ESI, OASIS DSS-X and related No update as WP5 is scheduled to The following were all submittedinitiatives. commence in M13. to the EU on schedule:

D6.13: Definition of PilotMarketing Measures

Implementation and test planproduced and delivered followingreviews from all stakeholders.Almost all development taskshave started according to thedesign documents produced

A project funded under The European Commission program:www.FutureTrust.eu H2020 DS-05-2015 GA No: 700542

WP6 SummaryTitle: Dissemination,

Exploitation, TechnologyTransfer

Lead Partner: EEMA – BelgiumContact: Jon Shamah

WP5 SummaryTitle: PilotLead Partner: BVA, GermanyContact: Christina Hermanns

WP4 SummaryTitle: ImplementationLead Partner: ARHS -

LuxembourgContact: Alexandre Defays

ded under The European Commission program:

re

re, nd ow nd

October 1

EEMA FiresOctober 1

ISSE 2017 November

Hack IstanDecember

FutureTrust Project Planned ActivitiesPartners and Events

FutureTrustBulletin Full details of all Partners can be EEMA Annual London

Edition No. 3 found on July 4th and 5th

June 2017 www.futuretrust.eu/home/#partner eGose 2017 St PetersburgSeptember 4th and 6th

Federal Office of AdministrationIAM Conference Canary Wharf(Germany)September 13th

EEMA (Belgium)World eIDArhs Spikeseed (Luxembourg)September 26th and 28th

Federal Computing Centre ofGlobal Forum WinnepegAustria (Austria)October 2nd and 3rd

ecsec GmbH (Germany)OID Karlstad SwedenGiesecke & Devrient GmbHOctober 5th and 6th(Germany)

LAW Trusted Third Party eID Conference BogotaServices (Pty) Ltd (S Africa) 0th and 11thMinistry of Interior Republic of ide LondonSerbia (Serbia) 7th

Multicert (Portugal) BrusselsPublic Service Development 14th and 15th

FutureTrust BrochuAgency (Georgia)bulNow AvailablePwC (Belgium) 7th and 8th

Ruhr-Universität BochumThe new FutureTrust brochu(Germany)explaining the project a

Secure Information Technology listing the partners, is nCenter (Austria) available in printed form aSouthampton University (UK) also in a PDF.Trustable Ltd (UK)Türkiye Bilimsel veTeknolojik

Dissemination Partner WP6Arastruma Kurumu TUBITAK(Turkey)

Produced by EEMA – WP6 Lead – FutureTrust A project funwww.FutureTrust.eu H2020 DS-05-2015 GA No: 700542