Transboundary Trust Space

February 16, 2012

Ensuring trust in information exchange – proposal and approaches from Russia

and CIS-states (RCC states)

National Certification AuthorityAlexander Sazonov

Regional Commonwealth in the field of communicationswww.en.rcc.org.ru

Ministry of Communications and Mass Media of the Russian Federationwww.minsvyaz.ru

Transboundary Trust Space

Presentation plan

I. Introduction. Brief information about the RCC. Primary tasks and directions of activities

II. Activity on forming of the Transboundary trust space

III. Description of the Transboundary trust space architecture. Common trust infrastructure services

IV. Transboundary trust space standardization issues

Introduction

Regional Commonwealth in the field of communications (RCC)

December 1991 – heads of CIS states’ Communications Administrations signed Agreement on Establishment of RCC - an organization called upon to carry out cooperation between new independent states in the field of telecommunication and postal communication based on their free will, principles of mutual respect and sovereignty.

October 1992 - the Heads of Government of the CIS countries signed the Agreement on coordination of interstate relations in the field of postal and telecommunication - the RCC is vested with the authority of an interstate coordinating body in the field of postal and telecommunication.

Introduction

RCC primary tasks

• extension of mutually beneficial relations between the RCC Administrations in harmonization of development of networks and communication means

• coordination of issues in scientific and technical policy, radio spectrum management, tariff policy on communications and mutual settlement services, personnel training

• interaction with international organizations in communications and informatization

• mutual information exchange etc.

Introduction

RCC activity directions

The Strategy of CIS member states in informatization field:

• creation of an enabling environment for cooperation in the field of ICT

• harmonization of legislation and development of standards regulations

• development of new ICT directions

• development of ICT sphere

Activity on TTS

Model of the forming and functioningof the CIS member-states’ transboundary trust space

in the Internet network (TTS Model)

Cardinal problem of the international electronic interaction is to ensure electronic documents validity

Activity on TTS

Basic concept of the TTS Model

• What is the best way to ensure trust in information exchange? – To have a opportunity to check trust. How to do it ?

• Through direct access to a data base. In practical terms this means an access for an agency in state A to a data base of an agency in state B. Ideally it allows to interact without documents exchange at all.

• If direct access is not possible, then the solution is to have states A and B appoint trusted parties through which such an access could be done.

• In our opinion, this is the only way to solve the problem of trust in information exchange (other suggested solutions do not offer a universal approach).

• We are open to ideas how the TTS Model can be improved and to other universal approaches to this problem.

Activity on TTS

Basic stages of TTS forming stated in the TTS Model

1. System engineering

2. Development of normative, legal and technical drafts set, necessary for TTS creation and functioning

3. Harmonization of the Commonwealth states’ national legislations, adaptation of national software and hardware existing, creation of the transboundary system segment, organization of operators’ activity, other practical actions to ensure functioning of the TTS as an integrated interstate information system

Activity on TTS

Methodology of the transboundary trust spaceforming and functioning in the Internet network

(TTS Methodology)

1. Conceptual framework description

2. TTS architecture description

3. Preliminary variants of TTS architecture performance and their selection algorithm

4. Approach to working out of requirements for a reliable identification of information interaction participants

TTS architecture

TTS architecture components

• The common trust infrastructure (CTI), consisting of specialized services

• Register systems (information systems of various state bodies (institutions)), which interact among themselves directly via electronic transferable records, herewith, interaction validity is ensured by CTI services

• Operators of register systems and CTI services

• Auditors of register systems and CTI services operators’ activity

TTS architecture

Ensuring of e-document’s validity function

TTS architecture

Services groups in the common trust infrastructure

Documentation services Additional services

Access service

TTS architecture

Document in the common trust infrastructure

TTS architecture

Support for distributed access control

TTS architecture

Advantages of using attribute certificates for a distributed access control

• no necessity to re-issue a public key certificate at subject’s powers alteration

• a subject can have several attribute certificates, with each being responsible for one or another type of powers

• subject’s powers can be stated in an attribute certificate in encrypted form

TTS architecture

Using attribute certificates to manage rights vested in negotiable instruments

An endorsement is an attribute certificate containing the following data:

• identification data of the attribute certificate itself

• hash value of a bill of lading content

• identification data of an endorsee’s public key certificate

Hash value of a bill of lading content ensures its integrity while public key certificate identification data univocallyidentifies an endorsee.

TTS architecture

Using attribute certificates to manage rights vested in negotiable instruments

TTS standardization issues

Primary standardization directions

• ensuring of terminology unification

• ensuring of electronic document’s format

• ensuring of information systems interoperability

• ensuring of electronic interaction validity

The principle of technological neutrality is to be observed

TTS standardization issues

Standardization vs. Technological neutrality

TTS standardization issues

Common trust infrastructure

TTS standardization issues

What guidelines should be observed when selecting a performance of service?

TTS standardization issues

Optimal variant – combination of different services’ performances

TTS standardization issues

Conclusions and suggested way forward

• RCC would be grateful to have UN/CEFACT opinion on the concept of the TTS Methodology and suggested mechanism of its implementation and evaluation of its efficiency in trusted information exchange.

• We suggest starting a discussion at UN/CEFACT and exchange of experience on the ways used by countries to achieve trust in information exchange.

• We suggest including this task in the programme of UN/CEFACT work and to prepare a recommendation on this subject (Russia is ready to start this work).

Transboundary Trust Space

Thank you for attention!We are open to you views, ideas and critics!

Latest versions of the TTS Model and TTS Methodology are published at the RCC website in section RCC activities –> Informatization -> The transboundary trust space of the CIS member-states

http://www.en.rcc.org.ru/index.php/rcc-activities/informatization-/261211

Speaker

Alexander Sazonovwww.nucrf.ru

sazonov@nucrf.ru

Any questions?NationalCertificationAuthority