eema & ict security frank jorissen deputy vp int’l operations, utimaco vice chairman eema...
TRANSCRIPT
EEMA & ICT SecurityFrank Jorissen
Deputy VP Int’l Operations, UtimacoVice Chairman EEMA & Chairman ISSE2000
PKI Forum MeetingDublin, 27-29 June 2000
WHAT IS EEMA?• An independent, non-profit forum • Formed 1987• Assist Users, Vendors & Service Providers• Close to 250 member organisations
- Most PTO’s and Service ProvidersMost PTO’s and Service Providers
- Vendors including: IBM, Compaq, Alcatel, Siemens, Microsoft, Lotus, - Vendors including: IBM, Compaq, Alcatel, Siemens, Microsoft, Lotus, SAP, iD2, Entrust, GlobalSign, VeriSign, Baltimore, Bull, Identrus, SAP, iD2, Entrust, GlobalSign, VeriSign, Baltimore, Bull, Identrus, Utimaco SafewareUtimaco Safeware
- Users including Unilever, Reuters, Shell, Volvo, BP, Exxon, ING - Users including Unilever, Reuters, Shell, Volvo, BP, Exxon, ING Bank, Glaxo Wellcome, Hoffmann la Roche, AstraZeneca, Bank, Glaxo Wellcome, Hoffmann la Roche, AstraZeneca, European Commission, SWIFT, ICC, etc. European Commission, SWIFT, ICC, etc.
- Sister Organisations:- Sister Organisations:USA, Japan, Australia, Pacific, Oceania, RussiaUSA, Japan, Australia, Pacific, Oceania, Russia
--> --> A major force in the growth of European E- Business
EEMA Interest Groups“ECAF/Security”--> ECAF Model--> ECAF Model--> “C2K” (Challenge2000)--> “C2K” (Challenge2000)
--> ISSE2000 Conference--> ISSE2000 Conference--> EESSI Steering Group liaison--> EESSI Steering Group liaison
--> PKI Forum liaison ?--> PKI Forum liaison ?......
+ Other E-business-related Interest Groups: Directories, Unified Messaging, Users, EDI / E-Commerce, Knowledge Management, Events & Marcom, Standards
EEMA Events 2000• Month Activity Venue• Jan 27/28 IBC Unified Messaging London • Feb 24/25 ECAF Workshop Amsterdam• Mar 28-30 e-business expo Birmingham• April 4-8 EMA Annual Conference Boston • Apr 11-13 Infosec UK London• Apr 10-11 Knowledge Management London• May Infosec Frankfurt• Jun 21-23 EBE200 (Annual Conference) London• Sep 26-29 ISSE2000 Barcelona• Oct 23/24 Directories Workshop Munich
• Nov E-commerce & XML London
EEMA InfrastructureLegal StatusLegal Status
Not for profit, E-Business Association, Not for profit, E-Business Association, Registered in Belgium, owned by the Membership,Registered in Belgium, owned by the Membership,
Executive Office:
Managing Director Dave Hobart
Executive Director Roger Dean
Membership Sales Alison James
Interest Group Mger Jane Hebson
Events Manager Patricia Doward
Marketing Manager Cathie Rolinson
Accounts Rosemary Martin
Membership Secretary Charmian Gibson
Account Management Sharon Cemm
Secretariat Fiona Hawkins
WHAT IS “WEMA” ?• World Forum for electronic business• Virtual Composition of all “EMA’s” worldwide:
USUSEuropeEuropeAustraliaAustraliaBrazilBrazilJapanJapanAsia/OceaniaAsia/OceaniaRussiaRussia
Objective of the “ECAF Model”
ECAF wants to help EEMA members in clarifying the necessity of certification services,
its relationship with Electronic Businessand how to implement certification services within your
Electronic Business
Structure of the ECAF Model
• The ECAF Model consists of four subsequent phases for developing an approach to implement
a suitable certification solution
• The ECAF Model consists of four subsequent phases for developing an approach to implement
a suitable certification solution
StrategyStrategy Choose Choose Implement Implement Audit Audit
Challenge2000 (“C2K”)
1. Historic Overview
“Challenges”:a rich WEMA Tradition
• Since the early 90’s
• On evolving technologies
• By “WEMA” organisations worldwide
• US + Europe + Australia: PKI interoperability during the period 1999-2001
• EMA Showcase was demonstrated at last EMA Annual Conference (FBCA + BQM)
• EEMA/ECAF: adding “the European flavour” !
2. “Phase 0”:Project Plan & Funding
C2K Objectives:
• Enable the further development of e-business through PKI interoperability
• At the level of PKI, Certification Service Providers and PKI-enabled applications
• To provide an “infrastructure” that will effectively enable such interoperability between many vendors and users
C2K Objectives:
• Based on well-established standards, eg the IETF’s PKIX, S/MIMEv3,...
• Also based on Europe-specific requirements, as described in the Electronic Signature Directive, and in “EESSI standards” by ETSI and CEN/ISSS
• To disseminate, demonstrate & promote results
• Liaisons: EESSI, TTT, PKI Forum (,…)
Crypto
Applications
Crypto
Applications
END ENTITY A END ENTITY B
COMMUNICATIONS
DirectoryServices
PKI A
CA
RARA
PKI B
CA
RA RA
I
X.509 V3X.509 V3
X.509 V3X.509 V3
II
CA
III
Scope of interoperabilityin C2K context:
Today’s Status• Project submitted under the “Fifth
Framework program” (FP5/IST), under “Accompanying Measures”
• Formal acceptance expected very soon (end of June 2000)
• ==> Project start round Q4/2000
3. “Phase 1”: Project Infrastructure & Management
Phase 1: Project Infrastructure & Management
WP1: Project Co-ordination, management & QA WP2 - produce scope and definition of the criteria for
interoperability of PKI products and services WP3: performing awareness activity & identifying
participants, negotiating and contracting with them. WP4 - producing the detailed plan and specifications
for the interoperability tests WP5 - building the test infrastructure
4. “Phase 2”: Interoperability Testing
Phase 2: The Interoperability Testing
WP3 (part) - identifying potential participants, negotiating and contracting with them.
WP6 - performing the interoperability tests WP7 - demonstrating and disseminating the
results of WP6 at “ISSE” and “EBE” (Annual EEMA) Conferences
WP8 - writing the final project report
Who participatein “phase 1” ?
Baltimore, Belgacom, EEMA, Entegrity, Entrust, GlobalSign, iD2, KPMG, Makra,
Security&Standards, UK Post,University of Leuven (“COSIC” & “ICRI”
Labs), University of Salford, Utimaco Safeware
Who will be involved in “phase 2” ?
• “Active” Participants:• PKI technology vendors
• CA Service providers
• Users
• Universities, research institutes, consultants
• “Passive” Participants
-----> YOU ??
ISSE2000Barcelona, 27-29 September
Background
The EU’s ICT Security Industry + CEC The EU’s ICT Security Industry + CEC Took the Initiative in Dec. ‘98Took the Initiative in Dec. ‘98
--> Objective:--> Objective: The organisation of an annual European information
security conference, named “Information Security Solutions Europe” (ISSE), user-oriented and industry-driven. ISSE to become Europe’s reference event with a focus on the use of new cryptographic technologies in the Internet society.
Structure
Three organising partners:
EEMA EEMA – ISSE Owners & Conference/Exhibition organisers
TeleTrusT TeleTrusT – Supporting Organisation and Chair of the Programme Committee
European Commission, DG INFSOCEuropean Commission, DG INFSOC
The Conference• Plenary Sessions & 4 Parallel Streams
• Technology
• Infrastructure
• Applications
• Legal & Political Issues
• The day before ISSE2000:- EESSI Workshop- Educational Session
• Exhibition
• 800-1000 p. expected
• Preliminary Programs will be made available here
• 50% discount on travel with Iberia• More info: www.eema.org/isse
---> Don’t miss it !