EEMA & ICT SecurityFrank Jorissen

Deputy VP Int’l Operations, UtimacoVice Chairman EEMA & Chairman ISSE2000

frank.jorissen@utimaco.be

PKI Forum MeetingDublin, 27-29 June 2000

WHAT IS EEMA?• An independent, non-profit forum • Formed 1987• Assist Users, Vendors & Service Providers• Close to 250 member organisations

- Most PTO’s and Service ProvidersMost PTO’s and Service Providers

- Vendors including: IBM, Compaq, Alcatel, Siemens, Microsoft, Lotus, - Vendors including: IBM, Compaq, Alcatel, Siemens, Microsoft, Lotus, SAP, iD2, Entrust, GlobalSign, VeriSign, Baltimore, Bull, Identrus, SAP, iD2, Entrust, GlobalSign, VeriSign, Baltimore, Bull, Identrus, Utimaco SafewareUtimaco Safeware

- Users including Unilever, Reuters, Shell, Volvo, BP, Exxon, ING - Users including Unilever, Reuters, Shell, Volvo, BP, Exxon, ING Bank, Glaxo Wellcome, Hoffmann la Roche, AstraZeneca, Bank, Glaxo Wellcome, Hoffmann la Roche, AstraZeneca, European Commission, SWIFT, ICC, etc. European Commission, SWIFT, ICC, etc.

- Sister Organisations:- Sister Organisations:USA, Japan, Australia, Pacific, Oceania, RussiaUSA, Japan, Australia, Pacific, Oceania, Russia

--> --> A major force in the growth of European E- Business

EEMA Interest Groups“ECAF/Security”--> ECAF Model--> ECAF Model--> “C2K” (Challenge2000)--> “C2K” (Challenge2000)

--> ISSE2000 Conference--> ISSE2000 Conference--> EESSI Steering Group liaison--> EESSI Steering Group liaison

--> PKI Forum liaison ?--> PKI Forum liaison ?......

+ Other E-business-related Interest Groups: Directories, Unified Messaging, Users, EDI / E-Commerce, Knowledge Management, Events & Marcom, Standards

EEMA Events 2000• Month Activity Venue• Jan 27/28 IBC Unified Messaging London • Feb 24/25 ECAF Workshop Amsterdam• Mar 28-30 e-business expo Birmingham• April 4-8 EMA Annual Conference Boston • Apr 11-13 Infosec UK London• Apr 10-11 Knowledge Management London• May Infosec Frankfurt• Jun 21-23 EBE200 (Annual Conference) London• Sep 26-29 ISSE2000 Barcelona• Oct 23/24 Directories Workshop Munich

• Nov E-commerce & XML London

EEMA InfrastructureLegal StatusLegal Status

Not for profit, E-Business Association, Not for profit, E-Business Association, Registered in Belgium, owned by the Membership,Registered in Belgium, owned by the Membership,

Executive Office:

Managing Director Dave Hobart

Executive Director Roger Dean

Membership Sales Alison James

Interest Group Mger Jane Hebson

Events Manager Patricia Doward

Marketing Manager Cathie Rolinson

Accounts Rosemary Martin

Membership Secretary Charmian Gibson

Account Management Sharon Cemm

Secretariat Fiona Hawkins

WHAT IS “WEMA” ?• World Forum for electronic business• Virtual Composition of all “EMA’s” worldwide:

USUSEuropeEuropeAustraliaAustraliaBrazilBrazilJapanJapanAsia/OceaniaAsia/OceaniaRussiaRussia

Objective of the “ECAF Model”

ECAF wants to help EEMA members in clarifying the necessity of certification services,

its relationship with Electronic Businessand how to implement certification services within your

Electronic Business

Structure of the ECAF Model

• The ECAF Model consists of four subsequent phases for developing an approach to implement

a suitable certification solution

• The ECAF Model consists of four subsequent phases for developing an approach to implement

a suitable certification solution

StrategyStrategy Choose Choose Implement Implement Audit Audit

Challenge2000 (“C2K”)

1. Historic Overview

“Challenges”:a rich WEMA Tradition

• Since the early 90’s

• On evolving technologies

• By “WEMA” organisations worldwide

• US + Europe + Australia: PKI interoperability during the period 1999-2001

• EMA Showcase was demonstrated at last EMA Annual Conference (FBCA + BQM)

• EEMA/ECAF: adding “the European flavour” !

2. “Phase 0”:Project Plan & Funding

C2K Objectives:

• Enable the further development of e-business through PKI interoperability

• At the level of PKI, Certification Service Providers and PKI-enabled applications

• To provide an “infrastructure” that will effectively enable such interoperability between many vendors and users

C2K Objectives:

• Based on well-established standards, eg the IETF’s PKIX, S/MIMEv3,...

• Also based on Europe-specific requirements, as described in the Electronic Signature Directive, and in “EESSI standards” by ETSI and CEN/ISSS

• To disseminate, demonstrate & promote results

• Liaisons: EESSI, TTT, PKI Forum (,…)

Crypto

Applications

Crypto

Applications

END ENTITY A END ENTITY B

COMMUNICATIONS

DirectoryServices

PKI A

CA

RARA

PKI B

CA

RA RA

I

X.509 V3X.509 V3

X.509 V3X.509 V3

II

CA

III

Scope of interoperabilityin C2K context:

Today’s Status• Project submitted under the “Fifth

Framework program” (FP5/IST), under “Accompanying Measures”

• Formal acceptance expected very soon (end of June 2000)

• ==> Project start round Q4/2000

3. “Phase 1”: Project Infrastructure & Management

Phase 1: Project Infrastructure & Management

WP1: Project Co-ordination, management & QA WP2 - produce scope and definition of the criteria for

interoperability of PKI products and services WP3: performing awareness activity & identifying

participants, negotiating and contracting with them. WP4 - producing the detailed plan and specifications

for the interoperability tests WP5 - building the test infrastructure

4. “Phase 2”: Interoperability Testing

Phase 2: The Interoperability Testing

WP3 (part) - identifying potential participants, negotiating and contracting with them.

WP6 - performing the interoperability tests WP7 - demonstrating and disseminating the

results of WP6 at “ISSE” and “EBE” (Annual EEMA) Conferences

WP8 - writing the final project report

Who participatein “phase 1” ?

Baltimore, Belgacom, EEMA, Entegrity, Entrust, GlobalSign, iD2, KPMG, Makra,

Security&Standards, UK Post,University of Leuven (“COSIC” & “ICRI”

Labs), University of Salford, Utimaco Safeware

Who will be involved in “phase 2” ?

• “Active” Participants:• PKI technology vendors

• CA Service providers

• Users

• Universities, research institutes, consultants

• “Passive” Participants

-----> YOU ??

ISSE2000Barcelona, 27-29 September

Background

The EU’s ICT Security Industry + CEC The EU’s ICT Security Industry + CEC Took the Initiative in Dec. ‘98Took the Initiative in Dec. ‘98

--> Objective:--> Objective: The organisation of an annual European information

security conference, named “Information Security Solutions Europe” (ISSE), user-oriented and industry-driven. ISSE to become Europe’s reference event with a focus on the use of new cryptographic technologies in the Internet society.

Structure

Three organising partners:

EEMA EEMA – ISSE Owners & Conference/Exhibition organisers

TeleTrusT TeleTrusT – Supporting Organisation and Chair of the Programme Committee

European Commission, DG INFSOCEuropean Commission, DG INFSOC

The Conference• Plenary Sessions & 4 Parallel Streams

• Technology

• Infrastructure

• Applications

• Legal & Political Issues

• The day before ISSE2000:- EESSI Workshop- Educational Session

• Exhibition

• 800-1000 p. expected

• Preliminary Programs will be made available here

• 50% discount on travel with Iberia• More info: www.eema.org/isse

---> Don’t miss it !