FITUG e.V.

Förderverein Informationstechnik und Gesellschaft

FW: E-SIGN WS/call for experts

------- Forwarded message follows ------- From: "Caspar Bowden" <cb@fipr.org> To: "Ukcrypto (E-mail)" <ukcrypto@maillist.ox.ac.uk>, <eucrypto@fitug.de> Subject: FW: E-SIGN WS/call for experts Date sent: Mon, 10 Jan 2000 21:03:00 -0000

[ Double-click this line for list subscription options ]

Haven't seen much about this on ukcrypto (or eucrypto) - hope it's of interest. I still find the auspices of this CEN/ISSSSSS thing somewhate impenetrable. If anyone has any opinions to share, I'd be grateful to have by private e-mail.

Sorry if this strikes folk as a bit of a mailbomb. There are some details on http://www.ict.etsi.org/eessi/EESSI-homepage.htm, but not apparently all - I have suggested to DG3 more than once that it would be nice to do all this stuff on with open Websites and open mailing lists. Not the EU's style I'm afraid.

-- Caspar Bowden http://www.fipr.org Director, Foundation for Information Policy Research Tel: +44(0)171 354 2333 Fax: +44(0)171 827 6534

-----Original Message----- From: ISSS-EESSI List ISSS - CENORM created 04 november 99 [mailto:ISSS-EESSI@LISTSERV.CENORM.BE] On Behalf Of Skouma Georgia Sent: 10 January 2000 15:04 To: ISSS-EESSI@LISTSERV.CENORM.BE Subject: E-SIGN WS/call for experts

E-SIGN WORKSHOP

OPEN CALL FOR PROJECT TEAM EXPERTS

Dear Sir/Madam,

At the kick-off meeting of the CEN/ISSS Electronic Signatures (E-SIGN) Workshop the proposed Business Plan of the new Workshop was formally approved - subject to amendments currently circulated -.

As discussed in the meeting, the Business Plan requires the establishment of Project Teams of individual Editors in a number of areas. In the light of the revised version of the Business Plan, expert and/or editing work will be needed as follows:

¨ Security requirements for trustworthy systems and products (EESSI area D)

A Project Team of three experts for a total of 9 man-months, during Q1-Q4/2000

¨ Security requirements for secure signature creation device (EESSI area F)

A Project Team of three experts for a total of 9 man-months, during Q1-Q3/2000

The reference Working Group for these activities is the Ť Security requirements for signature products ť Working Group [WG D&F].

¨ Signature creation environment (EESSI area G-1)

A Project Team of three experts for a total of 6 man-months, Q1-Q3/2000

¨ Signature verification process and environment (EESSI area G-2)

A Project Team of three experts for a total of 6 man-months, Q1-Q3/2000

The reference Working Group for these items is the Ť Signature creation and verification ť Working Group [WG G].

¨ Conformity assessment of signature products and services (EESSI area V)

One editor is required for a total of 3 man-months, Q1-Q3/2000

The reference Working Group for this item is the Ť Conformity assessment of signature products and services ť Working Group, [WG V].

Proposed Terms of Reference (ToRs) for the establishment of the Project Teams and Editor are outlined below: these may be subject to amendment with the agreement of the Workshop. Specific sections provide the details for the individual work areas. Annex I contains information generally applicable. Annex II summarises the rules for the setting up and functioning of Project Teams in CEN/ISSS Workshops.

Please note that companies can nominate their personnel, and also any individual may apply as a candidate expert, provided that nominees and candidates fulfil the required criteria for selection and also availability in view of the timetables provided below.

Interested candidate experts are kindly requested to send their nominations by Thursday, 20 January 2000, to Georgia Skouma, Workshop Manager, at the CEN/ISSS Secretariat (georgia.skouma@cenorm.be) by sending back the attached application form (Annex III) along with a short Curriculum Vitae.

Please note that specification of the Project Team in which you would like to participate is also required. You can apply for more than one Project Teams. However, effort will be made to avoid appointment of the same candidate expert in more than one Project Teams.

Experts should be thoroughly familiar with ICT standardization and of the specific requirements in the domain of Electronic Signatures. A project team Leader/Manager will be appointed, with the role of ensuring overall co-ordination and the coherence of the expected deliverables.

According to the CEN/ISSS general rules on the selection and appointment of the Project Team experts (Annex II), we propose for the composition of the Selection Panel a three-member Committee consisting of the Chair and Secretary of the E-SIGN Workshop and of one representative of the CEN/ISSS Secretariat. We also suggest the participation of the EESSI Steering Committee Chair and, eventually, of any of the registered members to the E-SIGN Workshop who wish to closely follow the selection procedure.

The reimbursement rate for accepted experts will be 650 EURO/man day, including travel and lodging costs. Project Teams will be organised in Brussels or at other easy-to-reach places. However, experts are expected to carry out most work on the projects from their base, with exchange of documents and discussions taking place primarily electronically.

I look forward with you to the appointment of successful contributors.

Yours sincerely,

John Ketchell E-SIGN WORKSHOP

TERMS OF REFERENCE FOR PROJECT TEAMS AND EDITORS

1) Titles of the activities to be established

Electronic Signatures (E-SIGN) Project Team 1 - Trustworthy Systems and Products (area D) Electronic Signatures (E-SIGN) Project Team 2 - Signature creation devices (area F) Electronic Signatures (E-SIGN) Project Team 3 - Signature Creation (area G). Electronic Signature (E-SIGN) Project Team 4 - Signature Verification (area G) Electronic Signature (E-SIGN) Editor - Conformity assessment of products and services for electronic signatures (area V)

2) Subject and Scope

Reference is made to the Workshop Business Plan, section 4.

3) Justification of a Project/Editor Team

It is felt that the duration of the expected work, combined with the technical expertise required for the production of the deliverables cannot be met through voluntary resources only. Paid editing work is also required in order to speed the production of the proposed CWAs.

4) Reference Authority

The relevant WS/E-SIGN Working Groups will be Reference Authority in the first instance as described below. Ultimately the Workshop Plenary will be responsible for approval of the final deliverables.

PROJECT TEAMS WORKING GROUPS

Project Team 1: "Security requirements for signature products" Project Team 2: "Security requirements for signature products" Project Team 3: "Signature creation and verification" Project Team 4: "Signature creation and verification" Editor: "Conformity assessment of signature products and services"

5) General Context/Background/Environment

Reference is made to Annex I, point 1.

6) Work plan including duration and target dates

According to the Business Plan, and assuming the work starts in February 2000, the work is expected to be finalised with the adoption of the relevant CWAs, as follows:

Project Team 1: during Q4/2000

Project Team 2: during Q3/2000

Project Team 3: during Q3/2000

Project Team 4: during Q3/2000

Editor: during Q3/2000

The following tentative draft schedule is envisaged:

In the short term:

¨ Kick-off meeting of the Project Team during the week of 7-10 February 2000

One day will be provided for a meeting between the Project Team's members and a second for a meeting with the members of the relevant Working Groups (exact dates to be announced in due course).

¨ First set of contributions or progress report for discussion at the second meeting of WS/E-SIGN, 9/10 March 2000.

In the longer term:

N.B. : The rest of the timetables outlined below are indicative and may be adopted to meet the detailed E-SIGN WS/WG(s) planning and the Project Teams' own work plans.

¨ Interim Report for comments by WG and/or WS Plenary: June 2000 ¨ Adoption of the final draft and submission of the final report on the results (deliverables) to the WG and/or WS Plenary: September 2000 (November 2000 for Project Team 1) ¨ Agreement on the final results/deliverables or as a contribution to the published CWAs by the WS Plenary: October 2000 (December 2000 for Project Team 1).

7) Manpower (in man-days or man-months)

Project Team 1: Three experts are required, one to act as a leader, to co-ordinate the work and present the results. The total resource required is 9 man months.

Project Team 2: Three experts are required, one to act as a leader, to co-ordinate the work and present the results. The total resource required is 6 man months.

Project Team 3: Three experts are required, one to act as a leader, to co-ordinate the work and present the results. The total resource required is 6 man months.

Project Team 4: Three experts are required, one to act as a leader, to co-ordinate the work and present the results. The total resource required is 6 man months.

Editor: The editor will be required for a total of 3 man-months.

It is planned that the Project Teams will be making use of electronic tools to minimize the number of meetings. At the present stage, it is foreseen that up to 6 physical meetings will take place, probably in association with scheduled WG or WS Plenary meetings.

At the first Project Team meetings, the experts will: ˇ start the activity, i.e., finalise the contractual aspects. [To be noted that a first payment will be made at contract signature]; ˇ agree on Project Team internal working procedures; ˇ discuss the initial set of contributions; ˇ agree on an initial split of responsibilities and of first conclusions to be reached; ˇ allocate an initial number of man days to each member of the Project Team.

8) Characteristics of the expertise required and criteria for selection of candidates

Reference is made to Annex I, point 5.

In addition the following special expertise is required for the candidates of the different areas:

Trustworthy systems and signature creation devices:

Knowledge and experience with security requirement specifications, especially Common Criteria and Protection Profiles

Signature creation and verification:

Knowledge and experience of products and procedures for signature creation and verification, certificate path validation etc.

Conformity assessment:

Knowledge and experience of conformance assessment, evaluation, certification and accreditation schemes.

9) Expected deliverables

The expected main deliverables are the production of interim reports, the preparation of contributions to first drafts of CWAs, and of final drafts of CWAs for approval by the Workshop. A phased approach will determine the contractual steps towards the endorsement of the specific deliverable.

An inventory of the proposed activities and deliverables is provided in the Workshop's Business Plan Sections 4.1.2, 4.2.3, 4.3.4, 4.4.3 and 4.5.2.

For the area "Conformity assessment", the editor should work in close liaison with EA (the European Co-operation for Accreditation).

Annex I

GENERAL TERMS OF REFERENCE FOR E-SIGN PROJECT TEAMS

The present chapter outlines a set of guidelines (ToRs) for the Project Teams that will be set up in the framework of the Electronic Signatures Workshop, which commonly apply to all the Project Groups without distinction of work areas.

Therefore, this section should be read together with the specific set of ToRs corresponding to each one of the Project Teams, which are described in the specific chapters above for each project group.

1) General context/Background

In the framework of the European Electronic Signature Standardization Initiative (EESSI) implementation phase, CEN/ISSS and ETSI/SEC have been entrusted with the execution of the work programme. The work areas were identified and their contents elaborated in the course of the first phase of the EESSI.

The core element in the definition of the work programme is a report drawn up by a Team of Experts, highlighting the key recommendations for standards-setting in the area of Electronic Signatures. These recommendations were amended further following the contributions of interested market players in the first phase of EESSI, which were taken into consideration in the final version of the Expert Team's report.

On the basis of the report, a number of areas prominent to standards-setting work were earmarked as of urgent and high priority items to start work with and a set of deliverables were specified.

The present document establishes a set of terms of Reference (ToRs) for the work items, the execution of which was allocated to CEN/ISSS through the setting up of the Electronic Signatures (E-SIGN) Workshop.

These areas are: ¨ Security requirements for trustworthy systems and products (EESSI area D); ¨ Security requirements for secure signature creation devices (EESSI area F); ¨ Signature creation process and environment (EESSI area G-1); ¨ Signature verification process and environment (EESSI area G-2); ¨Conformity assessment of products and services for electronic signatures (EESSI area V).

2) General Title of the Project Teams to be established

Every project team is assigned with reference to the Electronic Signatures (E-SIGN) Workshop. Accordingly, each Project Team will carry the general name "Electronic Signature" to be distinguished from each other by the use of the name and reference number of the specific work item.

3) General Subject and Scope

Each Project Group's work will be structured on the initial set of recommendations drawn up in the Expert Team's report and agreed in the course of the consultation procedure with the interested market players and of the Workshop's periodical discussion meetings. Finally, the contents of each work item are described in the Workshop's Business Plan amended according to the conclusions of the Workshop's kick-off meeting and approved by correspondence afterwards.

An area (V) require only editing work, without elaboration of new technical specifications.

Accordingly, this document addresses the ToRs for the expert and the editing work. In some areas, editing work is provided as specific task of the Expert Team, eventually at an ultimate stage, whereas in area (V) editing work is the only required assignment.

Other items require from the very beginning the establishment of a Project Team.

The elaboration of the report that oriented the specification of the work areas and of the work structure and content represents the response of the market to the Standardization Mandate on Electronic Signatures (M/279). It also closely inter-relates to different categories of European Commission projects (ISIS, IST 5th Framework Programme) and other initiatives (i.e., in the Privacy area). Interaction and co-operation with other Workshops (i.e., Electronic Commerce Workshop) or Technical Committees (i.e., TC 224, Machine readable cards, related media and operations) will also be taken into consideration in the actual working of the Project Teams.

4) Reference Authority

Note: In this text, the meaning of the word "plenary" is to indicate that the full Workshop membership is involved or consulted; it does not necessarily (although it can) imply a physical plenary meeting.

The respective Working Group for each Project Team at a first level.

The E-SIGN, Electronic Signatures Workshop, which is in the process of being established.

To a greater extent than the Workshop Project/Working Groups, the Workshop Plenary is considered to be the effective decision-making body.

This means that the Workshop Plenary will be consulted at every important step in the decision or delivery process. Under this heading we consider the following tasks: ¨ Acceptance of the CWAs; ¨ Confirmation of alterations to or refinements of the scope of certain projects; ¨ Decisions on technical positions that are to be considered as frozen (formally, this can happen through a clarification to this effect in the Business Plan); ¨ Being informed on any stable documentation produced in one of the project Working Groups.

The project Working Groups will be much more closely related to the detailed technical discussions on a certain subject, within the scope that the Workshop plenary has agreed for them. We consider the following tasks: ¨ Detailed technical discussions with the aim to reach consensus; ¨ Detailed discussions that may lead to suggestions for scope amendments (for confirmation by the Workshop Plenary): ¨ Monitoring of and guidance to the Project Teams that will produce the deliverables on behalf of the Working Group.

5) General characteristics of the expertise required and criteria for selection of candidates

In general terms, with regard to specialised experience/expertise, it is expected that the Project Team's members would have an in-depth knowledge of their own specialisation domain.

It should be underlined that participation of the categories of market players (manufacturers, users, service providers, legal experts, academia, accreditation bodies and public authorities) who are most concerned with each work area constitutes a general rule of the establishment of the CEN/ISSS Project Teams. This time as well, attention should be paid to make the synthesis of the E-SIGN Project Teams as balanced and widely representative as possible. However, because of the size of the Project Teams, it is practically impossible to provide representation of all the economic players.

The profile of the Project Team leader requires a broad overview knowledge of all domains falling under the scope of the addressed work area and has to be experienced in and equipped for leading Projects of comparable size. He is also expected to have a full understanding of current European issues in the area concerned and the ability to prospect the market needs in long term in a single Working Group.

The Project Teams should also be balanced in terms of nationality at the European level.

The ability to easily work in English and electronically is a requirement for every Project Team expert.

Last but not least, since the standardization work that is required constitutes a means of implementation of the current European legislative framework (notably of the European draft Directive on Electronic Signatures) in the European and national scales, a good understanding of the legislative content related to the potential work on the specified items is necessary. A thorough knowledge of the Electronic Signatures legal aspects is principally required for the Project Group Chairmen.

It should also be noted that occasional participation as reviewer of a legal consultant/lawyer specialised in the field of Electronic Signatures in a number of Project Groups (G-1 and G-2) is essential, in order to ascertain that the proposed directions towards standards-setting are in line with the legislative context. Annex II

Rules for the establishment and functioning of a Project Team in the CEN/ISSS Workshops

1 The concept of a Project Team (PT)

Project Teams are a light working structure, bringing together for a specified period of time a limited number of technical experts to complete specified tasks.

2 Types of work assigned to a PT

A Project Team may be created for each of the following purposes:

ˇ to prepare a draft programme of work on behalf of a Workshop or Workshop Project, developing standardization/specification requirements;

ˇ to provide support to a Workshop or Workshop Project on (a) specific and delimited task(s);

ˇ to carry out a study or investigation and to produce a Report with recommendations to the Workshop or Workshop Project;

ˇ to prepare the first drafts of CWAs for Workshop consideration and approval;

ˇ to carry out editing of documents;

ˇ to investigate and implement under the direction of the Workshop or Workshop Project prototype and pilot implementations of standards/specifications;

ˇ to prepare and carry out specific implementations under the direction of the Workshop or Workshop Project (for example through the creation of a Web site, or a register of objects or codes, where CEN/ISSS is required to provide a service to the standardization community.

3 Proposal for a PT

Proposals to establish Project Teams may be made by an existing or proposed Workshop, or Workshop Project, or by registered Workshop participants. The proposal submitted shall include the proposed Terms of Reference of the PT, including Technical Proposals where available, and the expected deliverables with corresponding target dates, as well as the required resources.

The originators shall also indicate the priority accorded to the request, due justification why a Project Team approach has to be used and the corresponding funding.

Proposals shall be approved by (where appropriate) the Workshop Project participants, and by the Workshop Plenary. 4 Terms of Reference of a PT

The proposal for a PT shall provide the necessary information to enable a good understanding of the expected task(s) and the corresponding outcome.

Proposals must at least contain the following sections :

1) Title of the Project Team to be established 2) Subject and Scope 3) Justification of a PT 4) Reference authority (Workshop in charge of the follow-up of action) 5) General context/Background/Environment 6) Work plan, including duration and target dates 7) Manpower (in man-days or man-months) 8) Characteristics of the expertise required and criteria for selection of candidates 9) Expected deliverable(s).

If relevant, and according to the type of work assignment, the Terms of Reference should also provide information about reference specifications and documents, and connected working bodies.

A Workshop Plenary may decide to open calls for Technical Proposals to its members, if there is a need to establish the detailed workplan for the Project; such calls, to be made by the Workshop Secretariat and posted on the CEN/ISSS Web Pages, may be concurrent with the call for the Project Team's establishment. Technical Proposals may be made by companies or individuals. Selection of Technical Proposals shall be made by a Selection Panel as specified in section 5, and the selection approved by the Workshop Plenary. Approved Technical Proposals shall be included in the Project Team's Terms of Reference.

5 Approval and establishment of a PT

Calls for applications to become members of a PT shall be made by the Workshop Secretariat, and notified to the CEN Member bodies and to registered Workshop participants, with a minimum time limit of one month. Applications to become members of a Project Team shall be made only by individuals. Where a Project Team requires only an editing task, it may comprise only one individual.

A Selection Panel established by the Workshop shall make the selection of the best-qualified candidates for Project Team membership according to the criteria laid down in the call for candidates. The membership of the Panel shall include, the Chairman and Secretary of the Workshop (if they are not themselves candidates), the Project Manager of any relevant Workshop Project (if he/she is not a candidate) and a representative of the CEN Secretary-General.

One or more specialists who have a good knowledge of the subject concerned and its industrial and standardization environment may assist the Selection Panel. These specialists shall not be candidates for the PT or involved with the submission of competitive Technical Proposals.

The Selection Panel shall ensure the composition of the Project Team is balanced, having regard to the required expertise in the subject matter and the different interest groups present in the Workshop.

The Selection Panel shall inform the Workshop of the composition of the Project Team. Workshop participants with specific objections to the inclusion of one or more of the selected individuals shall notify the Chairman of the Selection Panel, with their grounds for objection. The Selection Panel shall consider any objections and notify the Workshop Plenary of the outcome of their consideration.

Contracts will only be signed with companies, in principle not with individuals. These companies bear total legal liability for the expert(s) from their companies and for the good execution of the work contracted.

One signatory of the contract shall be the Secretary-General, or the responsible person of the CEN member holding the Workshop Secretariat, the other signatory shall be the relevant management level of the organisation providing the expert.

Workshop Chairmen and Project Managers who become experts in a PT shall not chair those parts of the meeting discussing the PT's progress and deliverables. Workshop Secretariat officials who become experts in a PT shall resign from their duties until the PT completes its tasks.

6 Management of a PT

Supervision of the PT work lies within the responsibility of the CEN Secretary General, delegated to the Secretariat of the Workshop, which shall be responsible for the administrative procedure and payment of the PT experts.

The Workshop Plenary shall be responsible for monitoring the PT, and for the technical approval of its results. PTs not preparing a formal document for approval, but which have been responsible for other tasks, shall prepare a report on their activities for the Workshop's acceptance. The PT shall in any case be disbanded when its tasks are completed.

After consulting the CEN Secretary-General, CEN/ISSS or the CEN member holding a Workshop Secretariat may terminate a contract if there is evidence that a PT expert is not fulfilling his/her contractual requirements or his/her performance is deficient. In general, any problems arising should be resolved with the organization providing the expert before a contract is cancelled.

7 Rules for financing of a Project Team

The Project Team members shall produce an invoice for each payment to be made by the CEN/CS. The CEN/CS commits itself to make the payments as rapidly as possible. However it can only make the payments after it has received the payment from the sponsoring body (e.g. CEC, EFTA Secretariat, private interest groups, etc.).

Annex III

Application Form for participation in the Project/Editor Teams for the

E-SIGN Workshop

Please send this form accompanied by a short Curriculum Vitae to CEN/ISSS Secretariat, by 20 January 2000.

Attn: Georgia Skouma, Workshop Manager

Georgia.skouma@cenorm.be Tel: + 32 2 550 08 89 Fax: +32 2 550 09 66

ˇ Name and contact details of the expert candidate

ˇ Application for Project Team leader: YES NO

I hereby apply as candidate expert/editor for the Project Team:

Security requirements for trustworthy systems and products (area D) Security requirements for secure signature creation devices (area F) Signature creation process and environment (area G-1) Signature verification process and environment (area G-2) Conformity assessment of products and services for electronic signatures (area V)

Operational requirements:

ˇ The expert agrees with the proposed reimbursement level (650 Euro/man-day, including travel and lodging costs); ˇ The expert has an operational e-mail facility; ˇ The expert is able to commit about 40-60 days in the period from 2000/02 to 2000/12 (when 9 man-months are required) or from 2000/02 to 2000/09 (when 3 or 6 man-months are required); ˇ The experts should indicate longer periods of unavailability (two weeks and longer); ˇ The experts should indicate the months for which their maximum possible workload is less than 5 working days.

DO NOT FORGET TO ADD A CURRICULUM VITAE

-- This message comes from the eucrypto mailing list. To unsubscribe yourself from this list, say "unsubscribe eucrypto" to <majordomo@fitug.de>. ------- End of forwarded message -------

Zurück