ISO/IEC JTC 1/SC 27
| Project No. | ISO/IEC 15945:2002 |
|---|---|
| Title | <p>This Recommendation | International Standard will define those TTP services needed to support the application of digital</p> <p>signatures for the purpose of non-repudiation of creation of documents.</p> <p>This Recommendation | International Standard will also define interfaces and protocols to enable interoperability</p> <p>between entities associated with these TTP services.</p> <p>Definitions of technical services and protocols are required to allow for the implementation of TTP services and related</p> <p>commercial applications.</p> <p>This Recommendation | International Standard focuses on:</p> <p>? implementation and interoperability;</p> <p>? service specifications; and</p> <p>? technical requirements.</p> <p>This Recommendation | International Standard does not describe the management of TTPs or other organizational,</p> <p>operational or personal issues. Those topics are mainly covered in ITU-T Rec. X.842 | ISO/IEC TR 14516, <i>Information</i></p> <p><i>technology ? Security techniques ? Guidelines on the use and management of Trusted Third Party services</i>.</p> <p>NOTE 1 ? Because interoperability is the main issue of this Recommendation | International Standard, the following restrictions</p> <p>hold:</p> <p>i) Only those services which may be offered by a TTP, either to end entities or to another TTP, are covered in this</p> <p>Recommendation | International Standard.</p> <p>ii) Only those services which may be requested and/or delivered by means of standardizable digital messages are</p> <p>covered.</p> <p>iii) Only those services for which widely acceptable standardized messages can be agreed upon at the time this</p> <p>Recommendation | International Standard is published are specified in detail.</p> <p>Further services will be specified in separate documents when widely acceptable standardized messages are available for them. In</p> <p>particular, time stamping services will be defined in a separate document.</p> <p>NOTE 2 ? The data structures and messages in this Recommendation | International Standard will be specified in accordance to</p> <p>RFC documents, RFC 2510 and RFC 2511 (for certificate management services) and to RFC 2560 (for OCSP services). The</p> <p>certificate request format also allows interoperability with PKCS#10. See Annex C for references to the documents mentioned in</p> <p>this Note.</p> <p>NOTE 3 ? Other standardization efforts for TTP services in specific environments and applications, like SET or EDIFACT, exist.</p> <p>These are outside of the scope of this Recommendation | International Standard.</p> <p>NOTE 4 ? This Recommendation | International Standard defines technical specifications for services. These specifications are</p> <p>independent of policies, specific legal regulations, and organizational models (which, for example, might define how duties and</p> <p>responsibilities are shared between Certification Authorities and Registration Authorities). Of course, the policy of TTPs offering</p> <p>the services described in this Recommendation | International Standard will need to specify how legal regulations and the other</p> <p>aspects mentioned before will be fulfilled by the TTP. In particular, the policy has to specify how the validity of digital signatures</p> <p>and certificates is determined.</p> |
| Registration number (WIID) | 29578 |
| Scope | <p>This Recommendation | International Standard will define those TTP services needed to support the application of digital</p> <p>signatures for the purpose of non-repudiation of creation of documents.</p> <p>This Recommendation | International Standard will also define interfaces and protocols to enable interoperability</p> <p>between entities associated with these TTP services.</p> <p>Definitions of technical services and protocols are required to allow for the implementation of TTP services and related</p> <p>commercial applications.</p> <p>This Recommendation | International Standard focuses on:</p> <p>? implementation and interoperability;</p> <p>? service specifications; and</p> <p>? technical requirements.</p> <p>This Recommendation | International Standard does not describe the management of TTPs or other organizational,</p> <p>operational or personal issues. Those topics are mainly covered in ITU-T Rec. X.842 | ISO/IEC TR 14516, <i>Information</i></p> <p><i>technology ? Security techniques ? Guidelines on the use and management of Trusted Third Party services</i>.</p> <p>NOTE 1 ? Because interoperability is the main issue of this Recommendation | International Standard, the following restrictions</p> <p>hold:</p> <p>i) Only those services which may be offered by a TTP, either to end entities or to another TTP, are covered in this</p> <p>Recommendation | International Standard.</p> <p>ii) Only those services which may be requested and/or delivered by means of standardizable digital messages are</p> <p>covered.</p> <p>iii) Only those services for which widely acceptable standardized messages can be agreed upon at the time this</p> <p>Recommendation | International Standard is published are specified in detail.</p> <p>Further services will be specified in separate documents when widely acceptable standardized messages are available for them. In</p> <p>particular, time stamping services will be defined in a separate document.</p> <p>NOTE 2 ? The data structures and messages in this Recommendation | International Standard will be specified in accordance to</p> <p>RFC documents, RFC 2510 and RFC 2511 (for certificate management services) and to RFC 2560 (for OCSP services). The</p> <p>certificate request format also allows interoperability with PKCS#10. See Annex C for references to the documents mentioned in</p> <p>this Note.</p> <p>NOTE 3 ? Other standardization efforts for TTP services in specific environments and applications, like SET or EDIFACT, exist.</p> <p>These are outside of the scope of this Recommendation | International Standard.</p> <p>NOTE 4 ? This Recommendation | International Standard defines technical specifications for services. These specifications are</p> <p>independent of policies, specific legal regulations, and organizational models (which, for example, might define how duties and</p> <p>responsibilities are shared between Certification Authorities and Registration Authorities). Of course, the policy of TTPs offering</p> <p>the services described in this Recommendation | International Standard will need to specify how legal regulations and the other</p> <p>aspects mentioned before will be fulfilled by the TTP. In particular, the policy has to specify how the validity of digital signatures</p> <p>and certificates is determined.</p> |
| Status | Standarts spēkā |
| ICS group | 35.040 35.030 |