Archivo de la categoría: English

FESA, the Forum of European Supervisory Authorities for Electronic Signatures

Deja un comentario

Aunque parece que el Foro FESA (Forum of European Supervisory Authorities for Electronic Signatures) está un poco inactivo últimamente, puede ser interesante rescatar alguno de los documentos que han publicado, orientados a resolver dudas sobre la aplicación de la Directiva 1999/93/CE.

FESA, the Forum of European Supervisory Authorities for Electronic Signatures, is a forum open to those bodies who are responsible for the operation of systems of supervision as they are defined in the European Signature Directive 1999/93/EC. The scope of FESA is to support cooperation among such bodies and to develop common points of view for the dialog with political or technical institutions.

FESA members meet regularly at least three times a year (not sure of this), exchange information and discuss matters of cooperation between supervisory authorities.

Statute

1. Scope

The scope of the Forum is to support cooperation among bodies responsible for the operation of systems of supervision as defined in Art. 3.3 of Directive 1999/93/EC*, harmonisation of such bodies’ activities, and to develop common points of view for the dialog with political or technical institutions, in particular the European Commission, the Electronic-Signature Committee referred to in Art. 9 of Directive 1999/93/EC, and standardisation institutions. It is not intended to duplicate the work of the Article 9 Committee.

The Forum is no legal entity. Performing their supervisory activities the members cannot be bound by decisions of the Forum.

2. Members

The following institutions are invited to become members of the Forum:

a) national bodies responsible for supervision according to Art. 3.3 of the Directive 1999/93/EC and/or for voluntary accreditation or approval schemes from all European Union and European Economic Area member states that have an interest in discussing the scope of the Forum (Art. 1),

b) comparable bodies from European Union candidate states, and

c) upon unanimous vote, comparable bodies from other countries that have transposed or intend to transpose the Directive 1999/93/EC.

Each member decides on its representatives in the Forum.

The Board keeps a directory of the members of the group. The simple majority of the members present at the assembly of the Forum decides in cases of doubt about membership.

3. Associate Members

National bodies responsible for supervision and/or voluntary accreditation or approval schemes with regard to products or services comparable to those within the scope of the Directive 1999/93/EC from countries that are not members of the EU or the EEA and are not EU-membership candidates, may apply for associate membership if they have an interest in discussing the matters within the scope of the Forum (Art. 1).

The applications may be granted by a unanimous vote of the members present at the assembly of the Forum.

The European Commission has the rights of an associate member.

Associate members may attend the assembly of the Forum and have similar rights to the members, except that they do not have the right to vote and can not be elected to the Board. Upon request of a member, the Board can decide that specific issues must be discussed only among members.

4. Guests

The Board can invite guests according to the agenda of a meeting.

5. Assembly of the Forum

The Forum meets regularly. The Board invites for the meeting of the assembly at least two times a year or if five members request it. Invitations must be sent at least one month in advance.

6. Decisions of the Forum

The Forum can decide using presence voting, if all members have been invited and the topics for decision have been included in the invitation. For decisions which require a unanimous vote, at least half of the members must be represented at the assembly. Only members that are represented at the assembly have the right to vote.

The Forum can also decide using the written voting procedure. The decision about the use of the written voting procedure is made by the Board and announced using electronic means. In this case, the proposal to be decided upon is distributed to the members by the Board along with the announcement. The Board also sets a deadline not shorter than 14 calendar days from the day of the announcement for voting. For decisions which require a unanimous vote, at least half of the members must cast their votes. Members may cast their votes using electronic means. Within five days after the deadline, the Board officially announces the result of the voting procedure and publishes the final text of the decision adopted, if any. During the deadline, any Forum member has the right to request the use of the presence voting procedure. In this case the written voting procedure is terminated without result and the issue is examined at the next meeting of the assembly.

Approval or modifications of this statute must be decided unanimously.

7. Board

The Board consists of a chairman and two secretaries. Each Board member must be a representative of a Forum member.

The Board is elected by the Forum. The three members of the Board are elected separately. The Forum decides whether the votes are given open or by ballot.

If a candidate does not get the simple majority of valid votes in the first vote, a second election decides among the two candidates with the most votes. If only one candidate is nominated, this candidate needs the simple majority of attending members.

The Board is elected for a period of two years beginning with the day of the election. Board members can resign at any time. A Board member loses its function, if it stops being a representative of a Forum member or if the Forum member leaves the Forum. When a Board member resigns or loses its function, a new Board member is elected for the rest of the period. At any time, the Forum can decide to elect a new Board (Art. 5).

In case it is not possible to elect a chairman until the end of a regular period, a temporary chairman for the period until the end of the next meeting may be elected by the Forum.

8. Duties of the Board

The Board shall

a) call the assembly of the Forum and prepare the meeting in cooperation with the hosting member,

b) decide on the agenda of these meetings and select persons for moderating the discussion,

c) invite guests to the meetings according to the agenda and the Forum’s statute,

d) take and distribute the minutes of the meetings.

The Board comes to its decisions unanimously and is represented by its Chairman.

Public documents

The following documents have been published by FESA:

Agenda preliminar del EXPP Summit

1 respuesta

Los dias 26 y 27 de septiembre de 2011 se celebra en Barcelona EXPP Summit,  la Cumbre Europea de Factura Electrónica, en su séptima edición. En el 2010 se celebró en Munich, Alemania, en el 2009 en Amsterdam, Holanda,  en el 2008 en Frankfurt, Alemania, en el 2007 en Londres, Reino Unido, en 2006 en Berlín, Alemania y en 2005 la primera edición en Zurich, Suiza.

Esta es la Agenda preliminar de este evento imprescindible:

Discurso de apertura del presidente

  • Estado del mercado
  • Tendencias actuales
    Bruno Koch, Billentis, Suiza

La e-facturación como piedra angular de la agenda digital de la UE

  • Por qué la e-facturación es tan importante para Europa
  • Objetivos de las actividades de la exponencial Comisión Europea
  • Proyectos relacionados impulsados por la Comisión
  • Cómo deberían actuar ahora los gobiernos nacionales y la industria privada
    Antonio Conte, DG de Empresa e Industria, Comisión Europea, Bélgica

El manejo electrónico centralizado de documentos en el proceso de la cadena de suministros

  • Una solución para intercambiar documentos comerciales con clientes y proveedores de una manera unificada
  • Mantenimiento de la flexibilidad sin interferir con los procesos internos
  • Visión general del proceso
  • Soluciones electrónicas como servicio para el cliente
    Erik Areskog, Gerente de Integración y Servicios de BI (inteligencia empresarial), Lindab AB, Suecia

DHL Global Forwarding Latin America (DHL Envíos Globales Latinoamérica)

  • Las particularidades de la e-facturación en Latinoamérica
  • Lanzamiento regional en DHL Global Forwarding Latin America
  • Los beneficios de la e-facturación para la organización DHL
  • El siguiente paso: facturación de ultramar
    Sebastien Toxe, Finance BPO (Externalización de Procesos de Negocios Financieros), DHL Latinoamérica

Cómo la minería de datos en el contexto de las facturas electrónicas y la resultante generación de informes está impulsando significativas eficiencias del capital de trabajo para nuestro negocio

    Catherine Dubu, Jefa de Facturación y Operaciones de Gestión de Créditos, BT Global Services, Países Bajos

Las mejores prácticas comerciales para operadores de e-facturación

  • Agilidad comercial mediante el modelado y la ejecución dinámica del proceso comercial
  • Aseguramiento de utilidades con un seguimiento de auditoría de extremo a extremo
  • El mercadeo innovador en cuanto a precios, descuentos y campañas
  • Eficiencia operacional mediante plataformas y procesos de primera clase
    Ilkka Aura, Presidente de la Junta Directiva , Qvantel Corporation, Finlandia

Mesa redonda – La e-facturación: La mejor práctica en el sector público

  • Objetivos principales y papel del sector público
    – Optimización de procesos propios
    – Incremento en el nivel de control e ingresos fiscales
    – Establecimiento de estándares en el mercado
  • Factores claves del éxito
  • Obstáculos y cómo resolverlos
  • Una solución aceptada versus un máximo grado de libertad en cuanto a tecnología, normas, auditorías, etc.
  • ¿Existe la necesidad de armonizar los modelos entre los continentes?
    Presidente: Bruno Koch, Billentis, Suiza
    Miembros del panel:
    – Dr. Newton Oller de Mello, auditor fiscal y antiguo director del departamento estatal de rentas del estado de São Paulo, Líder de
    proyecto responsable por el diseño e implementación de la e-facturación en el estado de São Paulo, Brasil
    Carlos Garza Cantú Aguirre, Administrador General de Servicios al Contribuyente, Servicio de Administración Tributaria, México
    Antonio Conte, DG de Empresa e Industria, Comisión Europea, Bélgica
    – y otros

90% de penetración en el mercado de la e-facturación en Brasil

  • Adopción obligatoria de la e-facturación para toda la industria y estrategia de venta al mayor para grandes cantidades (más de 2000 millones de e-facturas emitidas por más de 550.000 compañías)
  • Papel del sector público
  • Diseño de una solución conjunta por los actores principales
  • Pasos restantes para incrementar el 90% hasta una penetración de mercado del 100%
    Dr. Newton Oller de Mello, auditor fiscal y antiguo director del departamento estatal de rentas del estado de São Paulo, Líder de proyecto responsable por el diseño e implementación de la e-facturación en el estado de São Paulo, Brasil

Factura electrónica obligatoria en México

  • Perfil demográfico-fiscal de México
  • Evolución de los esquemas de facturación
  • ¿Por qué factura electrónica en México?
  • Modelos de facturación vigentes
  • ¿Dónde estamos?
  • Retos enfrentados
  • Que sigue
    Carlos Garza Cantú Aguirre, Administrador General de Servicios al Contribuyente, Servicio de Administración Tributaria, México

Primeros pasos de la Comisión Europea en E-Procurement (cooperativa electrónica) a través de PEPPOL

  • Éxitos actuales y futuros
    Angelo Tosetti, DG de Informática, Comisión Europea, Bélgica

Interoperabilidad de servicios financieros – Experiencias en Italia

  • Intercambio de documentos de extremo a extremo para C2B (Cliente-a-Banco): definición de reglas y estándares
  • Cómo la e-facturación apoya la integración de la cadena de suministro financiera
  • CBI como puente para las comunidades de e-facturación extranjeras

Liliana Fratini Passi, CEO (Jefa Ejecutiva), Consorcio CBI, Italia

Economía en tiempo real

  • Dando los pasos en dirección a la economía en tiempo real mediante facturas electrónicas, referencias contables electrónicas, archivos electrónicos y generación de informes electrónicos – el enfoque finlandés
  • Resultados de encuestas sobre la e-facturación
    – Aspectos apaciguadores, efecto de las cartas de ejecución – ¿Funcionan las sanciones en la persuasión de los proveedores para
    cambiarse a la e-facturación?
    – Criterios para seleccionar al operador de e-facturación – ¿Cómo debo seleccionar a mi operador de facturación electrónica?
    – Comparación del efecto sobre el medio ambiente de la facturación basada en papel y de la facturación electrónica – ¿Cómo puedo
    motivar a mis socios comerciales?
    Esko Penttinen, Profesor, Universidad de Aalto, Facultad de Economía, Finlandia

Comentarios del presidente sobre las perspectivas del mercado y observaciones finales
Bruno Koch, Billentis, Suiza
CronogramaLunes, 26 de septiembre
09:30 – 17:30 (seguido por una cena a partir de las 18:00)

Martes, 27 de septiembre
09:00 – 16:00

Public Consultation on Electronic identification, authentication and signatures

Deja un comentario

As always, the last day comes quickly without enough time to prepare a sound document.

But tomorrow is the last day for this consultation and I though that my opinion could help to others.

Public Consultation on Electronic identification, authentication and signatures

1. Respondent information
Are you replying: On behalf of an organisation
Please provide the name of your Organisation
EAD Trust, European Agency of Digital Trust
Please provide if applicable, your interest Representative Register ID number
Please indicate which type of stakeholder you are Small or medium-size enterprise
Please provide your Name and Surname
Julian Inza
Please provide your email address
julian@eadtrust.net
Your country of residence Spain

2. General expectations regarding EU legislation on e-signatures, e-identification and e-authentication

Question 1: Do you / Does your organisation use e-signatures, e-identification and e-authentication?

 yes
If yes, what are your specific needs? Secure transactions
Unambiguous identification of contract partners
Integrity of electronic documents
Legal effect
Legal effect, contract signatures in particular
User convenience
Others
Please comment why
Electronic invoice, electronic documents of all kinds, electronic evidence

If yes, how frequently do you carry out secure transactions?

 Daily

Question 2: For what online transactions do you consider electronic identification, authentication and signatures useful in coming years?

 eGovernment services
Electronic Public Procurement
eCommerce transactions
eBusiness transactions
Online banking and financial transactions
Issuance of authentic electronic documents
Secure archiving or storage of authentic electronic documents
Others
Please comment why
electronic invoices, secure identification in social networks, electronic banking, web services, automated electronic seals,…

Question 3: What socio-economic benefits or drawbacks do you expect from the use of electronic signatures, identification, and authentication in other sectors of activity than yours?
A huge improvement in efficience and costs reductions. More security, more convenience, tele-operations of all kinds
Question 4: Would a stronger involvement of financial institutions in the provision of trusted e-signature and e-identification services have an impact on the take-up of e-signature and e-identification in other sectors? yes

If yes, what would be the appropriate incentives?
A simpler way to manage revocation information of certificates and to define trusted root certs and chain of trust&nbsp
Question 5: Do you think that there are specific interoperability or security aspects that should be taken into account to foster the use of electronic signatures, identification and authentication through mobile devices (e.g. requirements on the SIM cards, on the handset, on the mobile operator)? yes
If yes, regarding: operational
technical

Question 6: For which of the following trust building services and credentials should legal or regulatory measures be considered at EU-level in order to ensure their cross-border use and why?

 Electronic seals
Time stamping
Long term archiving
Certified delivery of mail
Pseudonyms
Certified electronic documents in general
Others (please list)
Please list
Long term accesible digital custody /electronic chartulary /electronic headoffice /secure verification code / certification validation services

3. e-signatures tailored to face the challenges of the digital single market

Question 7: How do you judge the take-up of electronic signatures in Europe?

 Very high
Please comment why
Citizen ID cards are being adopted in advanced countries, which include 2 or more certificates. Virtuous circle fosters the creation of adapted services
Question 8: Which of the following issues have a negative impact on the uptake of e-signature? You may select up to three answers that have according to you the most important impact. Lack of user-friendly signature solutions
Others
Please comment why
Poor solution for trust discovery of roots CA, bad implementations of OCSP in AIA extension of certificates, insufficient use of timestamping / not enough use of complete (AdES_XL) signatures, legacy management of CRLS to OCSP responses (bound to grace period), excesive use of CRLs for validation

Question 9: Which of the following specific issues have an impact on cross-border interoperability of e-signatures in Europe and should be addressed in a revised legal framework on e-signature (the references point to the articles and annexes of the eSignatures Directive)?

 Unclear terminology in Directive 1999/93/EC and heterogeneous terminology in national legislations
Heterogeneous approach to security requirements (e.g. certification requirements on the signing software in some countries)
Insufficient harmonisation of profiles of qualified certificates
Other
Please comment why
Lack of clear definition of electronic seal for legal persons, lack of clear definition of codes to inform about power of attorney in certificate extensions, unclear effect of qualified certificates without secre signature creation devices, lack of clear definition of automated signature&nbsp

Question 10: Which among the following options could be solutions for signature verification and validation at EU level?

 Other
Please comment why
Common list of OCSP services and timestamping services for all Trusted CAs in Europe. Signature software that creates always AdES-XL signatures including Timestamping and OCSP validation, getting the OCSP address from the AIA field of the certificate. OCSP services with grace period=0, supplied by the CA issuing certificates or a entity in its behalf, forbid the use of CRL for validation purposes. Relying party software that verifies XL signatures, Digital custody for secure storage of signatures,
Question 11: Do you have specific expectations from e-signature standardisation to cover? Mass signature (server signing)
Mobile signature creation devices
Remote signature
Others
Question 12: Do you use «qualified» e-signatures? yes
If yes, how often per month and for which kind and value of transactions?
3/4 per month. Transactions not connected to value. I believe transaction amount limits are relevant only to a few kinds of signatures.

Question 13: What is your view on the need to revise the security provisions of «qualified» e-signatures?

 The current provisions should stay as they are

Question 14: Would a classification of a range of e-signatures be desirable to match different levels of security?

 Yes, a classification would be convenient, it should be defined by law and a legal effect should be associated to each or some classes.
Please comment and explain for which usage a classification would be desirable.
legal person seal, automated signature, powers of attorney with use limits, SSL certificate with legal effects, sinonimous certificates and their effects, qualified certificates without SSCD. person associated to a company or government body acting in assigned role but not needing a representation letter or power
Question 15: Should «electronic consent» be recognised formally by future European legislation? yes

If yes, should legislation (where necessary supported by operational and technical standards) define specific requirements on:

 Others
Please explain why
It is already recognized in standards and is named «content commitment». When a certificate has that bit activated, should verify a proof of consent, including a turing test demonstrating the user has read the message and asking clearly for consent. This kind of use should generate evidences for all involved parties and, where possible, an accesible digital custody (chartulary+electronic headoffice+secure verification code) receipt for them)
Question 16: Should «electronic consent» be considered as equivalent to electronic signatures? yes

Question 17: Are there specific aspects that should be taken into account to address electronic archiving?

 yes
If yes, please specify the legal provisions which are needed in your opinion to address electronic archiving needs?
All electronic documents (signed or not) with legal effect, should be available under security considerations applied to archive (WORM), through a URL of trusted sites (electronc headoffice), with the help of a secure verification code. With additional measures for preserving privacy in specific cases, or to allow to be accessible to third parties for proof or evidential reasons. Paper documents or receipts withs URL and SVC, that can be verified against the electronis versions are considered trustworthy equivalent to authentic documents

4. Principles to guide e-identification and e-authentication in europe
Question 18: Do you see a need for additional legal or regulatory measures on electronic identification at EU-level? yes

If yes, in your opinion, what are the general principles that should underlie the legal provisions on the mutual recognition and acceptance of e-identification at EU-level?

 Others
Please comment
compatibility&nbsp
Question 19: What effects for the digital single market do you expect from legal provisions on an EU-wide mutual recognition and acceptance of eID issued in the Member States? Legal certainty
Reduction of administrative burden
Other
Please comment why
Simplicity for citizen to exercise their rights in all countries, Convenience for citizens, efficience for government bodies and enterprises

Question 20: How could users provided with electronic identification and authentication means benefit from their mutual recognition and acceptance across Europe and in which sectors?

 Increase of user convenience
Simplification of access to online services
Reduction of numerous UID/passwords
Reduced exposure to ID theft
Others
Please comment why
Use in day by day in non online services, to dematerialice paper

Question 21: What are the specific aspects that should be taken into account to achieve cross-sector interoperability of electronic identities?

 Others
Please comment why
Common list of trusted CAs and their roots, Common profiles, common OIDs definitions, Correct codification of OCSP servers in AIA fields

Question 22: Please indicate experiences and lessons learned in the private sector that could be transferred to the public sector.
Please make everything EASY for the final user. And define a consistent user experience for all ID cards. Users then can detect if someone try to cheat them (identifying unusual use patterns)

5. Legislative measures for the challenges ahead

Question 23: What European Union legislative measures on e-signatures, e-authentication of natural and legal person claims as well as e-identification would be appropriate in your opinion to best meet the challenges of the digital single market?

 Other
Please comment why
Reglament better than Directive. Clear rules. Clear language, Legal framework ligned with standards (standards are now better than law, but can not be used in the best way because law does not cover some technical uses)

6. Research and Innovation

Question 24: On what issues should EU R&D and standardisation focus to have all the necessary technology to improve eID management?
Nothing. A lot of money has been spent in past years without real improvement. We have standards. We should use them and in some cases improve them, with normal budget.

Question 25: On which technologies should Research & Development focus to improve the usability of e-signatures and electronic identification for end users and to facilitate the deployment for service providers?
Timestamping services, OCSP services, custodian services, registered notice services, mobile service, intelligent NFC services, interoperability services

Question 26: What technologies could contribute to overcoming the lack of trust in electronic identification, authentication and signatures in the European Single Market (ex. addressing the so-called «what you see is what you sign» issue)?
TSL, XAdES-XL, PAdES-LTV, writen signature digitalization with security measures binding the signature to the document in a way equivalent to «advance signature» with use of trusted third parties

7. Others

Question 27: Europe is fully part of the global economy. However, the forthcoming legal framework cannot cover non EU countries. Are there nevertheless international issues that should be taken into account?
The development of the legal framework must take into account existing standards or be compatible with future global standards. For instance RFC 3739

Question 28: Would you wish to share some best practices examples outside Europe?
Maybe connection of strong authentication with ID cards to federated identity systems (such as SAML) or simple authentication systems such as Open-ID can facilitate the use of Strong identity in social networks

Question 29: Are there any other issues which you think should be addressed by policy makers?
Yes. The use of ID systems and electronic signatures should be a strategic movement covering all kind of documents and sectors. In the past different lobbies or groups of interest have tried to convince EU policy makers to take out electronic signatures from electronic invoices to cite just one area. Electronic signatures should be used consistently in all areas or, at the end, exceptions will be greater that the rule and electronic signature can become useles or even worst, dangerous.
Meta Informations
Creation date
15-04-2011
Last update date
User name
null
Case Number
089674306510210511
Invitation Ref.
Status
N
Language
en

Digital curation

3 respuestas

Digital curation is the selection, preservation, maintenance, collection and archiving of digital assets.

Digital curation is the process of establishing and developing long term repositories of digital assets for current and future reference by researchers, scientists, and historians, and scholars generally.

Digital curation entails:

  • Collecting verifiable digital assets
  • Providing digital asset search and retrieval
  • Certification of the trustworthiness and integrity of the collection content
  • Semantic and ontological continuity and comparability of the collection content

Significant and major challenges faced by digital curation are:

  • Storage format evolution and obsolescence
  • Rate of creation of new data and data sets
  • Broad access and searching flexibility and variety
  • Comparability of semantic and ontological definitions of data sets

The challenges faced by digital curation are resulting in:

  • specialised research institutions
  • academic courses
  • dedicated symposia
  • peer reviewed technical and industry journals

to address the challenges.

From Wikipedia

Albalia: Case Study

Deja un comentario

Es una satisfacción para Albalia nuestra inclusión como Case Study de éxito en el desarrollo de soluciones en ambientes Microsoft.

Spanish Software Developer Builds Free Invoicing Solution In Office 2010.

Albalia Interactiva is a Spanish software development company which responded to new electronic invoicing standards in Spain by building an invoicing solution in Microsoft Office 2010, using the powerful Open XML standard. The free OffInvoice solution has won praise from the Government and users alike who laud it as an innovative and complete product.

Situation

Albalia Interactiva is a Spanish legal and technical security software development company founded in 2003. Its President Julián Inza said: “We wanted to build a bridge between the technical and legal worlds. Legal developments can benefit from technical solutions. This area has advanced markedly in the last few years.”

Albalia, a 20-person company, began with a specialty in digital signatures, as a consultant to large firms. It grew rapidly into electronic invoicing solutions and worked with issues such as electronic evidences.

In 2007, the company’s work came to the fore when Spain established a legal framework to boost the use of electronic invoices nation-wide. This led to nationwide cost-savings for legal forms processing using cutting edge technology. Albalia developed a solution based on the Spanish Facturae XML format, allowing it to be included in an Open XML file (ECMA-376) so an electronic invoice can be viewed in Microsoft Word.

Solution

In 2008, the company contacted Microsoft and examined the possibility of using Microsoft Word to view invoices created in formats like Facturae, or “Factura Electronica”, a key and forward-thinking format for the transmittal and digital integrity of forms in the Spanish government. The first product of this collaboration was a converter that allowed Facturae documents to be inserted into an Open XML node, enabling the document to be opened in a conventional Microsoft Word program with no further modification.

The company used Microsoft Visual Studio Tools for Office (VSTO) as a development tool. Using some examples and prototypes provided by Microsoft, it established the FactOffice invoicing project.

In Inza’s opinion, the most difficult part was the installer, and even after its release, the community detected a few errors which were corrected. Albalia was thankful for their feedback. “We have had many questions from users who found errors and improvements – all solved – and it is still available as free software on the Codeplex platform,” he said.

Albalia chose to develop the solution using the Open XML format over other alternatives. Inza explained: “The Open XML standard has two generations of advantage over ODF. In fact, ODF is also an ISO standard, and we have tried to work with some public administrations to offer them the same type of development that we created with Microsoft for other platforms, such as OpenOffice.org and StarOffice, and we are still open to collaborating in that environment. It is a futile controversy: Some formats are better for some things, and others for other things. So far, I think the most elaborate, complete and complex format is Open XML. It allows more developer flexibility and innovation.”

He said the choice of the Open XML format was also justified by its enormous power: “We have been able to insert an invoice, as is, into one of the Open XML nodes, without modification. The remaining nodes of the standard have allowed us to modify the appearance of invoices, logos, etc. We see many advantages to the use of this Open XML format.”

Open XML is also recognized within the ISO standardization frameworks, not only those of ECMA – that means a warranty for third parties for protection of their investment in standards.

Inza added: “The project was done initially on the Microsoft Office 2007 platform, not only because it was the most widely used application platform in the market, but also because of how easy it has been to develop with. The quantity and quality of the information available for developing with Microsoft Office is quite a bit better than for other tools in the marketplace with similar features, such as OpenOffice.org.”

FactOffice, which is free software, was released to the public at the 2009 ASIMELEC eInvoicing Conference. It had more than 9,000 downloads and is considered a success by Inza. The company later used Microsoft Office 2010 to develop a newer version of FactOffice called OffInvoice. Among other features, OffInvoice integrates with Microsoft Office Excel, demonstrating the versatility of both Microsoft Office and the tool. In Microsoft Excel, some items were changed on the internal design level, and row management was used to store information from invoices issued and received.

As a matter of fact, FactOffice and its newer version, OffInvoice, was the integration of three standards: The Spanish electronic invoicing standard, “Facturae,” ISO 29500, which was implemented in Microsoft Office 2007 and 2010, and TS101 903, which regulates electronic signatures (XAdES) and uses the XAdES-XL modality.

The release of OffInvoice coincided with the launch of Office 2010, and is available in all official EU languages, utilizing Microsoft’s platform translation capabilities. This new version also supports Facturae, the UBL (Universal Business Language) format and CII 2.0 (the United Nations CEFACT Cross-Industry Invoice standard). It was the first implementation of the CII 2.0 draft specification.

OffInvoice is available under two different licenses: MSPL and EUPL for the European Union. Under the first license, users can utilize the software without restrictions. The second license imposes certain limitations, but allows for aligning the software with some initiatives of the Public Administration.

Albalia expects to see a return on investment from the open standards-based software built on Microsoft technologies. While it is free, support is provided by the community. The Premium version is designed for more advanced purposes and will be available for purchase. The company has established itself as a leader in the area of electronic invoicing by the release of both versions of its software.

Benefits
User-friendly Software

The idea of solving a practical problem for any small or independent business, such as creating and managing invoices, within a general-purpose word processing program like Microsoft Word seemed at first glance to be a daunting challenge.

There were many ERP environments that used Microsoft Office to create reports, print documents and store invoicing records, but not vice versa. However, Inza explained: “One of the topics we emphasized most is that Microsoft Word or Excel, with VSTO, are authentic programming environments with embedded tools that let you do practically anything. One of the advantages of this selection is that invoices are managed as one of the special areas in Microsoft Word or Microsoft Excel, from a menu on the ribbon Facturae, with its own unique functions. The use integrates seamlessly into the Microsoft Office environment, with a negligible learning curve. The other orientation forces you to learn and adapt.”

Therefore, a user already familiar with Microsoft Word using Albalia software to create invoices would find it easy to learn to use the program. All the user needed to know was the invoicing information and concepts, the only change was importing or exporting a Facturae document into a Microsoft Word document. The FactOffice add-on acts as a repository of invoices issued, received and drafted, with options such as collection follow-up, searches or using one invoice as a template for another. Inza said: “It’s not an ERP, but it does a good job of meeting the needs of small and medium-sized businesses. It does this within the Microsoft Office 2010 context, which is what our customers have on their desktops.”

Accessible Free Add-on
FactOffice is free for use. The free version has been downloaded by over 9,000 users. Albalia worked closely with Microsoft on this cutting edge solution. Inza said: “At Microsoft´s request, this software has been made available to the entire community as open source software. It shows that Microsoft has a real free software strategy that is compatible with its own interests, as well as those of its partners and the community.”

Expanded Capabilities Based on Office
The world of Microsoft Office and electronic signatures is not limited to invoices, since new markets, such as electronic banking and document exchange among government bodies, are being developed. Albalia develops innovative solutions in the areas of fraud prevention, data protection and digital authentication. It plays a leadership role in the relationships of individuals with public agencies and companies.

Office 2010 incorporates a variety of new features which accompany the desktop applications – such as Office Web Applications -which are the online version or the cloud version of the same Office packages used at the desktop. Albalia considers cloud applications very important, and has developed solutions for that environment.

Albalia extends Microsoft Word for online editing purposes, allowing new uses of the Microsoft Office products for such purposes as electronic signature management by the service provider EADTrust, either as the provider of digitally signed files, or as a “trusted third party” for digital transactions.

A new world is also opening up via Office Mobile and the use of electronically signed documents on portable devices. According to Inza, the improved screen view and access to broadband Internet access facilitates the exchange of signed documents. For instance, a document created in the Microsoft Office environment can be signed from a mobile in another location.

Inza said that OffInvoice had also been tested outside of Office. So far, with the collaboration of other companies, tests had been done with BizTalk Server, SharePoint Server and Microsoft Dynamics. One of the most important upcoming projects is the Digital Signature Services (DSS) Server, the first implementation of a DSS server on an .NET platform. Inza strongly believes in the possibilities and future development of electronic signature technologies, in collaboration with Microsoft.

Microsoft Office 2010
Microsoft Office 2010 gives your people powerful, timesaving tools to do their best work from more places. With new capabilities and insightful updates to Excel, PowerPoint, Word and Outlook, Office 2010 offers the complete package — with familiar, intuitive tools. Now you can express ideas, solve problems, connect with people, and create amazing results — in the office, at home, or on the go. For more information about Microsoft Office, go to: http://www.office.com

For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:

For more information about Albalia Interactiva’s products and services, visit the following web sites at:

Facts

Albalia interactiva


Organization Size: 20 employees

Organization Profile

Albalia Interactiva is a software development company that focuses on technical and legal security and which creates solutions to integrate and apply standards and norms.

Business Situation

The Spain-wide release of the Facturae electronic invoicing standard warranted the adoption of a series of electronic signature and encryption technologies into invoicing software.

Solution

Albalia Interactiva developed the OffInvoice add-in Microsoft Office 2010, which allows invoices to be created in the Facturae format. This add-on was offered as free software, and is considered one of most innovative and complete products available in this sector.

Benefits

User-friendly Software
Accessible Free Add-on
Expanded Capabilities Based on Office

Software and Services
Microsoft Word 2010
Microsoft Excel 2010
Microsoft Office 2010 Suites
Microsoft Visual Tools Suite
Microsoft Office Mobile 2010
Open XML Formats
Microsoft Dynamics components

Vertical Industries
IT Services

Country/Region
Spain

Business Need
Collaboration

Partner(s)
Albalia Interactiva

BackTrust in CeBIT

1 respuesta

We at Albalia are trying to discover our international market. We are going to be at CeBIT with several appointments with potential partners. We already have been at CeBIT last year, with our own booth, in the framework of the spanish pavillion.

We now focus on our BackTrust product. A complete suite that allow to dematerialize all kind of documents, and manage electronic evidences. The core sistema manages electronic signatures and digital custody, and is suitable to deploy eGovernment solutions, and also ebanking, eHealth, eCommerce and eDocuments.

Our solutions helps manage electronic signatures (in the sense of Directive 1999/93/CE), and also digitalized signatures, biometric proofs and electronic evidences (such as certified digitization), thus allowing to eliminate paper while preserving evidential proof of the electronic registers.

Our BackTrust suite is available on zEnterprise with the name zBackTrust, and it is the only electronic signature solution in the world for IBM mainframes (both for Linux for System z, and z/OS). The solution is certified by IBM and is already deployed in customers as NovaCaixaGalicia (see page 12).

Others of our solutions are also mentioned internationally:

  • The Albalia team is very active in Social NetWorks (in Spanish):

    • Chip-and-PIN in VISA USA relaxes PCI DSS requirements

    1 respuesta

    Seen in SC Magazine

    Author: Dan Kaplan

    February 10, 2011

    New Visa program could grow momentum for chip-and-PIN

    A new Visa program that will exempt some European merchants from having to adhere to payment card security standards may spur the adoption of chip-and-PIN technology in the United States, according to a security analyst.

    The program, announced Wednesday, 9-feb2011, eliminates the requirement for non-U.S. merchants to annually validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) if at least 75 percent of their Visa transactions originate from chip-enabled terminals.

    The merchant would still be obligated to prove PCI compliance in relation to other transactions, such as MasterCard.

    «I predicted this,» Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com this week. «As payment card technology gets more secure, then there’s less of a need to secure the merchant sites. It’s redundant. Just secure the payment systems.»

    To qualify, retailers must outfit their locations with terminals that accept «contact or dual contact and contactless» chips, according to Visa.

    EMV, more commonly referred to as chip-and-PIN, is a payment technology largely used in the U.K., Spain, France, Germany  and in other european countries. It involves recognizing unique microchips embedded in credit and debit cards to validate that they are legitimate, and it has been credited with the declining fraud rates overseas.

    Some firms in the United States, including mighty Walmartare exploring the benefits of the technology, which has been held up here largely because of costs and incentive.

    But the new Visa program may encourage more U.S. merchants to swap out their existing card readers if that means they too would be able to avoid the cost of PCI compliance.

    «This may push the U.S. into it,» Litan said. «Now it’s a business case for merchants to start taking chip cards. It’s a good incentive.»

    In October, the PCI Security Security Standards Council, tasked with managing the PCI DSS, released aguidance document for those organizations considering migrating their terminals to EMV.

    Of course, for EMV to become a reality in the United States, banks must be willing to issue new cards containing chips. Yet, according to Visa, new debit card regulations that would cap the amount that card issuers can charge merchants when cards are swiped may curtail’ banks interest  – even though financial institutions, not merchants, are typically the ones that must reimburse consumers for incidents of fraud.

    A recent study from the Boston Consulting Group estimated that card issuers could be on the hook for $25 billion in annual costs due to these stricter regulations, known as the Durbin Amendment because it is principally sponsored by Democratic Sen. Richard Durbin of Illinois.

    “With such a dramatic potential for revenue loss, financial institutions will likely curtail investments in future innovations,» said Bill Sheedy, Visa’s group executive for the Americas.

    Doug Johson, vice president of risk management policy the American Bankers Association (ABA), an industry trade group, agreed with Sheedy’s assessment.

    «It demonstrates once again the folly and unintended consquences to mandate price controls within any environment,» Johnson told SCMagazineUS.com on Thursday.

    That is not to say, though, that the ABA is opposed to EMV, said Johnson, adding that the association supports the development of security technology and is closely monitoring retail adoption of chip-enabled terminals.

    «It’s not under our control to force,» said Johnson, who predicted that market forces may «leapfrog» EMV altogether and embrace some other technology, such as a cell phone payment system.

    Johnson said that while banks would stand to save on some fraud-related reimbursements if EMV were to gain steam, illegal activity would still persist.

    «All we’re doing is moving the fraud to somewhere where EMV is not in place, and we still take the loss,» he said.

    e-invoicing: Huge Growth Predicted In Europe

    Deja un comentario

    As seen in Purchasing Insight.

    There is plenty of anecdotal evidence that 2011 is a big year for e-invoicing. Some new research published by Billentis reveals the scale of the anticipated growth in Europe.

    Strong growth in e-invoicing predicted (Source: Billentis)

    Strong growth in e-invoicing predicted (Source: Billentis)

    Both in the business-to-business (B2B) and business-to-consumer (B2C) spaces, exponential growth is predicted in 2011 and 2012. e-invoicing between businesses will grow from a relatively modest 915 million in 2009 to nearly 2.5 billion in 2012 according to the Billentis research.

    Consolidation in the e-invoicing market

    The provider market is also likely to grow. According to Billentis, mergers and acquisition with grow from 14 in 2010 to 25 in 2011 with major consolidation expected if the market penetration of e-invoicing passes 15%

    XML Cryptographic Security and Suite B

    Deja un comentario

    Several years ago, on 25 sept 2007, Sue A. Roddy (NSA), presented the article «XML Cryptographic Security and Suite B» in the XML Security Futures Workshop, urging the industry to develop Eliptic Curve Cryptography solutions that could be used commercially and also by government agencies.

    This is the Article:

    Background:

    The Department of Defense (DOD) through the leadership of the Defense Information Security Agency (DISA) is pushing forward to use the Extensible Markup Language (XML) as a key element of the DOD information sharing effort. The National Security Agency (NSA), in support of the DOD, is interested in seeing XML security evolve in a manner that provides extensive interoperability between XML systems and use cryptographic mechanisms that meet the stringent security requirements of the DOD.

    The NSA has established a suite of cryptographic algorithms, drawn from published standards established by the National Institute for Standards and Technology (NIST), as a primary basis for DOD cryptographic security in the 21st century. This suite of algorithms has come to be called, “SUITE B.” To promote interoperability among DOD elements and to maximize the DOD’s ability to utilize commercial technology in satisfying their mission, NSA encourages all commercial vendors to incorporate Suite B in their products. In particular NSA would like to see XML standards emerge which support the use of Suite B.

    Suite B Defined

    The sustained and rapid advance of information technology in the 21st century dictates the adoption of a flexible and adaptable cryptographic strategy for protecting national security information. Several years ago, the Committee for National Security Systems (CNSS) issued a policy stating that the Advanced Encryption Standard (AES) could be used to protect both classified and unclassified National Security information. However, because a single encryption algorithm could not satisfy all of the needs of the national security community, NSA created a larger set of cryptographic algorithms which could be used along with AES in the systems used by the DOD and other national security users. The NSA announced Suite B at the 2005 RSA Conference.

    In addition to the AES, Suite B includes cryptographic algorithms for hashing, digital signatures, and key exchange. The entire suite of cryptographic algorithms is intended to protect both classified and unclassified national security systems and information. Because Suite B is also a subset of the cryptographic algorithms approved by NIST, Suite B is also suitable for use throughout the U.S. government. NSA’s goal in presenting Suite B is to provide industry with a common set of cryptographic
    algorithms that they can use to create products that meet the needs of the widest range of US Government (USG) needs.

    However, Suite B only specifies the cryptographic algorithms to be used. Many other factors need to be addressed in determining whether a particular device implementing a particular set of cryptographic algorithms should be used to satisfy a particular requirement.

    Today SUITE B includes:

    The original policy on AES use states that AES with either 128 or 256-bit keys are sufficient to protect classified information up to the SECRET level. In addition, other controls on manufacture, handling and keying are anticipated. These same key sizes are suitable for protecting both national security and non-national security related information throughout the USG.

    Consistent with this policy, Elliptic Curve Public Key Cryptography using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 and SHA-256 are appropriate for protecting classified information up to the SECRET level. Use of both the 384-bit prime modulus elliptic curve and SHA-384 is necessary for the protection of TOP SECRET information.

    Intellectual Property on Suite B:

    Associated with most cryptographic algorithms, even those found in standards, are patents on various ways of implementing the cryptography in particularly efficient or novel ways. Although there are some particular implementations of both the advanced Encryption Systems and Secure Hash Algorithm that are patented, the basic algorithms are available worldwide for royalty free use.

    Another key aspect of Suite B is its use of elliptic curve technology instead of classical public key technology. NSA has determined that rather than increase key sizes beyond today’s current 1024-bits, a switch to elliptic curve technology is warranted.

    Like the AES and SHA there are no fundamental patents on elliptic curve cryptography, however, there are a number of
    patents covering various aspects of elliptic curve technology and implementations. Certicom, the largest holder of elliptic curve patents, states on their company website that licensing their patents is not necessary for implementing elliptic curve cryptography. Rather, they state that they have patents on what they believe to be some of the “best ways to implement elliptic curve cryptography (ECC).”

    In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom Inc. covering a variety of elliptic curve technology. Under the license, NSA has a right to sublicense vendors building equipment or components in support of US national security interests. While NSA offers vendors royalty free licenses for the use of these patents, NSA is not suggesting that licensing any of these patents or any other patents is necessary for implementing Suite B.

    Conclusion:

    To master the information space, DOD and the IC need to be able to share, analyze and secure vast amounts of information. In order to prevent all of the information in DOD networks from becoming a meaningless tower of babel, standards such as XML are critical. NSA would like to see security for XML evolve in a manner that supports the DOD’s need for secure information sharing. To that end, NSA would like to see the adoption of Suite B cryptography as a security option for XML.

    CIR Technical Working Group

    Deja un comentario

    The EMV standards developed and maintained by EMVCo are the technical basis for card-based payment systems in many countries. The CIR (Common Implementation Recommendations) Technical Working Group is an open standardisation initiative of EMV implementers in Europe and acts as the technical reference group for the European EMV Users Group and the European members of the EMVCo Board of Advisors. The CIR Technical Working Group is not meant to duplicate any efforts at EMVCo level, but to complement the work at EMVCo by the input of technical experts who are actively involved in the deployment of the EMV specifications.

    Participants of the CIR Technical Working Group are

    The CIR Technical Working Group is supported by the observers

    The aim of the CIR Technical Working Group is to come to harmonised technical specifications for EMV implementations for any card-based payment system. The work is not intended to change the EMV specifications but to fill in the «grey areas» of the EMV specifications and to reduce both the effort necessary to implement cards and terminals as well as the number of different implementations, thus allowing for less expensive devices.

    The work of the CIR Technical Working Group started in 2003 with the objective of harmonising EMV implementations on cards. Based on this preparatory work, and with the support of the CIR Technical Working Group, EMVCo set up the Common Core Working Group (CCWG) which produced the EMVCo Common Core Definitions (CCD) and the EMVCo Common Payment Application (CPA) Specification, which allow a common EMV implementation on cards for all payment systems.

    As a next step, the CIR Technical Working Group, in coordination with the European EMV Users Group, produced a set of common implementation recommendations for terminals, in the form of detailed flow charts describing the terminal behaviour, to clarify and enhance the EMV specifications and to improve interoperability. These Common Implementation Recommendations for Terminals have been reviewed with EMVCo and are the basis for the current work of the CIR Technical Working Group on a detailed terminal specification.

    Starting in 2007, the CIR Technical Working Group has been working for the European Payments Council (EPC) Cards Working Group as Identified Initiative for the Card-to-Terminal and Cardholder-to-Terminal standardisation domains. The Functional Requirements in the European Payments Council (EPC), SEPA Cards Standardisation «Volume» are based on the input of the CIR Technical Working Group.

    The CIR Technical Working Group works in close cooperation with other standardisation initiatives, such as EPAS, which concentrates on the Terminal-to-Acquirer interfaces, and CAS, which concentrates on the requirements for mutual recognition of certifications.