New version of the Requirements specification for PKI in the public sector
Historical archive
Published under: Stoltenberg's 2nd Government
Publisher: Ministry of Government Administration, Reform and Church Affairs
News story | Date: 06/07/2010 | Last updated: 18/01/2011
The Norwegian ministry of government administration, reform and church affairs is launching a revised version of the Requirements specification for PKI in the public sector. The new version replaces the current version 1.02 from January 2005.
The Norwegian ministry of government administration, reform and church affairs is launching a revised version of the Requirements specification for PKI in the public sector. The new version replaces the current version 1.02 from January 2005.
PKI is an acronym for Public Key Infrastructure, which is a standardized technology for the implementation of electronic identity (eID) and electronic signatures, based on cryptographic methods. The Specification is a general, functional requirements specification which serves two main purposes. It is used by certificate issuers for self-declaration. By doing this the certificate issuer guarantees that he is acting in compliance with the requirements, and that they are under the Norwegian Post and Telecommunications Authority’s supervision. The Specification is also used by the public sector for procurement of a PKI based electronic identity (eID) to be utilized in connection with electronic communication with and within the public sector in Norway. PKI solutions that are utilized in government agencies shall comply with this specification.
The new version is a necessary minor revision to bring the specification in line with technological and market developments in the area. The changes deal with stricter requirements for the security of the various classes of eID / e-signature the specification deals with. It also represents a clarification of requirements for certain types of PKI-based services.
Because the Specification contains technical rules it is covered by the Directive 98/34/EC.
Directive 98/34/EC lays down a mechanism - a notification procedure -for the transparency of technical regulations and is intended to help avoid the creation of new technical barriers to trade within the European Union. The notification period for this Specification ends 23. September 2010. As long as none of the European Union member countries raise concerns about potential barriers to trade related to the Specification, the Specification can be adopted. When this is done, the Ministry shall, in collaboration with the Ministry of Trade and Industry, inform the market and the Post and Telecommunications Authority on the changes that are adopted.
Requirements specification for PKI in the public sector - Version 2.0