The Universal Postal Union (The real THE Post Office) global Postal Trust Services

Similar documents
1 June Dear Sir / Madam,

Understanding of buykorea. Buyer Information Management. KOTRA Offer. KOPS Payment Record. EMS Delivery Record

Staples & OB10. Conference Presentation. Kevin Bourke & Joachim Eckerle Date: Presented by:

I-XCHANGE : TELKOM s Solution towards New Era of Inter-Intra Enterprises Integration

This document is a preview generated by EVS

Procurement with. Frequently Asked Questions V03/2017 1/10

elogistics A need for integrated European solutions Walter Trezek Vice-Chair, e-logistics WG Convenor CEN/TC331 WG2

What is known about implementation of the new directive in national legislation? Directive 2001/115/EC

Thank you for your commitment to providing Henkel with quality materials and services.

Dear Valued Supplier,

E-Invoicing / E-Billing. International Market Overview & Forecast. Bruno Koch March 2018

The New Demands, Challenges, and Opportunities of Asia Cross-Border Trade/E-Commerce SEKOLOGISTICS.COM SEKO GLOBAL PRESENTATION SEKO LOGISTICS 2016

Legal Aspects of Identity Management

C-Roads Platform Terms of Reference

MAXIMIZE YOUR LABORATORY RESOURCES FOR INCREASED PRODUCTIVITY

Working Party on Information Security and Privacy

C-Roads Platform Terms of Reference

OECD RECOMMENDATION OF THE COUNCIL FOR ENHANCED ACCESS AND MORE EFFECTIVE USE OF PUBLIC SECTOR INFORMATION [C(2008)36]

Pagero's global e-invoice, e-order & EDI services

TD 0131 STUDY GROUP 17. English only Original: English TELECOMMUNICATION STANDARDIZATION SECTOR. Question(s): 11, 10/17 Geneva, April 2013

Thanksgiving is on the way and so is paperless invoicing enroll before November 21 st to ensure you get paid

MYFINANCE - MANUAL Version: 06 / 2016

MYFINANCE USER GUIDE 140% 110% 80% 50%

IDENTITY RESOLUTION & VERIFICATION KNOW YOUR DATA KNOW YOUR CUSTOMER GLOBAL INTELLIGENCE 800.MELISSA ( )

WORKFORCE METRICS BENCHMARK REPORT

GlaxoSmithKline Biologicals

Electronic Secure Cross-Border Trade

Customer Due Diligence, Using New Technology for in the CDD Customer Due Diligence PurposesProcess

NAVIGATING THE MAZE OF GLOBAL COMPLIANCE FROM E-INVOICING TO EXPENSES

Uniform law of electronic commerce: fundamentals, recent developments and opportunities to support innovation

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On-Premise Software

defense manufacturers

Trust Services. e-government Strategy Policy Framework and Guidelines. Version 3.0 September Trust Services / Version 3.0 / September

International management system: ISO on environmental management

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

5 REASONS TEKTRONIX OSCILLOSCOPES ARE RELIABLE AND TRUSTED TECHNICAL BRIEF

ANALYTICAL STANDARDS AND REAGENTS

Ceridian Investor Conference May 2006

2017 AGM presentation

Oversight of payment instruments. The Banque de France s approach CONFERENCE. E-payments in Europe

Label Quality Report

We help bring you closer to the world

Meat Marketing Strategy

FAQ Guide CLOUD FAX SERVICES FAQ GUIDE. 11 Questions to Help Oracle Users Find the Ideal Solution

Detailed Data from the 2010 OECD Survey on Public Procurement

An Overview of ISO Anti-Bribery Management System Standard

Seminar on Online Payments, e-documents with e- Signatures. Amendments to the Electronic Transactions Bill. 12 th October 2017

Rethinking E-Government Services

Greek Presidency of the European Union

IATA e-freight Bigger Than An Industry!

Homeland Security Presidential Directive (HSPD-12) Product and Service Components

Facilitating e-commerce development through the postal network: UPU strategy

PUBLIC E-PROCUREMENT

E-Invoicing / E-Billing. International Market Overview & Forecast. Bruno Koch January 2019

The AnNa Project MARITIME SINGLE WINDOW. Brisbane, 6 th May Implementing Directive 2010/65/EU

Enabling international research collaboration:

Standardisation in last mile delivery of single items to individuals. Walter Trezek CO-Chair of the e-logistics Working Group, Ecommerce Europe

Mohawk Industries/Dal-Tile International is continuing to phase out paper invoices!

IBM Sterling Web Forms

Cross-border Executive Search to large and small corporations through personalized and flexible services

BUSINESS OFFER IT SHIPPING SOLUTIONS (SEI)

CLICK & BUY TRAINING GUIDE: TRANSACTING WITH COTY FOR INDIRECT VENDORS

Mondelez Mexico is moving to e-invoicing

Wine Deliveries Outside New Zealand

DGE 2 EUROPEAN UNION. Brussels, 21 March 2018 (OR. en) 2016/0149 (COD) PE-CONS 69/17

Time to assess your global mobility programme

Solution Partner Program Global Perspective

Getting from Ireland to PEPPOL. Ger Clancy IBM

Lawrie Brown Grigori Goldman

WHY YOUR STORE NEEDS SELF-SERVICE: Must-Knows on How Self-Service Tools Boost Sales, Improve Operational Efficiency, and Keep Customers Loyal

E-INVOICING Action Required: OB10 Registration

Air transport communication and IT solutions

Taking business places ~~~

AmCham EU s position on Directive on certain aspects concerning contracts for the supply of digital content

Who we are. Market Positioning. Patent Portfolio. Manufacturing Facilities

International Solutions

NESTLÉ IN THE UK AND IRELAND TRANSITIONS TO ELECTRONIC INVOICING

European experiences of e-procurement

Quality Input Quality Output

NESTLÉ IN THE UK AND IRELAND TRANSITIONS TO ELECTRONIC INVOICING ALL SUPPLIERS TO COMPLETE TRANSITION BY 16 JANUARY 2015


From the Economics of Knowledge to the Learning Economy. Globelics Academy Tampere June 2008 Bengt-Åke Lundvall Aalborg University

SingPost Group s unaudited results for the fourth quarter and full year ended 31 March 2012

Bringing service to life

Tax Engine Optimization (TEO) Changes FAQ Updated June 19, 2017

Dear supplier, Page 1 of 2

The Value of Visibility. Bob Celeste GS1 Healthcare US

Converga InvoiceMe (einvoicing) Report 1 of 3. Whitepaper

Review of Priviti PSD2 Use Case and its positioning compared to alternative marketplace offerings

Trade in Intermediate Goods, Armington Elasticity and Exchange Rate Pass-through. Fumihide TAKEUCHI Tokai University (Japan)

How Global Supply Chain Standards Streamline Procurement Process?

e-logistics 2018: integrated European & Global Solutions Walter Trezek: CO-Chair e-logistics WG, Chair CEN/TC331 WG2, Chair UPU CC

PEFC UK Photography Competition

What to Do to Convert Your Paper Invoices to PURE Electronic

Certification in Central and Eastern Europe

OUR NETWORK. nzcouriers.co.nz EST International Business Profile. Taking Kiwi businesses to the world.

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

Re: Celanese is phasing out the acceptance of paper invoices

Entrust Solutions for epassport Issuance & Validation Kumar Vankalapati, Entrust

Model Contracts & Binding Corporate Rules: Reflections from Working with Global Organizations

Transcription:

The Universal Postal Union (The real THE Post Office) global Postal Trust Services Universal Postal Union, Electronic Services Martin Roe roem@postoffice.co.uk

Presentation Objective To provide an understanding of current Postal Joint Electronic Commerce and Trust Service initiatives. Developed by individual Post Offices; facilitated and supported by the UPU

Why? Current Services and Business Issues Market Share Hybrid Mail E-Mail Letter Mail Courier Services Substitution *application *market segment *attractiveness in price and quality Parcels and Track & Trace Giro Financial Services Time

Example Postal Electronic Services Strategies Business model examples from members Sweden, Eire, Nordic Bloc Message Goods Payment Full integration of messaging, financial transactions and logistics fullfillment of delivery and distribution our common business context End-to-End Communication distribution & Electronic Commerce

Trend 1 - End to End Communications Our Functional View THE VIRTUAL MAILBOX Letter / Fax Printer Sender VM Message Tel. Call Voice Video Fax / Paging Terminal / Web TV Receiver E-Mail Paging Text User Access Device Telephone / GSM Letter Telephone Terminal/ Kiosk / Web TV INTEGRATION INTEGRATION INTEGRATION

Example Postal Electronic Services Strategies Business model examples from members UK, Canada, Australia, and probably many more Network Senders Security Directory Infrastructure Receivers Service Backed gateways gateways our common business context End-to-End Communication distribution & Electronic Commerce

Trend 2 - Electronic Commerce Our Functional View Fully integrating the display, finance, workflow & logistics of a business transaction electronically. The general business processes of commerce Traditional Commerce Electronic Commerce 1 Consumers need to shop around and search Browsing 2 Consumer orders the product: Sale/Contract Messaging 3 Consumer pays Financial Trans. 4 Merchant(s) processes the order & workflow EDI or Similar 5 The goods are delivered Logistics and distribution Customer visibility line = Trust Services

Elements in thetrust Chain People Usually represented by their names. Can make assertions through the use of digital signature Computers Verify transmissions and authenticate the origin Organisations Collections of the above by granting memberships and credentials; bind names to addresses Weaving a Web of Trust: Kahre and Rifkin

The Challenge The overall challenge facing all of us is the globalisation of end to end communications and global electronic commerce frameworks. There is a need for harmonisation of business practicies and compatability between systems.

The OECD Guidelines States: Cryptographic methods and Services should be trustworthy in order to generate confidence in the use of information and communications systems.

The Challenge Trust is therefore a major foundation of ecommerce. UPU role and Objective: To facilitate the establishment of global Postal Electronic Commerce Infrastructures and ensuring the compatability between Postal systems.

Working Group Participants global Postal Trust Services Project, using PKI and Cross Border Cross Certification Services. Australia Belgium Canada Finland France Indonesia Ireland Italy Netherlands Norway Singapore Sweden UK USA Hong Kong In the process of joining: Japan, Spain, Germany, Malaysia and Portugal

Areas addresed by the group Policy: to secure a minimum level of authentication policy comptatbility Legal: to ensure legal recognition and validity Technical: to establish standard interfaces to the global Postal Trust Services Business: to address applications, market intelligence and standards

Legal issues What we have done: * Scanned and reported findings about the current government legislations, working parties and international projects such as ABA, ICC, UNCITRAL & OECD. * Provided an an implementation check list to avoid legal liability. What we have learned: - The Trust Model is critical. Different laws apply to the design of our Network-of-Trust (Global Hierarchy, Networked or Hybrid Structures) - Critical Compatibility issues Policies, Procedures and Practices

The Postal Trust Model - Hybrid Network of Trust UPU Post-to-Post Dean CA Non Postal CA Toni Certificate points issuer to subject Requiered Hierarchical Cross Certificate General Cross certificate Special Cross certificate Certification Authority (CA) User Certificate

Trust Principles Be Specific Who is in the trusted group and what are they trusted fo Trust Yourself Be the master of your own domain Be Careful Rigourously justify every single trust decision Weaving a Web of Trust: Kahre and Rifkin

Some Scenarios & Legal issues 1- Applicability of the Law: Q.: What is the applicable law to the postal PKI (the root)? A.: The Applicable law is the UPU law the UPU constitution NOT the country law (see UNCITRAL) 2- Becoming a TTP and Joining the Postal PKI Q.: A.: How to become an effective TTP nationally in absence of law General principles of cryptography are to be respected (OECD) Authentication, integrity and non-repudiation processes are to be effective (ICC)

Some Scenarios & Legal issues 3- Including a Postal operator in the Postal PKI Q.: A.: How does a postal root include a postal operator in the PKI? By applying and respecting an Accreditation process & areement (ABA) 4- Certificate Validation and Recognition Q.: A.: Are certificates issued from country 1 or country 2 professional TTP valid? Yes, but the validation process has to be evaluated by the Postal PKI root (see UNCITRAL)

Some Scenarios & Legal issues 5- Concepts, Problems and Legal Solutions Concept Circumstances Legal Solution PKI Creation UPU TTP in PKI Crypt. Law Yes Apply law & UPU Agreements &Const. No UPU Rules + OECD principles X Certification Cross certification UPU Rules & Agreements & Const. Cross border UNICITRAL principles & UPU Electronic If a law exists Apply law & UPU Rules signature No existing law UPU rules and agreements for contractual managment

Certificate Validation and Recognition 4- Certificate Validation and Recognition Q.: Are certificates issued from country 1 or country 2 professional TTP valid? A.: Yes, but the validation process has to be evaluated by the Postal PKI root (see UNCITRAL) Need for, not only definitions, but a SYSTEM to represent the generic components of assurance for Legal recognition and value of a certificate-class across domains / borders. Universal Postal Union, Electronic Services

Concept System for Certificate trust level attributes and impact on legal value 17 16 15 14 13 Level 4 12 Finger print * 11 10 Level 3 9 Passport and DL * 8 7 Level 2 6 1 Photo ID * 5 4 Level 0 3 On-Line * 2 1 * * * * * * * * * * * * * * * * * * * * * Function / Authentication Key Directory & CRL Secret Signature Certificate Process Protection Data Dissemenation Freq. Sharing key Other Universal Postal Union, Electronic Services example Lev1Assur. = x AP + y KP + Z CrlFreq +... x, y, z are variables

Trust services and Legal Issues Conclusion We CAN provide cross-border certification services without definitive legal restrictions BUT We have to define the rules and policies under the UPU constitution and contractual umbrella

The OECD Guidelines States: Whether established by contract or legislation, the liability of individuals or entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated.

Liability: What is it For? Failure of trust services is in no-ones interest. Liability will therefore be a proof of trust.

Liability: What is it For? Failure of trust services is in no-ones interest. Liability will therefore be a proof of trust. Nonetheless it is a critical enabler. Therefore liability MUST be backed by positive measures to support the service.

Liability: What is it For? Failure of trust services is in no-ones interest. Liability will therefore be a proof of trust. Nonetheless it is a critical enabler. Therefore liability MUST be backed by positive measures to support the service. Expect varying degrees of liability linked to the type of service offered. Possibly be linked to the level of certificate.

Implementing Liability A few observations: Trust service availability will outrun legislation in most countries.

Implementing Liability A few observations: Trust service availability will outrun legislation in most countries. This will lead to contractual liability being established first.

Implementing Liability A few observations: Trust service availability will outrun legislation in most countries. This will lead to contractual liability being established first. Legal responsibilities are likely to fall on the supplier at a later date.

Implementing Liability A few observations: Trust service availability will outrun legislation in most countries. This will lead to contractual liability being established first. Legal responsibilities are likely to fall on the supplier at a later date. Good practice will be needed anyway. This should form the basis of a voluntary code of practice.

Implementing Liability A few observations: Trust service availability will outrun legislation in most countries. This will lead to contractual liability being established first. Legal responsibilities are likely to fall on the supplier at a later date. Good practice will be needed anyway. This should form the basis of a voluntary code of practice. This ideally should be established world-wide.

Achievements to Date 1- E. Commerce framework Policies * Completed a UPU Notional policies and Practice Statement (PKIX 4) 2- E. Commerce Legal framework * Derived a checklist to ensure legal validity of exchanges across border with corresponding agreements between postal administartions Universal Postal Union, Electronic Services

Achievements to Date 3- Global Postal E. Commerce Technical Profile * Completed the technical profile necessary for global Trust Service provision 4- Postal E. Commerce Business Applications * Identified 2 start-up applications to validate the framework and business revenue streams between Posts

Next Phases 1- Postal E. Commerce Business Applications * Requires a global business case for applications to validate the framework and business revenue streams between Posts 2- Global Postal E. Commerce Technical Profile * Requires technical standards to be developed by an appropriate body. Should this be The Open Group?

Enablers to Deliver Appropriate Trust for EC The following is needed as a minimum: Interoperable technology; standards Agreed best practice; Certificate Practice Statements; External Audit Good commercial practice; sustainable partnerships Robust legal framework Strong Government commitment and understanding; partnership with industry This won t happen overnight. Expect this to take at least 10 years.

Enablers to Deliver Appropriate Trust for EC T r u s t Competition S u p p l Trust by Sector i e r s 2000 2005 Consolidation Legislation Brave New World Time

The Universal Postal Union and global Postal Trust Services Contact: elmanawy@ptc.upu.org

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback