Winning the cube: Fernando Catullo on the Cloud Signature Consortium
Digital thinking is now a must. New businesses are established in a digital environment. Old businesses transform and adapt the technologies they use, changing the way they do business, work, and communicate with stakeholders regardless of whether they are internal (employees and management) or external (customers, suppliers, partners, …).
It’s only right to imagine fully digital processes, users connected in new and different ways, blurred boundaries that smooth and eliminate the differences between inside and outside.
It’s essential that technologies evolve with changing environments and electronic signatures are no exception. Solutions that are difficult to use away from the desktop must be abandoned and replaced (often placed side by side) with alternative architectures which surpass and enhance the potential of established concepts considered unchangeable.
This is the case with Cloud Signature which is an alternative to solutions based on personal devices (Smartcards and Tokens), taking cryptographic systems and extending their use to situations which otherwise would be impossible to handle: above all Web and Mobile uses.
Cloud Signature is an integral part of the European regulation eIDAS and for the first time the possibility of creating a single market is envisaged where regulations provide the legal validity to a fully digital document also, and above all, considering a supranational framework. There is nothing to prevent the rules laid down in Europe from becoming relevant beyond its borders and becoming a reference for the free exchange of information supported by an international “Trust”.
Some national governments launched initiatives a while ago, firstly to encourage dematerialization and now digitization. There are already solutions and providers of signatures at a national level, but eIDAS enables a unified objective to be pursued, irrespective of where business is carried out.
With a common regulation and a global objective, there is no room for proprietary solutions. It isn’t possible (or should we say, it’s not an efficient use of resources) to consider technologies as valid when their use is patchy, and which require long and risky integration projects. It isn’t even possible to imagine forcing a business to make a mandatory choice for all the business environments and locations in which it operates.
An open and shared interoperability framework must be established and adopted by the market, leading to the availability of compatible and interchangeable products and services. These should perform the same function, adapting to requirements without affecting the validity of the final product, “the Digital Signature”, in all situations in which a Signature is needed to guarantee the intent and integrity of the document or transaction.
The end user needs an architecture which allows it to freely choose Clients and Servers in a variety of multiple configurations, adapting to the different situations in which it may operate.
Similarly, it is an opportunity and a competitive advantage for both Trust Service Providers and Application Service Providers to implement only once a standard communication protocol between elements in the chain and to “natively” achieve integration between services, inherit configuration flexibility and achieve stability in the delivery of functionality. All this, without the frustration of having to start over each time with analysing, designing and solving the same, sometimes conflicting, situations created by those who love proprietary solutions and obviously defend at all costs their own.
CSC is a non-profit making association bringing together the main European Trust Service Providers and is led by Adobe, the Application Service Provider which more than any other has chosen the path of openness and standardization.
CSC has published the first standard on the communication between Client and Server modules for implementing Cloud Signature solutions and has demonstrated that it is possible to offer the end user an architecture which covers required functionalities with the flexibility and scalability needed to operate in a global market.
CSC will continue its work with the aim of encouraging new members, widening the participation of world experts in the standard, creating a market which exceeds and addresses the future developments and needs of a Trust Digital Transformation.
Delivering successful Cloud Signature services for End Users, TSPs and ASPs.