Standard

This Technical Report aims to be the entry point in relation to electronic signatures for any SME that is considering to dematerialize paper-based workflow(s) and seeks a sound legal and technical basis in order to integrate electronic signatures or electronic seals in this process. It is not intended to be a guide for SMEs active in the development of electronic signatures products and services - they should rather rely on the series ETSI EN 319 for building their offer - but it is a guide for SMEs CONSUMING e-Signature products and services. This document builds on CEN/TR 419040, "Guidelines for citizens", explaining the concept and use of electronic signatures, to further help SMEs to understand the relevance of using e-Signatures within their business processes. It guides SMEs in discovering the level of electronic Signatures which is appropriate for their needs, extends the work to specific use-case scenarios, paying special attention to technologies and solutions, and addresses other typical concrete questions that SMEs need to answer before any making any decisions (such as the question of recognition of their e-Signature by third parties, within their sector, country or even internationally).

The regulation on electronic identification and trusted eServices (eIDAS regulation) clearly extends the current Electronic Signature Directive from electronic signature towards electronic identification and electronic authentication. These two topics are closely linked to electronic signature and are considered in this context in this document. There are many documents, standards, industrial initiatives and European projects on identification and authentication, but the scope here is limited to electronic signature context, and wider to electronic transactions in the internal market. The present Technical Report is twofold. It firstly does a brief analysis of the implementing acts on electronic identities CIR 2015/1501 [29] and CIR 2015/1502 [30] and how this is addressed by the eID interoperability framework [31]. It secondly establishes what areas of existing standards are impacted by the eID framework and what further areas of standardization could assist nations in providing eID services.

Business role models in 2G, 3G and 4G have centred on relationships between MNO (mobile and network operators) and subscribers and between MNOs, e.g. roaming, RAN sharing.

5G is bringing about the shift towards enterprise business role models, with MNOs providing a network or network resources for use in enterprise. Depending on the degrees of ownership and management in enterprise, trust relationships are bringing additional requirements on the 5G system.

The focus of Business Role Models for Network Slicing (BRMNS) is on normative requirements that enable the 3GPP system to adequately support diverse business role models for network slicing by drawing on TR 22.830, which studies several use cases and their potential requirements.

Key objectives include:

• Additional control to 3rd parties.
• Security relationships.
• Constraints on network slice operation to better serve business needs.
• Non-public network access to MNO spectrum.

BRMNS (SP-180773; UI: 180015) is a completed 3GPP SA1 (services) for Release 16 (Q1-2 2020).

Rapporteur: Nokia. Supporting individual members: Nokia Shanghai Bell; NTT Docomo; Siemens AG; Sennheiser; ETRI (Electronics and Research Institute), Tencent; OEC.

5G Security enhancement against false base stations (FS_5GFBS) focuses on the potential threats and privacy issues associated with false base station scenarios.

Its main objective is to identify potential solutions for mitigating risks caused by a false base station.

SP-180690 fills several gaps in Release 15, such as solutions for RCC idle mode from AS security perspective with regard to UE detection of rogue gNBs. Rel-15 which studied such solutions but did not include them in normative work.

FS_5GFBS is a 3GPP SA3 (Security) item for Release 16 (Q1-2 2020).

Rapporteur: Apple. Supporting individual members: Vodafone; T-Mobile; InterDigital; CAICT; Lenovo; Motorola Mobility; vivo; OPPO; AT&T; China Mobile; BT; Samsung; NIST; Deutsche Telekom; Qihoo 360; Huawei; Hisilicon; Ericsson; Intel; ZTE and Orange.

5G capabilities, e.g. high performance, long distance access, mobility and security are needed for 5G services in multiple market segments spanning residential, office, enterprise and factory that require functionalities similar to Local Area Networks (LANs).

3GPP TR 22.821 (feasibility study) is the basis for standardisation work on LAN Support for 5G. This Technical Report focuses on 5GLAN management, support of IEEE 802.1 functionalities for general Ethernet, support of TSN related functionalities for deterministic Ethernet, support of direct and indirect access to 5GLAN type service, support of UE mobility.

The objective of 5GLAN is to develop normative service requirements for 5G system to support 5G-LAN type services. Specifically, it focuses on:

• General service requirements to enable 5G LAN-type services (connections, support for IP and Ethernet, service continuity, discovery).
• 5GLAN connection and management.
• 5G private virtual network.
• 5GLAN service authorisation.
• Mobility and service continuity for 5G LAN-type service.
• Ethernet enhancements.
• Indirect communication for 5G LAN type service.
• Service exposure for 5G LAN-type service.
• Security, isolation and privacy.

This normative work fills gaps in 3GPP TR 22.261.

5GLAN is under 3GPP SA1 (Services) as features and related studies for Release 16 (Q1-2 2020).

Rapporteur: KPN. Supporting individual members: InterDigital; Huawei; Siemens; Nokia; ETRI; Vodafone; Qualcomm; LG Electronics; Intel; Verizon; China Mobile.

This Technical Report aims to help citizens to understand the relevance of using electronic signature within their day-to-day lives. It also explains the legal and the technical backgrounds of electronic signatures. This document gives guidance on the use of electronic signatures and addresses typical practical questions the citizen may have on how to proceed to electronically sign, where to find the suitable applications and material.

The present Technical Report provides guidance on the selection of standards and options for the signature/seal creation and other related devices (area 2) as identified in the framework for standardization of signatures: overview ETSI/TR 119 000 [16]. The present Technical Report describes the Business Scoping Parameters relevant to this area (see Clause 5) and how the relevant standards and options for this area can be identified given the Business Scoping Parameters (Clause 6). The target audience of this document includes: - business managers who potentially require support from electronic signatures/seals in their business and will find here an explanation of how electronic signatures/seals standards can be used to meet their business needs; - application architects who will find here material that will guide them throughout the process of designing a system that fully and properly satisfies all the business and legal/regulatory requirements specific to electronic signatures/seals, and will gain a better understanding on how to select the appropriate standards to be implemented and/or used; - developers of the systems who will find in this document an understanding of the reasons that lead the systems to be designed as they were, as well as a proper knowledge of the standards that exist in the field and that they need to know in detail for a proper development.

This Technical Specification specifies the technical, operational and maintenance requirements for Software Assurance Levels to support the demonstration of compliance with some elements of the Essential Requirements Safety and Principles governing the construction of systems of the Regulation (EC 552/2004) of the European Parliament and of the Council on the interoperability of the European Air Traffic network (the Interoperability regulation).
This Technical Specification on Software Assurance Levels (SWAL) is intended to apply to software that is part of the EATMN, focusing only on its ground segment and providing a reference against which stakeholders can assess their own practices for software specification, design, development, operation, maintenance, evolution and decommissioning. Requirements in the present document which refer to should statements or recommendations in the normatively referenced material are to be interpreted as fully normative (shall) for the purpose of compliance with the present document.

This Technical Specification is for the production of conformity evidence for FDP-FDP ground-based system interoperability which has to be declared by the Air Navigation Service Provider (ANSP) before putting FDP-systems into service. This Technical Specification defines the Technical, Operational and Maintenance requirements for Flight Data Processing (ATC-ATC) system interoperability.
Flight Data Processing (FDP) interoperability between ATC units is a key element to facilitate and harmonise Flight Data systems data exchanges and critical to the functioning of a harmonised European Air Traffic Management system. FDP Interoperability can be achieved by the use of different techniques appropriate to the operational need, e.g. message exchange, replication mechanisms and data sharing.
The architectural framework in which the different actors have to inter-operate is of major importance to define the context in which the European Standards have to be developed.

Migrating Applications to the Cloud: Assessing Performance and Response Time Requirements is a supplement to the CSCC paper, Migrating Applications to Public Cloud Services: Roadmap for Success.
 
Assessing applications and workloads for readiness for migration to cloud computing allows organizations to determine which applications and data can (or cannot) be readily moved to a cloud computing environment and which delivery models (public, private, or hybrid) can be supported.
 
Emphasis is placed on mapping business requirements to the underlying technology to improve decisions regarding the suitability of cloud computing for a particular workload. By testing and quantifying performance and response time implications early on, performance issues can be avoided or mitigated.

Public Cloud Service Agreements: What to Expect and What to Negotiate was written to help cloud customers understand and evaluate public cloud service agreements (CSAs) from different providers.
 
The paper describes the current anatomy of a cloud service agreement, covering the customer agreement, acceptable use policies, cloud service level agreements and privacy policies.
 
The heart of the guide is a series of ten steps that cloud service customers should take to evaluate CSAs in order to compare public cloud service providers or negotiate terms with a provider. The recommendations are based on a thorough assessment of publicly available agreements from leading providers