Description of a Certification Service Provider System Sample Clauses
Description of a Certification Service Provider System. A Certification Service Provider (CSP), within this specification, provides and manages certificates used for the support of electronic signatures. It is a primary assumption that a CSP will use a Public Key Infrastructure (PKI) for the management of certificates. The approach adopted in this specification is for a CSP to offer a number of services, each service having defined functions to facilitate service delivery. Each defined function is required to meet minimum security standards thus achieving trustworthy status. The CSP’s TWSs may consist of a number of subsystems each providing specific CSP services. Although this specification considers security requirements for the subsystems involved in the CSP’s service, the aim is to provide the Subject (Signatory) and Relying Party a single view of the CSP and hence a single view of the TWSs employed by it. To ensure this, the customer interface, in this specification, is to the ‘CSP Service’ and not directly to the individual services offered by the CSP. As subsystems are further decomposed any functionality defined by other acceptable standards has been referenced. In the context of the present CWA, a CSP must provide mandatory services by deploying TWSs with Core Services and provides optional services by deploying TWSs with Supplementary Services. All CSPs MUST implement all Core Services to meet the requirements of [Dir.1999/93/EC]. A CSP can choose to implement any Supplementary Services as deemed necessary by national, business and market requirements. However, if, in addition to the mandatory services, a CSP implements an optional service the CSP MUST implement the security requirements for that service as specified in this document. TWSs used for issuing and managing certificates are required to fulfil the General Security Requirements in §5.1 as well as specific Core Services Security Requirements in §5.2, and Supplementary Services Security Requirements in §5.3. In summary, a CSP MUST deploy TWSs meeting all General and Core Security Requirements. It is important to note that this technical/security integration does not necessarily impede on the freedom of the CSP to run the different components of the service using different business entities. When choosing TWSs for issuing NQCs/QCs, a CSP MUST ensure that it is conformant to this specification. Conformity assessment guidance can be found in [CWA 14172-3].