eSignatures identify companies or single persons, allowing the receiver of a document to confirm the identification of the sender (authenticity) and provide assurance that the document has not been modified in transit (integrity). The originator of the document uses an eSignature issued by the relevant certification authority. These authorities may be public or private, national, regional or domain specific. The party receiving the document needs to know who issued the eSignature in order to validate it accordingly.
PEPPOL’s has created interoperability between the different national schemes, so that a contracting authority can validate certificates issued in other EU member states, enabling electronic submission of tenders across borders. This means that an economic operator (supplier) can use the eSignature of its choice when submitting an offer to any public sector awarding entity.
PEPPOL addresses specific problems relating to the creation, verification and acceptance of eSignatures accompanying eProcurement documents, to enable cross border signature validation. The PEPPOL validation infrastructure consists of a network of federated validation services, able to validate qualified signature certificates from trusted certification authorities according to the national ‘Trusted Services List’ (TSL) and also non-qualified certificates as long as they are accepted in certain procurement domains.
Use of the eSignature validation software is not mandatory for organisations implementing PEPPOL components. However, it is a valuable add-on service and has application beyond PEPPOL to any ‘trust model’ that comprises various certification authorities. The eSignature verification service is also independent of the PEPPOL transport infrastructure.
To realise this vision, the PEPPOL project has delivered:
- XKMS and OASIS DSS interface specifications
- Architecture and trust models
- eID and eSignature quality classification and policies
- Trans-national verification system – prototype documentation
- Online testing facilities
- Development of open source software components and demonstrator tools
- Documented benchmarking and best practices
Please download the eSignature factsheet
For more detailed information about PEPPOL, its components, ICT Architecture, and specifications, please follow the link to the PEPPOL EIA (Enterprise Interoperability Architecture) repository or send us an e-mail to: email@example.com.