Merging and Extending the PGP and PEM Trust Models - the ICE-TEL Trust Model

The ICE-TEL project is a pan-European project that is building an Internet X.509 based certification infrastructure throughout Europe, plus several secure applications that will use it. This paper describes the trust model that is being implemented by the project. A trust model specifies the means by which a user may build trust in the assertion that a remote user is really who he purports to be (authentication) and that he does in fact have a right to access the service or information that he is requesting (authorization). The ICE-TEL trust model is based on a merging of and extensions to the existing Pretty Good Privacy (PGP) web of trust and Privacy Enhanced Mail (PEM) hierarchy of trust models, and is called a web of hierarchies trust model. The web of hierarchies model has significant advantages over both of the previous models, and these are highlighted here. The paper further describes the way that the trust model is enforced through some of the new extensions in the X.509 V3 certificates, and gives examples of its use in different scenarios

Programmes in transition - between closure and start. Review of programme developments: Winter-Summer 2007

The past six months have seen a shift in emphasis from the 2000-2006 to the 2007-2013 programmes. Programme managers and other implementing organisations have not only been negotiating draft programmes for 2007-2013 with European Commission staff, but have also been undertaking a range of tasks to prepare for implementing these programmes. A number of initiatives have also occurred at EU level, which direct policymakers’ attention forward to the EU budget review of 2008-2009 and beyond. In addition, ongoing efforts have been needed to ensure that the remaining funds under the 2000-2006 programmes are effectively absorbed, and that all technical preparations for programme closure are underway

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Internal report cluster 1: Urban freight innovations and solutions for sustainable deliveries (2/4)

Technical report about sustainable urban freight solutions, part 2 of

Internal report cluster 1: Urban freight innovations and solutions for sustainable deliveries (1/4)

Technical report about sustainable urban freight solutions, part 1 of

The European Regulatory Framework and its implementation in influencing organic inspection and certification systems in the EU

The report presents a review of the most important European and international legislation that set the framework for organic certification, of reports prepared by international agencies working with organic standard setting and certification, and of relevant scientific literature. It discusses problems, future challenges of the organic control systems in Europe leading to suggestions for improvement. Food quality assurance is of key importance for the future development of the Common Agricultural Policy of the EU. A large number of mandatory and voluntary assurance and certification schemes exist for agriculture and in the food industry leading to the risk of increased costs for producers and confusion of consumers. Such schemes include the setting of requirements and bodies that undertake control and provide certificates. Requirements can be divided into statutory regulations regarding food safety and good agricultural practice and standards for voluntary attributes. Basic requirements of food safety, animal health and animal welfare are controlled by the Official Food and Feed Control (OFFC) systems, governed by Council Regulation (EC) 882/2004. Third party certification provides credibility to claims related to voluntary standards and is communicated to the consumers through the use of certification marks. The EU has developed a legislative basis for quality claims in relation to geographical indications, traditional specialities and organic farming and considers introducing labelling rules in relation to animal welfare, environmental impact and the origin of raw materials. Organic certification is one of a number of overlapping and competing schemes. The development of organic standards and certification in Europe started with private standards and national rules, leading to Regulation (EEC) 2092/1991. The requirements for competent authorities, control bodies and operators in this regulation regarding the control systems are reviewed. The discussion highlights the low level of knowledge among consumers of the requirements of organic certification, a weak emphasis of the control system on operator responsibility for organic integrity, issues of competition and surveillance of control bodies, a lack of consideration of risk factors in designing the inspection systems and a lack of transparency. A total revision of the European Regulations on organic production began in 2005. One important change introduced by the new Council Regulation (EC) 834/2007 for Organic Food and Farming is that the organic control system is placed under the umbrella of Council Regulation (EC) 882/2004 on Official Food and Feed Controls. Regulation (EC) 834/2007 also requires that control bodies have to be accredited according to general requirements for bodies operating product certification systems (ISO Guide 65/EN 45011). From July 2010 packaged organic products will have to carry the new EU logo as well as the compulsory indication of the control body. The report reviews the requirements for competent authorities, control bodies and operators from the various legal sources. The discussion highlights a lack of clarity on the impact of the OFFC regulation on the organic control system including how risk based inspections are to be implemented and the potential for in-consistencies in the enforcement of the regulation. A number of international initiatives concerned with the harmonisation of organic standards and to a lesser extent certification are reviewed, such as the International Task Force on Harmonisation and Equivalence (ITF)1 Two main alternative guarantee systems for organic production have been developed and researched by a number of organisations including IFOAM, ISEAL, FAO and the EU Commission. Smallholder Group Certification based on an Internal Control System (ICS) and Participatory Guarantee Systems (PGS) could also represent ways to minimize certification costs also for European farmers, in particular for operators that market directly or through very short supply chains. Both systems also illustrate examples of certification systems with a focus on system development and improvement. , the European Organic Certifiers Council (EOOC), the International Social and Environmental Accreditation and Labelling Alliance (ISEAL) and the Anti-Fraud Initiative (AFI). The multilateral initiatives have led to a better understanding of current problems and the scope and limitations for harmonisation. They have also contributed to the sharing of tools and methods and the identification of best practice. Apart from organic farming the European Union has two other food quality schemes: Regulation (EC) 510/2006 on geographical indications and Regulation (EC) 509/2006 on traditional specialities. The report explores the potential for combining these with organic certification, and draws lessons for organic certification based on Italian experience. The final chapter summarises problems and challenges from the previous chapters. Suggestions for improvements of the organic control system focus on two issues: the need for further harmonisation of the surveillance of control bodies and enforcement of the regulation and how operators’ responsibility for further development of organic systems could be supported in the control and certification system