3.1 Certificate Requirements: Difference between revisions
No edit summary |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
As required by the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication contained in the [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018R0389&from=EN DELEGATED REGULATION (EU) 2018/389 of 27 November 2017], TPP need to be equipped with qualified certificates for electronic seals / website authentication (eIDAS Certificates). | As required by the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication contained in the [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018R0389&from=EN DELEGATED REGULATION (EU) 2018/389 of 27 November 2017], TPP need to be equipped with qualified certificates for electronic seals / website authentication (eIDAS Certificates). | ||
TPP ''eIDAS'' Certificates can be of two types: | |||
TPP eIDAS Certificates can be of two types: | |||
<ul> | <ul> | ||
<li> | <li> | ||
QWAC (Qualified Website Authentication Certificate): used as Client Certificates – allow TPPs to communicate securely with and identify themselves towards ASPSPs ([https://eba.europa.eu/documents/10180/2137845/EBA+Opinion+on+the+use+of+eIDAS+certificates+under+the+RTS+on+SCACSC.pdf Opinion of the European Banking Authority on the use of eIDAS certificates under the RTS on SCA and CSC]); | |||
</li> | </li> | ||
<li> | <li> | ||
QSeal (Qualified Certificate for Seals): used to sign requests using http-signature – ensure that the communication between TPPs and ASPSPs is secure and that the data submitted originates from the PSP identified in the certificate ([https://eba.europa.eu/documents/10180/2137845/EBA+Opinion+on+the+use+of+eIDAS+certificates+under+the+RTS+on+SCACSC.pdf Opinion of the European Banking Authority on the use of eIDAS certificates under the RTS on SCA and CSC]); | |||
</li> | </li> | ||
</ul> | </ul> | ||
The Testing Facility (Sandbox) made available from the | The '''Testing Facility''' (Sandbox) made available from the '''14<sup>th</sup> of March, 2019''', is accessible to all the TPPs in possession of: | ||
<ul> | <ul> | ||
<li>a | <li>a valid QWAC production eIDAS Certificate released by a Qualified Trusted Service Provider (QTSP);</li> | ||
<li>QWAC Test Certificate released by a Qualified Trusted Service Provider (QTSP);</li> | <li>QWAC Test Certificate released by a Qualified Trusted Service Provider (QTSP);</li> | ||
</ul> | </ul> | ||
The '''Production Facility''' made available '''from the 1<sup>st</sup> of June, 2019''', is accessible to all the TPPs in possession of: | |||
<ul> | |||
<li>a valid production QWAC and QSeal (for http-signature) eIDAS Certificates released by a Qualified Trusted Service Provider (QTSP) based on a formal authorization in the NCA.</li> | |||
</ul> | |||
The Production Environment made available from the 1<sup>st</sup> of June, 2019, is accessible only to the TPPs in possession of both QWAC and QSeal eIDAS Certificates valid for the Production Environment. '''The TPPs that have already performed the onboarding with the test certificate''', in order to ensure the highest levels of security for the PSUs and receive the production client id/secret id, '''are required to send an explicit request to the dedicated email address [mailto:supportcbiglobe@cbi-org.eu supportcbiglobe@cbi-org.eu] with attached an eIDAS certificate valid for the production environment'''. | |||
Furthermore, starting from the 1<sup>st</sup> of June, 2019, '''self-signed certificates are not considered valid anymore''' to access the Testing Facility. | |||
From the 1° June the mail address that will support TPPs is the following: '''[mailto:helpdesk@supportcbiglobe.com helpdesk@supportcbiglobe.com]''' | |||
---- | ---- | ||
Line 26: | Line 36: | ||
<div class="prevpage"> | <div class="prevpage"> | ||
[[3. TPP onboarding|<< 3. TPP onboarding]] | [[3. TPP onboarding|<< 3. TPP onboarding]] | ||
</div><div class="nextpage"> | |||
[[3.2 Distribution of e-IDAS certificate|3.2 Distribution of e-IDAS certificate >>]] | |||
</div> | </div> |
Latest revision as of 17:15, 28 November 2019
As required by the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication contained in the DELEGATED REGULATION (EU) 2018/389 of 27 November 2017, TPP need to be equipped with qualified certificates for electronic seals / website authentication (eIDAS Certificates).
TPP eIDAS Certificates can be of two types:
- QWAC (Qualified Website Authentication Certificate): used as Client Certificates – allow TPPs to communicate securely with and identify themselves towards ASPSPs (Opinion of the European Banking Authority on the use of eIDAS certificates under the RTS on SCA and CSC);
- QSeal (Qualified Certificate for Seals): used to sign requests using http-signature – ensure that the communication between TPPs and ASPSPs is secure and that the data submitted originates from the PSP identified in the certificate (Opinion of the European Banking Authority on the use of eIDAS certificates under the RTS on SCA and CSC);
The Testing Facility (Sandbox) made available from the 14th of March, 2019, is accessible to all the TPPs in possession of:
- a valid QWAC production eIDAS Certificate released by a Qualified Trusted Service Provider (QTSP);
- QWAC Test Certificate released by a Qualified Trusted Service Provider (QTSP);
The Production Facility made available from the 1st of June, 2019, is accessible to all the TPPs in possession of:
- a valid production QWAC and QSeal (for http-signature) eIDAS Certificates released by a Qualified Trusted Service Provider (QTSP) based on a formal authorization in the NCA.
The Production Environment made available from the 1st of June, 2019, is accessible only to the TPPs in possession of both QWAC and QSeal eIDAS Certificates valid for the Production Environment. The TPPs that have already performed the onboarding with the test certificate, in order to ensure the highest levels of security for the PSUs and receive the production client id/secret id, are required to send an explicit request to the dedicated email address supportcbiglobe@cbi-org.eu with attached an eIDAS certificate valid for the production environment.
Furthermore, starting from the 1st of June, 2019, self-signed certificates are not considered valid anymore to access the Testing Facility.
From the 1° June the mail address that will support TPPs is the following: helpdesk@supportcbiglobe.com