Electronic Signatures and Infrastructures (ESI);Mapping Comparison Matrix between the US Federal Bridge CA Certificate Policy and the European Qualified Certificate Policy (TS 101 456)

Title		Electronic Signatures and Infrastructures (ESI);Mapping Comparison Matrix between the US Federal Bridge CA Certificate Policy and the European Qualified Certificate Policy (TS 101 456)
Acronym		ETSI TR 102 458
Document Type		Standard
Committee		ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI)
Published Year		2006
Link		https://www.etsi.org/deliver/etsi_tr/102400_102499/102458/01.01.01_60/tr_102458v010101p.pdf
Abstract The present document compares the United States” The Federal Bridge Certification Authority (FBCA) Certificate Policy [3], and the European Qualified Certificate Policy (QCP) as specified in TS 101 456 [2] in order to identify to what extent which stipulations FBCA CP match those of QCP. This comparison concentrates on requirements at the medium level of assurance as identified in the FBCA Certificate Policy [3] including the option for “medium hardware” (equivalent to SSCD) and “medium – Commercial Best Practices”. The present document gives the current results of the comparison following discussions with FPKI experts up to November 2005. Further consideration on some areas is still ongoing and this mapping is subject to further revision. The present document is an opposite of the earlier mapping specified by the US Federal PKI mapping from the QCP into the requirements of the FBCA CP. The purpose of the present document is to facilitate a CA abiding by the QCP to ascertain if QCP requirements, to which it complies, are met by another CA abiding by FBCA CP and therefore to assess if a cross certification can be enacted. It is to be kept in mind that this second CA has to be assessed as compliant by the Federal Bridge Certification Authority. The present document is structured as follows: 1) BRIEF ASSESSMENT, which provides for each clause of the QCP a one-word assessment of the similarity of the applicable FBCA CP sections, using a set of well-defined evaluation terms, and identifies any points that should specially noted when applying this map to specific CA policies; 2) DETAILED ASSESSMENT, which details the BRIEF ASSESSMENT by breaking down all the relevant requirements in the QCP, grouped by clause, and by listing for each QCP clause the relevant FBCA CP sections and requirements that match to some degree to the corresponding QCP requirements clause; the same one-word assessment used in the BRIEF ASSESSMENT is complemented, where necessary, with explanatory comments. As a result of this comparison, requirements are identified in the FBCA CP that are of particular note and should be especially considered when applying this map to specific CA policies