Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Promotion of DX Sub-Working Group that secured Trust (5th)

Overview

  • Date and time: Tuesday, February 8, 2022 (2022) from 11:00 to 12:45
  • Location: Online
  • Agenda:
    1. Opening
    2. Proceedings
      1. Identification and arrangement of Trust service assurance levels, etc. (Secretariat)
      2. Presentation from Members, etc.
        • Satoru Tezuka (Keio University)
        • Kentaro Ito (GMO Global Sign Co., Ltd.)
        • NAKATAKE Hiroshi (Global Legal Entity Identifier Foundation)
        • Tatsuya Hayashi (LocationMind Co., Ltd.)
      3. Free discussion
    3. Adjournment

Materials

References

Relevant policies

Summary of proceedings

Date

Tuesday, February 8, 2022 (2022), from 11:00 a.m. to 12:51 p.m.

Location

Held online

Attendees

Members

  • Hiroshi Ota (Partner, Nishimura & Asahi)
  • Natsuhiko Sakimura (Senior Researcher, Tokyo Digital Ideas Co., Ltd.)
  • Kazue Sako (Professor, Department of Information Science and Engineering, School of Basic Science and Engineering, Waseda University)
  • Satoru Tezuka (Professor, Faculty of Environmental Information, Keio University) [Senior Researcher]
  • Soshi Hamaguchi (Senior Staff Member, Keio University SFC Research Institute)
  • Tatsuya Hayashi (Director of LocationMind Co., Ltd.)
  • Hiroshi Miyauchi (Attorney, Miyauchi & Mizumachi IT Law Office)
  • Kazuya Miyamura (Partner, PwC Arata LLC)
  • Makoto Takamura (Counselor to the Director-General of cybersecurity, Ministry of Internal Affairs and Communications)
  • Hiromasa Kiyo (Senior Assistant, Commercial Affairs Division, Civil Affairs Bureau, Ministry of Justice) *
  • Hidenori Sato (Planning Officer, cybersecurity Division, Commercial Information Policy Bureau, Ministry of Economy, Trade and Industry) * Attendance

Observer

  • Satoru Ijichi (Executive Director of the time business Accreditation Center, Information and Communication security Division, The Japanese Telecommunications Association)
  • Takayuki Idaka (Special Advisor for medical care Information Technology, Research development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • Daishu Ohta (Chairman of the External Affairs Department of the Digital Trust Council)
  • Hirohisa Ogawa (Chairman of the Steering Committee of the Nippon Trust Technology Council and Senior Researcher, Cyber security Strategic Group, Digital Innovation Division, Mitsubishi Research Institute, Inc.)
  • Mikio Ogawa (Executive Director of Administration and Settlement Systems Department, Japanese Bankers Association)
  • Tetsuro Okuno (Deputy Director of the General Affairs Division, Ministry of Health, Labor and Welfare Pharmaceutical and Environmental Health Bureau) * Attendance by proxy
  • OGURA Takayuki (General Manager of Corporate Sales Department, Shachihata Inc. Systems)
  • Seiji Kaneko (Director of the General Affairs Division, Pharmaceutical Affairs and Environmental Health Bureau, Ministry of Health, Labor and Welfare) * Attendance by proxy
  • KOMATSU Hiroaki (Partner, Tokyo IT Audit Department, KPMG AZSA LLC)
  • Hajime Sato I (Executive Director of the Policy Department of the New Economy Federation)
  • Sato Tatewaki (Cloud-based Electronic Signature Service Council Secretariat)
  • Koichi Shibata (Executive Director in charge of DX Service Planning Department and Chairman of the Planning and Operation Subcommittee of the Trust Service Promotion Forum, Seiko Solutions Corporation)
  • Kenichiro Shimai (Deputy Director of medical care Information Technology Promotion Office, Research and development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • SHIMAOKA Masamoto (Senior Researcher, IS Research Institute, SECOM CO., LTD.)
  • Kikuzo Sodeyama (Director of SKJ Sogo Tax Accountant Office)
  • Hajime Toyoshima Kiyoshi (DigitalBCG Japan Managing Director)
  • Yuji Nakasu (Vice President of Government Affairs, SAP Japan Co., Ltd.)
  • NAKATAKE Hiroshi (Representative of Global Legal Entity Identifier Foundation (GLEIF) Japan Office)
  • Akira Nishiyama (Special Member of the Electronic Certification Bureau Conference (Representative of Future Trust Lab))
  • Eiji Nozaki (Director of the General Affairs Division, Supervisory Bureau, Financial Services Agency
  • Akihide Higo (Project Owner, Digital Identity Verification Project Team, Incubation Lab, Digital Architecture and Design Center (DADC), Information-Technology Promotion Agency (IPA))
  • Tomoaki Misawa (Partner, PwC Arata LLC)
  • YAMAUCHI Toru (Managing Director of the Association for the Promotion of Information Economy and Society and Director of the Digital Trust Evaluation Center)
  • WAKAMEDA Mitsuo (Senior Researcher, Data Strategy WG, Planning Committee, Digital Economy Promotion Committee, Japan Business Federation)

Digital Agency (Secretariat)

  • Group Manager of Digital social common function Group Masanori Kusunoki, Group Deputy Manager of Shusaku Indo Group, etc.

Minutes

  • The Secretariat explained Material 1 "Explanatory Materials for the Secretariat."
  • Presentations were made by experts on Material 2 "Concept of Assurance Level of Trust Services", Material 3 "Use Cases of E-Certificate at GlobalSign", Material 4 "use cases of Trust Services and Limiting Systems", and Material 5 "Issues in Policy Formulation to Realize Trust Security in Service Provision".
  • In the open discussion, the following remarks were mainly made.
    • If signatures using My Number Card are to be positioned at the assurance level of Identification, it will be AAL3 (under the NIST standard). The current "Guidelines on Online Methods for Identity Verification in Administrative Procedures" do not necessarily include the unique situation of Japan. It is desirable that this sub-working group discuss and work on the revision of this guideline.
      There was an opinion that Interoperability is not necessarily necessary because the governing law is written in the contract. However, even if the governing law is specified, Interoperability may be necessary when actually considering evidentiary properties. For example, if Japanese law becomes the governing law, even European and American companies will need to use Japanese Trust services based on Japanese law. On the other hand, if the law of a European country is the governing law, Japanese companies will need to use EU Trust services instead of Japanese Trust services. If interoperability is ensured, they believe that they can use their own country's Trust services even if the law of the other country is the governing law.
      Regarding the request from the Ibaraki prefectural government, if electronic signatures and E-Certificate are specified in each law and regulation, it will be a heavy burden on users because they have to respond to each. A method should be taken in which the uniform level classification is determined by an organization such as Digital Agency or another government organization that establishes standards, and is referred to by each law and regulation. It is not a desirable situation that if the standards are determined by each law, the gray zone elimination system may be used when the judgment is not clear. The reason why LGPKI and certificates of responsibility in local governments cannot be used is that they are not listed in the AATL, but the use of the public should be expanded in the direction of announcing the policy and implementing third party audits for LGPKI.
      A subcommittee should be established under this sub-working group to discuss the details of the formulation of the Trust Assurance Level, and a proposal for the formulation of the level should be formulated by the subcommittee.
    • In the discussion of the assurance level of Identification, in addition to the standards such as IAL and AAL, it is necessary to develop a framework for the evaluation of IdP (Identity Provider) itself. In the case of the United States, the government has prepared a framework to certify Trust framework providers through Open Identity Exchange. In addition to the guidelines for administrative procedures, it is necessary to consider the positioning of the guidelines in private sector and how to effectively use them.
      In order to realize not only digitalization of paper and face-to-face processes but also Society5.0 and DFFT, the reliability of distributed and automatically processed data requires a foundation that can automatically validation data with a certain guarantee level, such as who created the data, who is a natural person or a corporation, when the data was created, and whether or not the completeness of the data is guaranteed. For that purpose, the development of this Trust service is essential.
      Regarding the request from the Ibaraki prefectural government, it is desirable that the E-Certificate is specified by common requirements. Regarding the LGPKI, the current situation that it is not included in the AATL shows that there has been a focus on cases of international technical standards and mutual recognition. For example, the EU's Quantified Trust Service is automatically included in the AATL and is displayed as a signature that can be used for validation in Adobe products, Adobe Reader, etc. On the other hand, the Japanese LGPKI is not included in the AATL, and the Ibaraki prefectural government has no choice but to use the private sector's certificate. It is not desirable. From now on, sufficient validation should be made to see if it is an appropriate operation compared to other countries, including LGPKI.
      Regarding the assurance level of Trust services, there are Trust services to which IAL and AAL do not apply. It is necessary to establish a separate forum and intensively discuss the standards for Trust service assurance level. On the other hand, if detailed technical standards are assumed to be the same level as the technical standards standardized by, for example, ETSI and CEN in Europe, it will be an extremely huge amount of work to develop them from scratch. Therefore, it is necessary to devise ways to shortcut the work such as proposing ISO based on existing standards, ETSI, Web Trust, and other standards.
    • We negotiated with Adobe to renew the old GPKI certificates registered with AATL to the new certificates, but Adobe said that it would be difficult if the key length was not that standard because the technical requirements changed in June 2017 and the key length of the root certificate became 3072 bits. We negotiated with LGPKI to renew the old GPKI certificates registered with AATL to the new certificates, but said that it would be difficult if the key length was not that standard because the key length of the root certificate became a problem. Since the Certificate Authority renews the key once every five years, we would like to consider registering AATL in anticipation of the next update. Until then, we plan to provide a tool that anyone can use for validation in September this year.
    • Regarding e-seal, we have provided millions of certificates, and we are doing implementation as a fairly large-scale example. In the case of vaccine passport, which requires interoperability, the Issue was the Trust Framework, which WHO could not arrange. The EU method specified the Trust Framework in the EU Digital Green vaccine passport Gateway (DGCG), and ICAO was realized in the form of the Trust Framework for passports. For smart health cards, implementation was done in the form of putting public keys as URIs on data and putting them on the Trust of domains. There is a question as to whether My Number Card should be the highest level of authentication means and how to define the highest level. Even now, it is not necessarily a modern PKI, including the 2048 bit RSA encryption and the method of assigning serial numbers. As you pointed out regarding LGPKI interoperability, there were cases in the past where GPKI could not satisfy the standards of the CA/Browser Forum for Web Trust, and the operation of the application CA was stopped, and it was concluded that private sector should be used as the server certificate for SSL as a general rule. Investment in Trust in Japan was insufficient compared to Europe and the United States. While operating in such a state, there are actual circumstances in which Japan's Trust service does not meet the needs of the world. Therefore, we must consider how to strengthen the system in order for Japan's Trust service to fulfill its social responsibility.
      In the Trust Assurance Level, if the overall Trust level is discussed, what is the relationship with the concept of Levels of Assurance in NIST SP800 63-2?
    • At the Trust Assurance Level, national regulatory bodies, conformity assessment bodies, and certification mechanisms are necessary. Since conformity assessment bodies are certified by the national government, the following functions are similar to those of the JIPDEC, which audits the certification business of the Electronic Signatures in Global and National Commerce Act. Since the JIPDEC is a designated investigation agency, the method of installation is different, but since it is certified, the validation will be done by allowing multiple conformity assessment bodies to work more flexibly in the private sector. In fact, the standards for certification will be set by the national government. Now, electronic signatures are similar to that, and the certification business itself is happening. It is not that we are suddenly introducing new ones to Japan, but we have been doing similar things with electronic signatures until now, so why don't we make it possible to do so in a wider range? Trust
    • In discussing Trust services and their assurance levels, it is better to distinguish between 1. Trust services related to certification, authorization, and timestamp and the supply chain that provides them, and 2. the supply chain that distributes and processes various types of data itself, which have been mainly discussed so far. The reliability of data distributed and processed by 1. Trust services that can be supported by 2. is limited to limited subjects and scopes such as legitimacy and completeness, and is required by digital completion and automation principles in digital principles. 2. The reliability of data required in the supply chain of data distribution itself will require not only legitimacy, completeness, and timestamp (timeliness, etc.) that can be provided by 1. services, which have been discussed so far, but also accuracy and coverage. When considering the scope and assurance level of Trust services, it is necessary to clarify the subject and ensure the trust on the user side for those that are outside the subject or scope. In discussing the scope and assurance level of Trust services, it is necessary to clarify the Trust portion that must be secured on the user side. In examining the system design for the purpose of DFFT and digital principles, it is necessary to separately consider whether the subject and scope that can be covered are limited to legitimacy and completeness or include accuracy and coverage, and 2. which scope can be covered in the supply chain of data distribution itself.
    • For the certification of certified business operators, it is more important to know how the operation is performed and how to audit it than to classify the level. The audit at one point in time will be a thing of the past. In operation, the recipient needs metadata about when it was done for risk management. It is not just about the level.
      I heard that there is national certification in the U.S., but it is a certification for use by a federal agency called ICAM, so this is natural. Then, how is the utilization of the certification standard in private sector? It is not working very well. Major operators have turned their backs on us. We need to consider that and make a design.
      When formulating the level of Trust service, it is better not to include various things. Identification, Authentication, Authorization, and Claim verification need to be separated and considered independently. Regarding what is desired to be secured by the assurance level of Trust service, it is necessary to consider the perspective of securing Trust after a certain time has elapsed. Since the Identification Assurance Level and the Trust Service Assurance Level are orthogonal concepts, it is better not to mix them. It is important how to ensure transparency in operation.
    • Regarding the concept of identity verification and certification processes, it may be possible to refer to the "Guidelines on Online Identity Verification Methods for Administrative Procedures." In discussing Trust, how the administration is doing should be the starting point when considering private sector Trust services.
      As for the request from Ibaraki prefecture, the fact that GPKI and LGPKI are not listed in AATL itself is a big problem. There was a talk from Digital Agency that the validation tool would be distributed separately, but from the viewpoint of users, if the validation tool is required only for GPKI, it could be the cause of further delay in digitalization. Since the government will turn to digital in the future based on digital principles, from the viewpoint of users in private sector, being listed in AATL is one of the major criteria for ease of use. I hope that GPKI and LGPKI will be listed in AATL as soon as possible.
      It is questionable that audit requirements are included in the criteria for the assurance level of Trust Service. This may be slightly different in nature. As for the assurance level, it is easier to understand if we separate the story of what should be ensured (substantive requirements theory) from the story of the procedure for validation and certification whether or not it is ensured (validation and certification procedure theory). It is understandable if audit requirements are included in the certification procedure that must be audited at the time of certification, but it is strange that audit requirements are included in the assurance level itself.
    • Regarding TAL, I understand from the previous discussion that even if something does not conform to the standards, it should not be denied because it is electronic, and TAL0 should be included as a level that I have not even audited.
      While similar discussions have been held in Trust on what is desired to be secured at the assurance level of Ministry of Internal Affairs and Communications, the main premise is to bring the certification function that paper naturally has into digital. On that basis, in order to distinguish who is the issuer, human, thing, and sound, which are considered to be entities, are required in the Cyber-Physical security Framework discussed by the Ministry of Economy, Trade and Industry. When considering the institutional theory in the future, it is necessary to reserve that there is a possibility that things will come into Trust as issuers in the future. Regarding what is desired to be certified, in the Cyber-Physical security Framework, data, procedures, and systems are listed as elements, but it is recognized that what is defined in the eIDAS and Electronic Signatures in Global and National Commerce Act is a state in which three things are listed: human intention, fact, time, and when.
      Under the law, only public officials are given special treatment in establishing documents, which is why the central government has a certificate of government position and local governments has a certificate of municipal responsibility. Regarding GPKI and LGPKI, the Government of Japan operates in a form in which all E-Certificate offices are integrated at the Bridge Certification Office, and Digital Agency should work to ensure that the root certificates of the Bridge Certification Office are listed on the AATL.
      In the long run, IAL should be discussed with use cases in mind, whether they want to confirm natural persons or whether they should be able to confirm that they are YouTuber.
      As for the story that signing in My Number Card will be a certification equivalent to IAL3, in the flow of smart cities in Maebashi City, "Maebashi ID" is issued, and another ID is given starting from the electronic signature in My Number Card. In order to do this, an accredited certification business operator should have been newly accredited in Digital Agency recently, and it is better to keep in mind the case that E-Certificate attached to My Number Card is not used directly, but is used conveniently as a starting point.
    • The Trust service is defined as "a mechanism to verify the validity of people, organization, data, etc. on the Internet and to prevent falsification, spoofs, etc.", but what is legitimate depends on the use cases and the service. It is important to classify the level, but it is important to confirm what is legitimate when providing the service. For example, when there is a signature on the PCR test result, the validation side can interpret what is legitimate in various ways, such as whose public key (validation key) can be used to verify it, or whether it can be determined from the name whether it is really medical institutions.
      Regarding the keywords of originality and authenticity, I wonder whether these two keywords are necessary for digital data as well because paper requires originality and authenticity.
    • Regarding PCR testing, there was a need to make it possible to know that a person is safe with just one app, which was a point that vaccine passport was also concerned about. However, the accuracy of PCR testing is quite variable, and it has not been approved yet. This study group has been discussing the issue since it started in use cases, and there was a considerable amount of regression in today's discussion on what Trust is required in each use cases. In the course of accumulating such discussions, if the requirements necessary for creating a truly reliable society are sorted out, what should be created in the future will become apparent.
  • The secretariat explained that the meeting materials will be published on the Digital Agency website later, that additional opinions and questions will be communicated to the secretariat and used as a reference for future operations, and that the minutes of the meeting will be published after the members confirm the content.
  • The secretariat explained that the next meeting of the Sub-Working Group is scheduled to be held online on February 25, 2022 (2022) at 3:00 p.m.

End