802
edits
Changes
Redirected page to E-Signatures in the GC/E-Signature Options Blog 2020-04
#REDIRECT [[E-Signatures in the GC/E-Signature Options Blog 2020-04]]{{DISPLAYTITLE:E-Signatures in the GC/E-signature Options 2020-04}}
<multilang>
<multilang>
@en|__NOTOC__
@en|__NOTOC__
Above example is when sending the email. Note the use of /s/ to show intent to sign, though this may or may not be necessary and we are not implying that it is required in a signed email.
Above example is when sending the email. Note the use of /s/ to show intent to sign, though this may or may not be necessary and we are not implying that it is required in a signed email.
[[File:Email_sign2.PNG|center]]
[[File:Email_sign2b_annotated.png|center]]
Above shows the Inbox of the recipient including a red icon to indicate digital signature.
Above shows the Inbox of the recipient including a red icon to indicate digital signature.
[[File:Word_sign1.PNG|center]]
[[File:Word_sign1.PNG|center]]
We won’t go into detail here about how to set these up, as each technology choice could be a blog post on its own, but there are pros and cons to each of the choices that would have to be weighed by the business owner for the specific situation. The major takeaway is that each of these options can be used today by GC officials needing to sign documents as well as those verifying the signatures. Note that this latter step of verifying signatures is not always performed with physical, ink signatures, so the digital replacement using PKI has additional benefits. GC PKI credentials using soft tokens (epf files), which is the majority of such credentials within the GC, achieve an LoA 2. See [https://www.cse-cst.gc.ca/en/node/2454/html/28582 CSE ITSP.30.031 V3] for more details. GC PKI credentials using hard tokens and a rigorous identity-proofing process may achieve LoA 3 or even 4, if implemented in accordance with the level 4 requirements identified in the e-signature guidance document. In addition, GC PKI credentials come with strong LoA 2 identity-proofing baked in at a minimum (higher for many).
We won’t go into detail here about how to set these up, as each technology choice could be a blog post on its own, but there are pros and cons to each of the choices that would have to be weighed by the business owner for the specific situation. The major takeaway is that each of these options can be used today by GC officials needing to sign documents as well as those verifying the signatures. Note that this latter step of verifying signatures is not always performed with physical, ink signatures, so the digital replacement using PKI has additional benefits. GC PKI credentials using soft tokens (epf files), which is the majority of such credentials within the GC, achieve an LoA 2. See [https://www.cse-cst.gc.ca/en/node/2454/html/28582 CSE ITSP.30.031 V3] for more details. GC PKI credentials using hard tokens and a rigorous identity-proofing process may achieve LoA 3 or even 4, if implemented in accordance with the level 4 requirements identified in the [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html e-signature guidance] document. In addition, GC PKI credentials come with strong LoA 2 identity-proofing baked in at a minimum (higher for many).
=== Within the GC - Where the User is Associated with an Account ===
=== Within the GC - Where the User is Associated with an Account ===
== Secure Electronic Signature ==
== Secure Electronic Signature ==
As mentioned in the e-signature guidance, the Personal Information Protection and Electronic Documents Act (PIPEDA) and other federal legislation refer to the concept of a “Secure Electronic Signature” (SES). What constitutes an SES is governed by PIPEDA and the technology process described in the Secure Electronic Signature Regulations (SESR). Although PIPEDA mandates the use of SES in certain circumstances (e.g. federal legislative and regulatory requirements for witnessed signatures, statements declaring truth etc.), most of these do not apply unless a department has taken positive steps to have the provisions in question apply. Consult your DLSU for further information. At this point we would suggest that implementing Secure Electronic Signature is a challenging task that may not be fully achievable for some applications.
As mentioned in the [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html e-signature guidance], the Personal Information Protection and Electronic Documents Act (PIPEDA) and other federal legislation refer to the concept of a “Secure Electronic Signature” (SES). What constitutes an SES is governed by PIPEDA and the technology process described in the Secure Electronic Signature Regulations (SESR). Although PIPEDA mandates the use of SES in certain circumstances (e.g. federal legislative and regulatory requirements for witnessed signatures, statements declaring truth etc.), most of these do not apply unless a department has taken positive steps to have the provisions in question apply. Consult your DLSU for further information. At this point we would suggest that implementing Secure Electronic Signature is a challenging task that may not be fully achievable for some applications.
At this time it is not clear if TBS can recognize external CAs in order to provide the certificates required to apply secure electronic signatures to documents such that they could be verified by members of the public. Even for internal use, not many users outside of RCMP and DND have access to certificates that have been enrolled with a suitable face to face procedure and have the private signing key stored on an approved FIPS 140-2 security token.
At this time it is not clear if TBS can recognize external CAs in order to provide the certificates required to apply secure electronic signatures to documents such that they could be verified by members of the public. Even for internal use, not many users outside of RCMP and DND have access to certificates that have been enrolled with a suitable face to face procedure and have the private signing key stored on an approved FIPS 140-2 security token.
==Questions and Contact Information==
==Questions and Contact Information==
For questions and other enquiries please email [mailto:ZZTBSCYBERS@tbs-sct.gc.ca TBS-Cyber Security].<br>
For questions and other enquiries please email [mailto:ZZTBSCYBERS@tbs-sct.gc.ca TBS-Cyber Security].<br>
To join a discussion from within the GC, see [https://gcconnex.gc.ca/blog/view/63382002/electronic-signature-options-available-for-immediate-use-within-the-government-of-canada-gc-options-de-signature-electronique-disponibles-pour-utilisation-immediate-au-sein-du-gouvernement-du-canada-gc?language=en GCconnex discussion].
To join a discussion from within the GC, see [https://gccollab.ca/discussion/view/4619705/enblog-on-e-signature-options-available-today-to-gc-departmentsfr GCcollab discussion].
==Questions et Informations de Contact==
==Questions et Informations de Contact==
Pour des questions et des autres demandes de renseignements, veuillez envoyer un courriel à [mailto:ZZTBSCYBERS@tbs-sct.gc.ca SCT-Cyber Securité].<br>
Pour des questions et des autres demandes de renseignements, veuillez envoyer un courriel à [mailto:ZZTBSCYBERS@tbs-sct.gc.ca SCT-Cyber Securité].<br>
Pour participer à une discussion au sein gu GC, suivre [https://gcconnex.gc.ca/blog/view/63382002/electronic-signature-options-available-for-immediate-use-within-the-government-of-canada-gc-options-de-signature-electronique-disponibles-pour-utilisation-immediate-au-sein-du-gouvernement-du-canada-gc?language=en discussion GCconnex].
Pour participer à une discussion au sein gu GC, suivre [https://gccollab.ca/discussion/view/4619705/enblog-on-e-signature-options-available-today-to-gc-departmentsfr discussion GCcollab].
</multilang>
</multilang>
{{DEFAULTSORT:E-Signatures in the GC/E-SIgnature Options 2020-04}}