For a long time, trust services remained confined to a few very limited applications, closed systems that an organization imposed on its customers or citizens.
In recent years, their field of action has exploded. The technologies are more mature, more affordable and, above all, certain technical pitfalls have been resolved. This is particularly the case for the interoperability of systems, a crucial point for the success of a large-scale trust system.
Trust services allow the creation, verification and validation of electronic signatures, electronic seals or time stamps. They also allow the creation, verification and validation of certificates for the authentication of Internet sites. Finally, they allow the preservation of electronic signatures, stamps or certificates related to these services.
Interoperability, the basic prerequisite of a trusted system
The problem of making different service providers interact in a process of trust is almost as old as the invention of the electronic signature itself. Encryption algorithms, certificate formats and exchange protocols were standardized early on, but the devil is in the details. It was necessary to be able to guarantee technical interoperability between the various trust service providers, but also their legal value in different countries.
The eIDAS regulation covers in particular the legal aspects and technical interoperability, which now allows you to freely choose your Trust Service Provider (PSCo) in any country of the European Union, with the guarantee that the exchanges with all of the other qualified service providers will work without a hitch.
The system implemented by a company must also be able to use digital identities issued by FranceConnect or its equivalents in Europe, such as itsme® in Belgium.
Essential integration capabilities for end-to-end dematerialization
If the technology is mature and the systems interoperable, it is still necessary to integrate its functionalities within the operational processes. This integration is the sine-qua-non condition for the success of any end-to-end process dematerialization approach.
Whether it’s signing a contract, receipt upon receipt of goods, time stamping an electronic transaction or validating documents, these functions must be seamlessly integrated. partial or total in the company’s processes and applications.
Whether the solution is deployed on site (on-premise) or consumed as a SaaS application, it must be able to integrate with applications already implemented by companies.
The delivery person’s application must be able to request the signature platform, the CRM software that will generate the contracts must be able to use the electronic stamp, as well as the accounting management software or the documentary system that needs the timestamp. These integrations are now facilitated by the API approach which makes it relatively simple to create gateways between SaaS applications and trust service systems.
In addition to the qualification and certification issues, the choice of a trusted service provider must also be based on its interfacing capabilities with the systems most used in the company.
Only then can trust services permeate all business processes and become as natural as their paper counterparts.