Posts tagged "PDF"

Update: Alignment of Adobe-Approved Trust List (AATL) and EU Trust List (EUTL)

As mentioned in our previous post, Alignment of Adobe-Approved Trust List (AATL) and EU Trust List (EUTL) we have been busy working on the integration of the EU Trust List into Adobe Acrobat and Reader software. Our January 14, 2014 release of Adobe Reader and Acrobat 11.0.06 takes another significant step towards that ultimate goal. In this version of the product, you will notice new UI to manage the EUTL download. For instance, we’ve added new controls in the Trust Manager Preferences as shown below.

EUTL pic

 

 

While we continue with our beta testing phase of this process, the general user will not be able to download an EUTL. But, as soon as beta is complete, we’ll be moving the EUTL into production, where everyone will have access.

Steve Gottwals
Senior Engineering Manager, Information Security

John Jolliffe
Senior Manager, European Government Affairs

Alignment of Adobe-Approved Trust List (AATL) and EU Trust List (EUTL)

Adobe has long recognized the value of digital signatures as a tool for driving secure transactions in Europe. As a continuation of our previous investments in qualified signature technology, we see the integration of the EU Trust List into Adobe Acrobat and Reader software as the next logical step. Though this sounds like a relatively simple problem, in reality it took some time, requiring agreement with a number of stakeholders outside of Adobe. ETSI’s June 19 announcement of TS 119 612 v1.1.1: Electronic Signatures and Infrastructures (ESI); Trusted Lists is the culmination of many months work by interested stakeholders, and the first step in creating a solution.

Over the past few years, our commitment to advancements in digital signatures has made Acrobat and Reader one of the most readily available means for EU citizens to receive signed electronic documents based on qualified certificates. Some of our most significant milestones include:

  • Developing the “Adobe-Approved Trust List” (AATL) to ensure that qualified certificates issued by valid Certification Service Providers could be recognized by our products.
  • Working with the European Telecommunications Standards Institute (ETSI) to develop the technical specification for PDF Advanced Electronic Signature (PAdES), incorporated into the Adobe Acrobat PDF Reader product in 2009.
  • Enabling the manual import of qualified certificates, in Acrobat 9 and later, into the trust list within Acrobat or Reader, so that qualified signatures are validated.

Our approach has had some limitations. Currently, only certificates imported by the user or included in the AATL are “trusted,” and therefore recognized as valid by Adobe software. Other qualified certificates – including those on the national trust lists – are not recognized by Adobe as legitimate sources.  As a result, users and Certification Service Providers are asking Adobe to do more to recognize national trust lists within Adobe software.

ETSI’s announcement of TS 119 612 v1.1.1: Electronic Signatures and Infrastructures (ESI); Trusted Lists  is the culmination of many months of work by interested stakeholders, including Adobe, and at last provides a stable means of streamlining the recognition of trust lists within software applications. A key concern has been to ensure that there is a stable standard that describes how proprietary trust lists (such as the AATL) interact with national trust lists. This involves a number of separate issues including:

  • The national trust list description needs to be consistent to allow certificates to be read by software applications, otherwise some certificates from certain countries will not be readable
  • Trust lists are built into a number of software applications, most notably web browsers. A standard is needed to ensure that software applications all react in a consistent way when reconciling certificates that are in both the proprietary trust list and the national trust list.

A stable specification is a significant milestone, as it will allow software manufacturers and vendors, including Adobe, to implement the new features into future versions of their software. From an Adobe perspective we are working through a number of technical considerations. Many of these are unique to Adobe, including:

  • Updates – With hundreds of millions of instances of Acrobat/Reader in the world that could potentially encounter a digital signature that needs validation, sending updates is a non-trivial matter from an engineering and bandwidth perspective.
  • User experience – The same functional version is shipped globally. Since not all users will want or require the EUTL functionality, we are investigating the best way to make this option available, and the frequency with which updates will be offered.

It is not our policy to comment publicly on the roadmap for any of our software, however we consider these issues entirely solvable and are working hard to find good solutions. More details of specific implementation plans will be made available in due course.  In the meantime, we look forward to the adoption of the standard by the EC within the planned new Trust Services Regulation, which will replace the current e-Signatures Directive.

Steve Gottwals
Group Product Manager, Acrobat

John Jolliffe
Senior Manager, European Government Affairs

The Role of PDF and Open Data

The open data movement is pushing for organizations, in particular government agencies, to make the raw data that they collect, openly available to everyone for the common good. Open data has been characterized as the “new oil” that is driving the digital economy.  Gartner claims: “Open data strategies support outside-in business practices that generate growth and innovation.”

What promises to be a very interesting workshop on the topic “Open Data on the Web,” is being sponsored by the W3C in London on April 23-24, 2013. I will be attending and will present a talk entitled “The Role of PDF and Open Data,” which explores how PDF (Portable Document Format – ISO standard ISO 32000-1) can be effectively used to deliver raw data.

There is widespread belief that once data has been rendered into a PDF format, any hope to access or use that data for purposes other than for the original presentation, is lost.  The PDF/raw-data question arises because raw data is usually best represented as comma-separated values (CSV) or in a specific (well documented) XML language.

PDF is arguably the most widely used file format for representing information in a portable and universally deliverable manner. The ability to capture the exact appearance of output from nearly any computer application has made it invaluable for the presentation of author-controlled content.

The challenge has been to find ways to have your cake and eat it too: to have a highly controlled and crafted final presentation and yet keep the ability to reshape the same content into some other form. We know of no perfect solution/format for this problem but there are several ways in which PDF can contribute to solutions, which I have explored in previous blog posts and will expand on in my presentation at the workshop. I hope to see you there.

James C. King
Senior Principal Scientist