New Profile review
Following the most recent review of the PKI-related Approval Profiles it was decided that a new Profile single was needed to cover a service providing the functionality of a Root Certificate Authority rather than, as currently, require such a service to use the Certification Authority Profile (tSd0102) and the associated 5 or 6 sub-service Profiles.
To participate in a review of the result of that process, please visit the review page.
tScheme assessments relate to the creation and lifecycle management of credentials that are primarily used online to assert identity or other related attributes. The technology underpinning the credentials is either public key cryptography (PKI) or non-PKI (such as PIN/password, chip & PIN smartcards, etc).
The assessments are based on sets of requirements grouped according to the type of service to be assessed – for example a PKI-based service could relate to Certificate Status Management or a non-PKI-based service could relate to Credential Management. Each set of requirements is grouped in a document referred to as a Profile.
As a result there are two sets of Profiles – PKI and IdP (non-PKI) – each set having an overall service Profile – Certificate Authority Profile or Identity Provider Profile respectively – and this Profile then identifies the related sub-service Profiles as appropriate, which may also be provided by the organisation or by a third-party.
To complete an assessment a service provider, whether PKI or IdP, will also always be assessed against a set of requirements related to the actual organisation providing the service and this is known as the Base Profile.
These Profiles cover the criteria against which Electronic Trust Service Providers are assessed when applying for a tScheme Grant of Approval.
EU regulation 910/2014 on electronic identification and trust services for electronic transactions [eIDAS]
Where the TSP is claiming compliance with the requirements of [eIDAS], then there are specific requirements included in the following PKI Profiles: Certification Authority, Registration Authority, Certificate Generation and Signing Key Pair Management (optional).
More information on the Profiles
The full tScheme Profiles are available as PDF documents free of charge for non-commercial use. To track monitoring, you must register (free of charge) – this entitles the user access to the restricted Approvals Profiles section. To register for access to the Profiles please click here.
Please also see the following notes:
Notes and legal disclaimer for those requesting Profiles:
Anyone wishing to have access to these Profiles as PDF files is required to complete the Order Form and supply an email address, upon receipt and confirmation of your details, we will send you a user name and password for the Profiles Online restricted area, where they can be downloaded and viewed. To monitor their access, your details will be kept and you may receive further information from tScheme. We will not pass on your details to third parties, but if you do not want us to retain your data, please make this clear when confirming your order. tScheme is registered in the UK under the Data Protection Act.
The Profiles and other documents have been copyrighted by tScheme. They, and any subsequently produced documents, remain the intellectual property of tScheme Limited, and should not be distributed or reproduced in any way without prior consent from tScheme Limited. Ordering a copy of a Profile in no way constitutes tScheme approval or membership. If you wish to submit a service for tScheme approval please contact tScheme directly. The Profiles are free for non-commercial use. By this we are not restricting access to businesses, but rather the Profiles must not be used in a way that directly generates revenue and does not lead to claims of compliance without undergoing an assessment by a tScheme-recognised assessor.
According to the category of service applicable, the following section contains overviews of the scope and purpose of each of the tScheme Approval Profiles.