Guidelines - authentication

Skip to end of metadata
Go to start of metadata

Guidelines on European learner mobility: electronic document authentication

This section is a separate supplement to the core Guidelines on European Learner Mobility.

1. Requirements for secure electronic graduation documents

The following list gives a initial set of requirements for electronic graduation documents (including DS and other documents) that may be readily agreed.

  1. Electronic documents must be legally admissible as evidence. [ESig]
  2. Documents must be capable of being authenticated and must be protected against tampering.
  3. Authentication of documents must be compatible with relevant technical standards where such standards exist.
  4. The validity and security of documents must be maintained for (at least) the career length of the graduate.
  5. It should be possible for an institution to revoke an electronic document after it is issued such that subsequent verification attempts will fail.
  6. Compliance with applicable Data Protection laws is mandatory. Documents must be made available only to the graduate and to third parties authorised by the graduate in a controlled and auditable manner.

There are a number of ways to address the issue of document authentication. The next section attempts to generalise these approaches with a view to identifying what work needs to be done, and also what areas can we work towards standardising. Where applicable, references are made to approaches already implemented in European countries for the authentication of DS and other documents.

2. Models for document authentication

The following is a generic view of the main approaches to the authentication of documents such as DS. More details of the models in current practice can be found in Section 6.4 of the core Guidelines [GUIDELINES].

2.1 Offline authentication

Offline authentication is a model where:

  • the issuing HEI generates electronic documents and applies the necessary digital signatures (e.g. digitally signed or certified PDF);
  • documents are distributed to graduates by the HEI as self-contained document files;
  • documents are distributed to recruiters by the graduates as self-contained document files;
  • documents can be verified offline without the need to contact the issuing HEI (i.e. using Adobe Reader software, for example).

2.2 Online authentication

Online authentication is a model where:

  • the issuing HEI generates documents (no digital signatures are necessarily applied to the documents);
  • documents are placed into an archive managed by the HEI;
  • documents are made accessible to graduates via a secure online facility (trusted website of the issuing HEI);
  • trusted links to documents are distributed to recruiters by the graduates via the secure online facility (trusted website of the issuing HEI);
  • documents are verified online at the HEI site using a web browser. Any revocation of the document by the HEI can be flagged.

2.3 Hybrid authentication

Hybrid authentication is a variation of the offline and online models that involves the secure online verification of archived, digitally signed document content. This model is very similar to the online authentication model, except that the archived documents contain the digital signatures that were applied when the document was officially signed.

  • The issuing HEI generates documents and applies a digital signature to the documents.
  • Documents are placed in a secure archive managed by the HEI. Long-term cryptographic validity of documents is maintained by the HEI.
  • Documents from the archive are made accessible to graduates via a secure online facility (trusted website of the issuing HEI).
  • Trusted links to documents are distributed to recruiters by the graduates via the secure online facility (trusted website of the issuing HEI).
  • Documents are verified online at the HEI site using a web browser (the HEI service checks the digital signatures). Any revocation of the document by the HEI can be flagged at this point.

2.4 Comparison of models

A white paper (presented at EUNIS 2009) is available [DCPDF] that analyses real-world implementations of these models in detail (the Digitary model as used in Ireland/UK/Portugal, versus Certified PDF used in the United States).

3. Areas for implementation and standardisation

Looking at the offline, online and hybrid models above, we can identify three core elements that need to be implemented (with some relevant standardisation work) in order to address all requirements 1-6 given above in Section 1. The requirements addressed are given in the "Addresses" column. Digitary reports that each area has working implementations, based on their system, in Ireland, the UK, and Portugal.

Area What needs to be done? Addresses Suggested implementation path EuroLM standards work
Digital signature creation Employ a facility for the creation of legally-binding, standards-compliant digital signatures resulting in a digitally-signed record (i.e. official electronic record) that can be admitted as evidence in a court of law. 1, 2, 3
In accordance with EU Digital Signature Directive 1999/93/EC [ESig], digital signatures should be advanced electronic signatures (i.e. PKI-based) containing qualified certificates (issued under very strict conditions including face-to-face identity verification of the signatory) created using a secure signature creation device (i.e. certified cryptographic hardware).
The digital signatures should comply with relevant EU technical standards for long-lived digital signatures such as ETSI TS 101 903 (XML Advanced Electronic Signatures [XAdES]), ETSI TS 101 733 (CMS Advanced Electronic Signatures [CAdES]), or the upcoming PDF standard in ETSI TS 102 778 (PDF Advanced Electronic Signatures [PAdES]).
For maximum legal compatibility and standards compliance, Qualified Certificates used by institutions to digitally sign electronic documents should be issued in accordance with the policy requirements specified as per ETSI TS 101 456 [QCPOLICY] and comply with the technical standards for Qualified Certificates specified in ETSI TS 101 862 [QCPROFILE].

Where XML documents are digitally signed, it is recommended that this XML representation of the document is covered by the digital signature and that it is accompanied by a fixed-layout, human-readable representation of the document to represent to a third party (also covered by the signature) so that it can be later asserted that "what was actually seen when the document was signed"
Reference existing ETSI standards for digital signatures as being acceptable for the purposes of digitally signing EuroLM documents?
Secure Document repository
Provide a secure online repository to preserve and maintain the long-term validity of the official electronic record in line with relevant legislation and technical standards. 1, 2, 3, 4
Implement a document repository that will maintain the cryptographic integrity of signed documents according to the "long-term" XAdES-A/CAdES-A/PAdES-A standards. This will ensure the validity of the signed document in the long term even after the expiry of digital certificates and the original signing algorithm/key becomes weak over time.
This element insulates the signed record from any tampering that may arise over time due to changes to the information systems that store the document, etc. This standard is appropriate for documents that need to archived for very long periods of time (i.e. the career length of a graduate).
Reference existing ETSI standards for representation of long-term digital signatures.
Online services
Implement a suite of online services that can be used to perform various operations on the official electronic record in a controlled and auditable manner. 2, 5, 6
Implement various functionality via secure online services, including:
  • (HEI) - Issue document to graduate
  • (HEI) - Revoke document
  • (HEI) - Notify recruiter of revoked document (law permitting)
  • (HEI) - Gather statistics on document usage
  • (Graduate) - Online document access
  • (Graduate) - Configure document access controls to third parties (i.e. recuiters)
  • (Graduate) - View access logs to shared documents
  • (Recruiter) - Request document from graduate for authentication
  • (Recruiter) - Verify document
  • (Recruiter) - Re-verify document to ensure status has not changed (assumes (2) already occurred)
  • (Recruiter) - View access logs to documents
    Services such as these can be implemented both in user-space (i.e. human-accessible - web sites/applications) and system-space (i.e. system-accessible - web services).2,
Future work - define these services and specify standard interfaces.


  • "Available at" means that the URL given is the URL of the document itself, or a version of it.
  • "Available through" means that a link to the document appears on the page with the given URL, where other related material and documents may also be found.
  • "See" introduces a web site or sub-site, that is, several relevant web pages which may be browsed.

All web references were accessed successfully in November 2009.


[CAdES] ETSI TS 101 733 CMS Advanced Electronic Signatures (CAdES). Available through

[DCPDF] EUNIS 2009: A comparison of certified PDF and Digitary for secure graduation documents. June 2009. Available at

[ESig] EU Digital Signature Directive 1999/93/EC. December 1999. Available through

[GUIDELINES] Guidelines on a European Learner Mobility model. Core document, to which this is a supplement. A wiki version is available at

[PAdES] ETSI TS 102 778 PDF Advanced Electronic Signatures (PAdES). Available through

[QCPOLICY] ETSI TS 101 862 Policy requirements for certification authorities issuing qualified certificates. Available through

[QCPROFILE] ETSI TS 101 456 Qualified Certificate Profile. Available through

[XAdES] ETSI TS 101 903 XML Advanced Electronic Signatures (XAdES). Available through

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.