[Smcwg-public] [Smcwg-management] OrganizationIdentifier & German public registers

Stephen Davidson Stephen.Davidson at digicert.com
Sat Sep 30 13:43:41 UTC 2023

Thank you Adrian:

The topic of OrgID (and jurisdiction level setting) will be on our Agenda for the F2F next week.  I hope that you and your colleagues can join us, even if online, to discuss this.

Best, Stephen

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Adrian Mueller via Smcwg-public
Sent: Wednesday, September 27, 2023 4:45 AM
To: Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>; smcwg-public at cabforum.org
Subject: Re: [Smcwg-public] [Smcwg-management] OrganizationIdentifier & German public registers

Dear Dimitris,

Dear all,

My apologies, I just saw your email now. Of course I am happy to re-send the message to the public mailing list of the SMCWG as you requested, see below.

Best regards


Adrian M. Mueller

Product Manager Certificate Services

+41 43 811 05 97

adrian.mueller at swisssign.com<mailto:adrian.mueller at swisssign.com>

From: Smcwg-management <smcwg-management-bounces at cabforum.org<mailto:smcwg-management-bounces at cabforum.org>> On Behalf Of Dimitris Zacharopoulos (HARICA) via Smcwg-management
Sent: Thursday, September 21, 2023 11:59 AM
To: smcwg-management at cabforum.org<mailto:smcwg-management at cabforum.org>
Subject: Re: [Smcwg-management] OrganizationIdentifier & German public registers

On 13/9/2023 7:17 μ.μ., Adrian Mueller via Smcwg-management wrote:

   Dear Stephen,

   Dear all,

   Upon your request I re-send my email from 22 May this year about uniqueness of German register numbers again to the list (see below). In addition, I attach my short presentation about the topic shown at the last F2F SMIME BR WG meeting in Redmond.

   In a nutshell it is like this: The “EUID” is an identifier scheme regulated on EU level and is especially handy within Germany as it provides a unique identifier for registered organizations. Therefore, the organizationIdentifier “NTRDE-<EUID>” is worldwide unique.

   For any questions please don’t hesitate to ask.

   Hi Adrian,

   Would you please re-post this to the public mailing list? The content doesn't seem to match the scope of the Member's mailing list as stated in section 5.1. of the Bylaws.


   Best regards


   Adrian M. Mueller

   Product Manager Certificate Services

   +41 43 811 05 97

   adrian.mueller at swisssign.com<mailto:adrian.mueller at swisssign.com>

   From: Adrian Mueller
   Sent: Monday, May 22, 2023 9:29 AM
   To: smcwg-management at cabforum.org<mailto:smcwg-management at cabforum.org>; Entschew, Enrico <e.entschew at d-trust.net><mailto:e.entschew at d-trust.net>; Henschel, Andreas <a.henschel at d-trust.net><mailto:a.henschel at d-trust.net>; Wichmann, Markus Peter <markus.wichmann at siemens.com><mailto:markus.wichmann at siemens.com>; stefan.kirch at telekom.de<mailto:stefan.kirch at telekom.de>; arnold.essing at telekom.de<mailto:arnold.essing at telekom.de>; Jan.Voelkel at telekom.de<mailto:Jan.Voelkel at telekom.de>
   Subject: OrganizationIdentifier & German public registers

   Dear members of the S/MIME certificate working group,

   We (D-Trust, Siemens, Telekom Security & SwissSign) have discussed a specific issue regarding the new attribute “OrganizationIdentifier” (OrgID) when containing a German register number. We would like to share the results and discuss it further within the S/MIME mailing group.


   The OrganizationIdentifier attribute and its use with trade/commercial register identifiers is specified and explained in the chapters d. and A.1 of the S/MIME Baseline Requirements. The standard defines the composition of such an identifier as follows (for trade registers):

   1.       Prefix NTR (for “National Trade Register”) followed by the ISO-3166 alpha-2 country code, a dash ‘-‘ and the register ID itself.
   Example: NTRFR-123456789 for a French register ID (“SIREN” number)

   2.       For the US and for Canada the state is included in the prefix as well. The reason is that the trade registers are maintained on the state level and the register IDs are unique at this level only.
   Example: NTRUS+CA-12345678 (State of California)


   Within Germany we face the problem that trade registers and the numbers they assign are not kept on a Germany-wide level and not even on the state level either. The commercial registers are maintained by district courts (“Amtsgerichte”). Therefore, the according numbering schemes are only unique on a district level; neither the (fictional) OrganizationIdentifer NTRDE-HRA123456 nor NTRDE+NW-HRA123456 guarantee uniqueness. The register ID “HRA123456” can be assigned several times not only within Germany but even within the “Bundesland” (state) North Rhine-Westphalia (NW).


   Therefore, in order to provide uniqueness on a Germany-wide level the register provider needs to be uniquely identified as well and a unique ID assigned to the register should be included in the OrganizationIdentifier. This is where the “EUID” comes into play. The EUID is a common format for commercial register IDs within the European Union / European Economic Area (EU/EEA). It is based upon EU legislation, see https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021R1042&from=en<https://url.avanan.click/v2/___https:/eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021R1042&from=en___.YXAzOmRpZ2ljZXJ0OmE6bzpmMWMyZjE4ZjI0ZDk1YjZlOWE4OGVmZjFhMDhiYWQ1YTo2OjliNDI6YjBiOWU1Yjg4MDE4YjgxZGZjYjIxNTJmOGQ3Njk2YzMwZGIwNDgzMjFkMjhjODNhZTY1YzZlNDJiZDJkYmM0NDpoOkY>. The identifiers may be looked up online using the European e-justice portal, see https://e-justice.europa.eu/489/EN/business_registers__search_for_a_company_in_the_eu<https://url.avanan.click/v2/___https:/e-justice.europa.eu/489/EN/business_registers__search_for_a_company_in_the_eu___.YXAzOmRpZ2ljZXJ0OmE6bzpmMWMyZjE4ZjI0ZDk1YjZlOWE4OGVmZjFhMDhiYWQ1YTo2OjRlNDk6OTJiMDFkYTdjNDg2MGI3MTFjZjlhM2YyZmU3NzdkODAxZGVhMDc3MWEzNDFiYjRiNTQ2ZTQ5YzE3ODlmNDljNzpoOkY>.

   Example: The EUID of a company based in Cologne, state of North Rhine-Westphalia is “DER3306.HRB66812”. The components are as follows:

   1.       DE                      ISO-3166-1 two-letter country code for Germany

   2.       R3306                 register identifier for district court Cologne

   3.       ‘.’ (dot)                as separator

   4.       HRB66812           commercial register number of the company

   The constructed OrganizationIdentifier is “NTRDE-DER3306.HRB66812”.

   We intend to implement OrganizationIdentifiers containing German register numbers as described above. We also encourage you to follow the same approach for German register numbers in order to achieve a harmonized format.

   Please note:

   1.       A list containing German register court identifiers can be downloaded at https://www.xrepository.de/details/urn:xoev-de:xunternehmen:codeliste:registergerichte<https://url.avanan.click/v2/___https:/www.xrepository.de/details/urn:xoev-de:xunternehmen:codeliste:registergerichte___.YXAzOmRpZ2ljZXJ0OmE6bzpmMWMyZjE4ZjI0ZDk1YjZlOWE4OGVmZjFhMDhiYWQ1YTo2OjllOTk6MWEyMWM3YTA2OTk5MWY5ZDAyZWNkNjU2MzZmNTRmYmZlNDMzMzU0MDY5ZmI0M2MwYTA1ZmIyYmU0MTg2NDIyMDpoOkY>.

   2.       This list contains identifiers for courts acting as commercial registers (“Handelsregister”) in the strict sense and acting as other public organizational registers, e.g. registers for associations (“Vereinsregister”). Therefore, it provides flexibility with regards to the heterogeneity of the German register landscape.

   3.       The EUID may be used to embed other trade register identifier schemes within the EU/EEA as well. However, the advantage/strength of adding uniqueness on the national level seems to be restricted to Germany.

   If it suits the group we would like to discuss this proposal at the face-to-face meeting in Redmond. We consider the format specified above as best practice and would also like to discuss the possibility of including an according example in a future version of the S/MIME BRG.

   We are looking forward to your opinion about this approach and please don’t hesitate to ask for any questions.

   Best regards

   Enrico Entschew, D-Trust GmbH

   Andreas Hentschel, D-Trust GmbH

   Markus P. Wichmann, Siemens AG

   Stefan Kirch, Deutsche Telekom Security GmbH

   Arnold Essing, Deutsche Telekom Security GmbH

   Jan Voelkel, Deutsche Telekom Security GmbH

   Adrian M. Mueller, SwissSign AG

   Adrian M. Müller

   Product Manager Certificate Services

   +41 43 811 05 97

   adrian.mueller at swisssign.com<mailto:adrian.mueller at swisssign.com>

   SwissSign AG

   Sägereistrasse 25

   PO Box

   CH-8152 Glattbrugg

   Don't miss out: follow us on LinkedIn!<https://url.avanan.click/v2/___https:/www.linkedin.com/company/swisssign/___.YXAzOmRpZ2ljZXJ0OmE6bzpmMWMyZjE4ZjI0ZDk1YjZlOWE4OGVmZjFhMDhiYWQ1YTo2OmM4YjE6ODdhMTU2MDkxYTA5ODQwNjM1MjNlMDVlNTRkMDJmYmYyNGJlNjY4MTlmODhlNjZhOWU4YWEyYjUwZTZjMmY1ZDpoOkY>

   Or subscribe to our SwissSign<https://url.avanan.click/v2/___https:/www.swisssign.com/en/newsletter.html___.YXAzOmRpZ2ljZXJ0OmE6bzpmMWMyZjE4ZjI0ZDk1YjZlOWE4OGVmZjFhMDhiYWQ1YTo2OjdjOTg6OWQxNDc0YjRmMWRlNzNhODZmMGU0NDBlNzQxNDg0OTMzZDFhNTBhNmZiYjY3YjkzMGI5NzYxMTFkNjg4OWE1MDpoOkY> and SwissID newsletter.<https://url.avanan.click/v2/___https:/www.swissid.ch/en/newsletter.html___.YXAzOmRpZ2ljZXJ0OmE6bzpmMWMyZjE4ZjI0ZDk1YjZlOWE4OGVmZjFhMDhiYWQ1YTo2OmNmMmY6YWJhNjNkZjMzMWUzMTgxYWIyZmFmOWY3MDNkMWFhMDAyYzZmNjU5MTFhZjQxZDkyMDIxY2M4NzdiMGRhNzA3NjpoOkY>

   Smcwg-management mailing list
   Smcwg-management at cabforum.org<mailto:Smcwg-management at cabforum.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230930/6c4833f9/attachment-0001.html>

More information about the Smcwg-public mailing list