This page highlights an assessment of eSign for Jira against the signature the primary requirements of eIDAS (electronic IDentification, Authentication and trust Services) advanced electronic signatures and how they are addressed by eSign with Atlassian Jira.
At a high level eSign for Jira (combined with Atlassian Jira has been assessed to meet the Atlassian Cloud Platform) meets the requirements for Advanced Electronic Signatures as defined by eIDAS.
At the current time eSign for Jira does not support the eIDAS Quallified Qualified Electronic Signatures.
From Regulation (EU) No 910/2014
Article 26 Requirements for advanced electronic signatures An advanced electronic signature shall meet the following requirements: | eSign for Jira |
---|---|
(a) it is uniquely linked to the signatory; | The eSign signature is linked to the Signatory through Atlassian’s unique internal account Id in addition to the Signee name. |
(b) it is capable of identifying the signatory; | The Signee name is displayed with every rendering of the Signature. |
(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and | Signatures are executed within the Atlassian Confluence cloud environment only after two authentication steps have been completed:
The Atlassian account credentials (password) and the eSign pin are under the user’s sole control. |
(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. | Contained within each executed signature is a cryptographic hash of current Jira issue data, including attachments. Any data change will invalidate the signature which is detectable on the verification and signature archive reports. |
...