TERENA Certificate Service 2014
Trans-European Research and Education Networking Association
Since 2005, TERENA has coordinated a joint procurement on behalf of European NRENs to provide TLS certificates to their constituencies. Initially, this service focused on server certificates but in recent years has been expanded to include certificates to support personal certificates and code-signing certificates. 29 European NRENs currently take advantage of the TERENA Certificate Service (TCS) , whilst a further 44 NRENs have the option to sign-up to the service.
DeadlineDe termijn voor de ontvangst van de offertes was 2014-04-18. De aanbesteding werd gepubliceerd op 2014-02-24.
Wie? Wat? Waar?
Aankoopgeschiedenis
| Datum | Document |
|---|---|
| 2014-02-24 | Aankondiging van een opdracht |
Aankondiging van een opdracht (2014-02-24)
Object
Toepassingsgebied van de aanbesteding
Titel: Certificeringsdienstverlening
Hoeveelheid of omvang:
Aankondigingsmetadata
Originele taal: Engels 🗣️
Documenttype: Aankondiging van een opdracht
Aard van de opdracht: Diensten
Regelgeving: Europese Unie
Gemeenschappelijke woordenlijst overheidsopdrachten (CPV)
Code: Certificeringsdienstverlening 📦
Procedure
Type procedure: Openbare procedure
Type bod: Inschrijving voor alle percelen
Gunningscriteria
Uit economisch oogpunt voordeligste inschrijving
Aanbestedende dienst
Identiteit
Land: Nederland 🇳🇱
Type aanbestedende dienst: Andere
Naam aanbestedende dienst: Trans-European Research and Education Networking Association
Postadres: Singel 468 D
Postcode: 1017AW
Poststad: Amsterdam
Contact
Internetadres: http://www.terena.org 🌏
E-mail: pinxteren@terena.org 📧
Telefoon: +31 205304488 📞
Fax: +31 205304499 📠
Referentie
Datums
Verzenddatum: 2014-02-24 📅
Indieningstermijn: 2014-04-18 📅
Publicatiedatum: 2014-02-26 📅
Identificatoren
Aankondigingsnummer: 2014/S 040-066572
PB-S nummer: 40
Aanvullende informatie
Object
Toepassingsgebied van de aanbesteding
Korte beschrijving:
Varianten worden geaccepteerd ✅
Beschrijving van de opties:
Voorlopig tijdschema voor het gebruik van opties: 24 maanden
Aantal mogelijke verlengingen: 3
Tijdpad voor latere opdrachten: 12 maanden
Duur: 24 maanden
Plaats van uitvoering
Hoofdlocatie of plaats van uitvoering: Europe.
Juridische, economische, financiële en technische informatie
Uitvoering van de opdracht
Andere bijzondere voorwaarden:
Procedure
Geldigheidsduur van de inschrijving: 6 maanden
Datum opening inschrijvingen: 2014-04-18 📅
Plaats van opening: TERENA Office, Amsterdam, the Netherlands.
Plaats: TERENA Office, Amsterdam, the Netherlands.
Inlichtingen over gemachtigde personen en openingsprocedure: This is a closed procedure. Each proposal will be treated confidentially.
Gunningscriteria
Criterium: 1. Certificate types The offered service should allow organisations to request various types of certificates (31)
2. Subcriterion: OV Certificates The offered service should allow organisations to request OV certificates (6)
3. Subcriterion: EV Certificates The offered service should allow organisations to request EV certificates (6)
4. Subcriterion: Personal certificates The offered service should allow users to request personal certificates (3)
5. Subcriterion: DV certificates The offered service should allow users to request DV certificates in circumstances where OV and EV cannot be used (3)
6. Subcriterion: Code signing certificates The offered service should allow users to request code signing certificates (3)
7. Subcriterion: Other types The offered service should allow organisations to request a range of other certificate type (e.g. robot, .pdf, etc.) (2)
8. Subcriterion: Validity The offered service should allow certificates with a range of validity periods (between 1 and 3 years) (2)
9. Subcriterion: Revocable Certificates issued by the service within the contract period should remain valid and revocable beyond the lifetime of the contract. (4)
10. Subcriterion: Wildcard The offered service should allow wildcard certificates to be issued. (2)
11. Certificate profiles Supported profiles. Note that the combined weight is 7.5 % (8)
12. Subcriterion: eScience requirements The offered service should meet the eScience requirements (as per the specification in Annex B) (5)
13. Subcriterion: Profile creation The offered service should allow certificates profiles to be created during the service lifetime, e.g. profiles relating to specific values in extendedKeyUsage and subjectAltName (1)
14. Subcriterion: Profile length The offered service should support profiles accepting at least RSA Key Lengths between 2048 bits and 8192 bits and support SHA-1, SHA-256 and SHA-512,and have appropriate migration plans in place for SHA-1 obsolescence. Note that this weighs 1.5 % (2)
15. Certificate scopes Who the certificates should be available to and how they can be obtained (20)
16. Subcriterion: List of NRENs The offered service should be available to an agreed list of NRENS and their customers (2)
17. Subcriterion: Effective process The offered service should support an efficient and effective process to handle certificate request that minimises the per-certificate request handling cost and per-certificate request handling effort — both for the entities involved in processing the request and for the certificate holder (5)
18. Subcriterion: Electronic process The offered service should support a fully electronic certificate request process — certificate requests should not require face-to-face meetings (4)
19. Subcriterion: Registration Authorities The offered service should make good use of the existing relationship between NRENS and their member organisations to maximise service efficiency — e.g. NRENS acting as Registration Authorities (4)
20. Subcriterion: Migration The bidder should be willing to support the effective migration of the service to a new provider once the contract period is complete. Key material relating to trust anchors created as part of the contract shall be permitted to be exported to a similarly secure environment after the end of the service. IP in the certificates shall be held by TERENA (5)
21. Interfaces NRENs should be able to access the service via an appropriate web interface (21)
22. Subcriterion: Portal The system should provide a central portal that allows for organisations and end users to request, obtain, renew and revoke certificates, including end-of-life notifications for certificates (6)
23. Subcriterion: Portal branding NRENS should be able to appropriately brand the central portal interface (4)
24. Subcriterion: Best practice and user statistics The user interface should support web accessibility best practice. The offered service should provide usage statistics using an API and/or the HTML-base user interface (1)
25. Subcriterion: API alternative The vendor should provide an API for user interfaces to NRENs as an alternative to the central portal (2)
26. Subcriterion: Authentication The offered service interface should support authentication using SAML WebSSO or equivalent (4)
27. Subcriterion: Availability The system should be highly available to end users and offer excellent response times (2)
28. Subcriterion: Provisioning API The system should provide an effective API for provisioning users in to the system (2)
29. Support and Training Support for and documentation of the service. Note that the weight of this criterion is 3.5 % (3)
30. Subcriterion: End-user support The vendor should provide full end-user support or escalation through customer help desk during normal business hours (1)
31. Subcriterion: Guide and training The offered service should provide a written user guide in English. The vendor should provide a training program for NREN staff members (1)
32. Subcriterion: Maintenance and support The vendor should continuously perform maintenance and support of the offered service (this will weigh 1 %). The vendor should notify customers 10 business days in advance about planned maintenance with significant effect on offered service performance. This will weigh 0.5 % (1)
33. Standards and Compliance Conforming to modern web browser and other standards (17)
34. Subcriterion: Recognized by browsers The offered service should provide certificates that are recognised by the current versions of the most popular families of web browsers, software and mobile clients throughout the lifetime of the contract (4)
35. Subcriterion: Working with standards organisations The vendor should be willing to work with standards organisations (such as the CA/B Forum) and reflect best practices from these organisations in to service offerings and be willing to represent the needs of the TERENA community to these organisations as appropriate (2)
36. Subcriterion: Alternative name extension support The offered service should support the use of the subject alternative name extension, including domains owned by different organisations in different countries, for which CA/Browser Forum compliant Domain Validation suffices (2)
37. Subcriterion: Same subject The offered service should support multiple valid certificates with the same subject (2)
38. Subcriterion: Audit practices The audit practices of the offered service should be appropriate for the community in question (3)
39. Subcriterion: Anchors and CRL services The vendor should explain if the service can support the secure hosting of additional enterprise-specific trust anchors, subordinate CAs and end-entity issuing CAs. (This weighs 0.5 %) The bidder shall provide online CRL services and online OCSP services as supported by all major browsers. New CRLs should be issued each 24 hours or at most 1 hour after a revocation. OCSP information should be updated immediately after every revocation. (This weighs 0.5 %) (1)
40. Subcriterion: Support for certain characters and things to be included in the certificate The offered service should support characters that cannot be represented in PrintableString and names that exceed PrintableString limitations with minimal possible encoding. (This weighs 0.5 %) The offered service should include 'CRL Distribution Point URLs' in each issued TERENA certificate. The services should include 'Authority Information Access, AccessMethod=OCSP in each issued TERENA certificate. (This weighs 0.5 %) (1)
41. Subcriterion: eKU The offered service should support extended key usage (eKU) (2)
Talen
Taal: Engels 🗣️
Aanbestedende dienst
Identiteit
Nationaal registratienummer: 482026118
Ander type aanbestedende dienst: Other
Contact
Contactpunt: L. van Pinxteren
Internetadres: www.terena.org 🌏
Naam: TCS contact
Postadres: c/o TERENA, Singel 468 D
Postcode: 1017 AW
Contactpunt: Nicole Harris
E-mail: procurement@terena.org 📧
URL voor nadere inlichtingen: www.terena.org/activities/tcs/ 🌏
URL voor deelname: www.terena.org/activities/tcs/ 🌏
URL van de documenten: https://www.tenderned.nl:443/tenderned-web/aankondiging/detail/samenvatting.xhtml?aankondigingId=30705 🌏
Referentie
Aanvullende informatie
Bron: OJS 2014/S 040-066572 (2014-02-24)
Object
Toepassingsgebied van de aanbesteding
Titel: Certificeringsdienstverlening
Hoeveelheid of omvang:
Bidders are invited to submit an offer for a managed TLS certificate service that will allow the NRENs acting as service providers to their constituencies to provide the European education and research community with a functionally unlimited number of certificates as described in the technical requirements for this tender.
Toon meer
Originele taal: Engels 🗣️
Documenttype: Aankondiging van een opdracht
Aard van de opdracht: Diensten
Regelgeving: Europese Unie
Gemeenschappelijke woordenlijst overheidsopdrachten (CPV)
Code: Certificeringsdienstverlening 📦
Procedure
Type procedure: Openbare procedure
Type bod: Inschrijving voor alle percelen
Gunningscriteria
Uit economisch oogpunt voordeligste inschrijving
Aanbestedende dienst
Identiteit
Land: Nederland 🇳🇱
Type aanbestedende dienst: Andere
Naam aanbestedende dienst: Trans-European Research and Education Networking Association
Postadres: Singel 468 D
Postcode: 1017AW
Poststad: Amsterdam
Contact
Internetadres: http://www.terena.org 🌏
E-mail: pinxteren@terena.org 📧
Telefoon: +31 205304488 📞
Fax: +31 205304499 📠
Referentie
Datums
Verzenddatum: 2014-02-24 📅
Indieningstermijn: 2014-04-18 📅
Publicatiedatum: 2014-02-26 📅
Identificatoren
Aankondigingsnummer: 2014/S 040-066572
PB-S nummer: 40
Aanvullende informatie
Any questions and remarks concerning the Call for Proposals must be sent to the liaison person through e-mail. Questions must be asked before 14 March 2014, 12:00, CET. TERENA reserves the right not to answer questions received after this deadline. Answers that are considered to be corrections or extensions to the Call for Proposals will be anonymised and will be published on the TERENA website and sent to all Parties to which TERENA has sent this Call for Proposals. Both answers and questions will be issued no later than 21.3.2014, 12:00, CET.
Under the Common Procurement Vocabulary (‘CPV’), i.e. a European classification system for public procurement, the TCS qualifies as a ‘certification service' (Classification 79132000-8 of the CPV). Because certification services in turn are listed in Annex IIB to the Procurement Directive the TCS is to be regarded as a B service. The Directive prescribes only very limited regulations for tendering Annex 2B services, i.e. common rules in the technical field and certain publication rules. Due to the cross border character of the service (and the related cross border interest of bidders to participate in this tender procedure), TERENA has decided to:
— Send this Call for Proposals to all established CA providers that are currently known to TERENA;
— Publish the Call for Proposals on the TERENA website;
— Advertise the tender procedure on TenderNed and TED.
TERENA thus creates a level playing field in tendering the requested service. TERENA emphasises that the procedure does not classify as one of the award procedures laid down in the Directive and that such was expressly not the intention of TERENA.
Toon meer
Object
Toepassingsgebied van de aanbesteding
Korte beschrijving:
Since 2005, TERENA has coordinated a joint procurement on behalf of European NRENs to provide TLS certificates to their constituencies. Initially, this service focused on server certificates but in recent years has been expanded to include certificates to support personal certificates and code-signing certificates. 29 European NRENs currently take advantage of the TERENA Certificate Service (TCS) , whilst a further 44 NRENs have the option to sign-up to the service.
Toon meer
Beschrijving van de opties:
TERENA is open to novel approaches to solve the challenge of providing large numbers of certificates to the European education and research community. However, solutions presented must be available at the time that they are offered. TERENA is not willing to embark on a potentially long development project and therefore seeks proven technology.
Toon meer
Aantal mogelijke verlengingen: 3
Tijdpad voor latere opdrachten: 12 maanden
Duur: 24 maanden
Plaats van uitvoering
Hoofdlocatie of plaats van uitvoering: Europe.
Juridische, economische, financiële en technische informatie
Uitvoering van de opdracht
Andere bijzondere voorwaarden:
Registration The proposal from the bidder contains a copy of the bidder's registration in the professional or trade registers. Enrolment in a commercial or professional register Proof of enrolment in a commercial or professional register The proposal from the bidder contains a copy of the bidder's registration in the professional or trade registers.
Toon meer
Procedure
Geldigheidsduur van de inschrijving: 6 maanden
Datum opening inschrijvingen: 2014-04-18 📅
Plaats van opening: TERENA Office, Amsterdam, the Netherlands.
Plaats: TERENA Office, Amsterdam, the Netherlands.
Inlichtingen over gemachtigde personen en openingsprocedure: This is a closed procedure. Each proposal will be treated confidentially.
Gunningscriteria
Criterium: 1. Certificate types The offered service should allow organisations to request various types of certificates (31)
2. Subcriterion: OV Certificates The offered service should allow organisations to request OV certificates (6)
3. Subcriterion: EV Certificates The offered service should allow organisations to request EV certificates (6)
4. Subcriterion: Personal certificates The offered service should allow users to request personal certificates (3)
5. Subcriterion: DV certificates The offered service should allow users to request DV certificates in circumstances where OV and EV cannot be used (3)
6. Subcriterion: Code signing certificates The offered service should allow users to request code signing certificates (3)
7. Subcriterion: Other types The offered service should allow organisations to request a range of other certificate type (e.g. robot, .pdf, etc.) (2)
8. Subcriterion: Validity The offered service should allow certificates with a range of validity periods (between 1 and 3 years) (2)
9. Subcriterion: Revocable Certificates issued by the service within the contract period should remain valid and revocable beyond the lifetime of the contract. (4)
10. Subcriterion: Wildcard The offered service should allow wildcard certificates to be issued. (2)
11. Certificate profiles Supported profiles. Note that the combined weight is 7.5 % (8)
12. Subcriterion: eScience requirements The offered service should meet the eScience requirements (as per the specification in Annex B) (5)
13. Subcriterion: Profile creation The offered service should allow certificates profiles to be created during the service lifetime, e.g. profiles relating to specific values in extendedKeyUsage and subjectAltName (1)
14. Subcriterion: Profile length The offered service should support profiles accepting at least RSA Key Lengths between 2048 bits and 8192 bits and support SHA-1, SHA-256 and SHA-512,and have appropriate migration plans in place for SHA-1 obsolescence. Note that this weighs 1.5 % (2)
15. Certificate scopes Who the certificates should be available to and how they can be obtained (20)
16. Subcriterion: List of NRENs The offered service should be available to an agreed list of NRENS and their customers (2)
17. Subcriterion: Effective process The offered service should support an efficient and effective process to handle certificate request that minimises the per-certificate request handling cost and per-certificate request handling effort — both for the entities involved in processing the request and for the certificate holder (5)
18. Subcriterion: Electronic process The offered service should support a fully electronic certificate request process — certificate requests should not require face-to-face meetings (4)
19. Subcriterion: Registration Authorities The offered service should make good use of the existing relationship between NRENS and their member organisations to maximise service efficiency — e.g. NRENS acting as Registration Authorities (4)
20. Subcriterion: Migration The bidder should be willing to support the effective migration of the service to a new provider once the contract period is complete. Key material relating to trust anchors created as part of the contract shall be permitted to be exported to a similarly secure environment after the end of the service. IP in the certificates shall be held by TERENA (5)
21. Interfaces NRENs should be able to access the service via an appropriate web interface (21)
22. Subcriterion: Portal The system should provide a central portal that allows for organisations and end users to request, obtain, renew and revoke certificates, including end-of-life notifications for certificates (6)
23. Subcriterion: Portal branding NRENS should be able to appropriately brand the central portal interface (4)
24. Subcriterion: Best practice and user statistics The user interface should support web accessibility best practice. The offered service should provide usage statistics using an API and/or the HTML-base user interface (1)
25. Subcriterion: API alternative The vendor should provide an API for user interfaces to NRENs as an alternative to the central portal (2)
26. Subcriterion: Authentication The offered service interface should support authentication using SAML WebSSO or equivalent (4)
27. Subcriterion: Availability The system should be highly available to end users and offer excellent response times (2)
28. Subcriterion: Provisioning API The system should provide an effective API for provisioning users in to the system (2)
29. Support and Training Support for and documentation of the service. Note that the weight of this criterion is 3.5 % (3)
30. Subcriterion: End-user support The vendor should provide full end-user support or escalation through customer help desk during normal business hours (1)
31. Subcriterion: Guide and training The offered service should provide a written user guide in English. The vendor should provide a training program for NREN staff members (1)
32. Subcriterion: Maintenance and support The vendor should continuously perform maintenance and support of the offered service (this will weigh 1 %). The vendor should notify customers 10 business days in advance about planned maintenance with significant effect on offered service performance. This will weigh 0.5 % (1)
33. Standards and Compliance Conforming to modern web browser and other standards (17)
34. Subcriterion: Recognized by browsers The offered service should provide certificates that are recognised by the current versions of the most popular families of web browsers, software and mobile clients throughout the lifetime of the contract (4)
35. Subcriterion: Working with standards organisations The vendor should be willing to work with standards organisations (such as the CA/B Forum) and reflect best practices from these organisations in to service offerings and be willing to represent the needs of the TERENA community to these organisations as appropriate (2)
36. Subcriterion: Alternative name extension support The offered service should support the use of the subject alternative name extension, including domains owned by different organisations in different countries, for which CA/Browser Forum compliant Domain Validation suffices (2)
37. Subcriterion: Same subject The offered service should support multiple valid certificates with the same subject (2)
38. Subcriterion: Audit practices The audit practices of the offered service should be appropriate for the community in question (3)
39. Subcriterion: Anchors and CRL services The vendor should explain if the service can support the secure hosting of additional enterprise-specific trust anchors, subordinate CAs and end-entity issuing CAs. (This weighs 0.5 %) The bidder shall provide online CRL services and online OCSP services as supported by all major browsers. New CRLs should be issued each 24 hours or at most 1 hour after a revocation. OCSP information should be updated immediately after every revocation. (This weighs 0.5 %) (1)
40. Subcriterion: Support for certain characters and things to be included in the certificate The offered service should support characters that cannot be represented in PrintableString and names that exceed PrintableString limitations with minimal possible encoding. (This weighs 0.5 %) The offered service should include 'CRL Distribution Point URLs' in each issued TERENA certificate. The services should include 'Authority Information Access, AccessMethod=OCSP in each issued TERENA certificate. (This weighs 0.5 %) (1)
41. Subcriterion: eKU The offered service should support extended key usage (eKU) (2)
Talen
Taal: Engels 🗣️
Aanbestedende dienst
Identiteit
Nationaal registratienummer: 482026118
Ander type aanbestedende dienst: Other
Contact
Contactpunt: L. van Pinxteren
Internetadres: www.terena.org 🌏
Naam: TCS contact
Postadres: c/o TERENA, Singel 468 D
Postcode: 1017 AW
Contactpunt: Nicole Harris
E-mail: procurement@terena.org 📧
URL voor nadere inlichtingen: www.terena.org/activities/tcs/ 🌏
URL voor deelname: www.terena.org/activities/tcs/ 🌏
URL van de documenten: https://www.tenderned.nl:443/tenderned-web/aankondiging/detail/samenvatting.xhtml?aankondigingId=30705 🌏
Referentie
Aanvullende informatie
Any questions and remarks concerning the Call for Proposals must be sent to the liaison person through e-mail. Questions must be asked before 14 March 2014, 12:00, CET. TERENA reserves the right not to answer questions received after this deadline. Answers that are considered to be corrections or extensions to the Call for Proposals will be anonymised and will be published on the TERENA website and sent to all Parties to which TERENA has sent this Call for Proposals. Both answers and questions will be issued no later than 21.3.2014, 12:00, CET.
Toon meer
Under the Common Procurement Vocabulary (‘CPV’), i.e. a European classification system for public procurement, the TCS qualifies as a ‘certification service' (Classification 79132000-8 of the CPV). Because certification services in turn are listed in Annex IIB to the Procurement Directive the TCS is to be regarded as a B service. The Directive prescribes only very limited regulations for tendering Annex 2B services, i.e. common rules in the technical field and certain publication rules. Due to the cross border character of the service (and the related cross border interest of bidders to participate in this tender procedure), TERENA has decided to:
Toon meer
— Send this Call for Proposals to all established CA providers that are currently known to TERENA;
— Publish the Call for Proposals on the TERENA website;
— Advertise the tender procedure on TenderNed and TED.
TERENA thus creates a level playing field in tendering the requested service. TERENA emphasises that the procedure does not classify as one of the award procedures laid down in the Directive and that such was expressly not the intention of TERENA.
Nieuwe aankopen in verwante categorieën 🆕