Contributing Partners
AIT, GUF, SIC
Executive Summary
This document summarizes the standardization and certification activities undertaken in the credential project. It represents the second and final iteration of the Standards Activity Reports. While the first iteration mainly explained our initial plans, strategies, and activities to diffuse project results into standards and certifications, this report complements the first iteration by reporting efforts taken towards standardization and liaison activities over the entire project duration, and beyond. Furthermore, we also present the results yielded by our efforts and our achievements. Initially, the standardization process was started by identifying the standardization bodies and ongoing standardization activities relevant for our research areas. Eventually, we identified that credential’s core activities, i.e., developing and using novel cryptographic approaches such as proxy re-encryption, redactable signatures and the combination of both for ensuring end-to-end confidentiality of critical identity data in the cloud opens opportunities for developing new standards. Relevant standardization bodies for collaborations were identified, and we refined our standardization and certification action plans. Applications requesting Category C liaisons with ISO/IEC JTC 1/SC 27 WG 2 and WG 5 were compiled. After invitation, the liaison officer participated in the 24th ISO/IEC JTC 1/SC 27 plenary meeting in Hamilton, New Zealand presenting credential. The liaison request was accepted by both working groups in fall 2017 allowing us to provide input and actively contribute to standards in the field of cryptography, identity management and privacy technologies as a consequence. Concerning WG 5, credential successfully contributed to ISO/IEC 27551 "Information technology – Security techniques – Requirements for attribute-based unlinkable entity authentication" over the next months. The input was highly appreciated allowing to provide further feedback and contributions to subsequent iterations of the standard. Regarding WG 2 on the other hand credential contributes to a new work item proposal (NWIP) entitled as "Redaction of Signed Data using Asymmetric Mechanisms" being formally accepted as a new ISO/IEC standardization project under project number ISO/IEC 23624. Additionally, credential provides inputs for a study period on "Criteria for the Inclusion of Cryptographic Mechanisms into ISO Standards" being assigned to WG 2 as well. Owing credential’s vision to improve the privacy and usability aspects of identity management in security critical domains such as e-Health, e-Business and e-Government, extensive privacy, usability and threat analyses were performed during the project. In order to disseminate those results, a collaboration with EuroCloud Europe was initiated. EuroCloud Europe provides an assessment tool entitled as "StarAudit" enabling cloud service providers to make a transparent quality assessment for their services. credential was invited to provide inputs respectively knowledge gained from the project in order to extend the StarAudit catalogue by new cryptographic and privacy preserving controls.