AIT, GUF, SIC
This report is the first of the two standardization reports planned for the credential project. This report presents the ongoing activities undertaken to diffuse project results into standards. Our main focus is to promote and achieve high impact and visibility of the research outcomes resulting from the project. Standardization efforts are essential to motivate use of existing standards in the project, to contribute in the development of evolving standards and to promote new standards. In this report, we provide a description of the different research areas and relevant organizations we have considered to initiate standardization liaisons and collaborations. We also discuss the activities related to standardization that we have carried out so far.
Our standardization plans can be divided into two parts: Firstly, we mapped the credential objectives to the research areas where credential is involved. Then, we identified the existing standards as well as the ongoing standardization efforts in the relevant research areas. And eventually, we derived the gaps between the current standards and the envisioned solutions aspired by this project. Secondly, the use of novel cryptographic approaches for ensuring end-to end confidentiality for processing critical identity data in cloud opens opportunities for developing new standards. Subsequently, we identified the relevant standardization bodies for collaborations and we devised our standardization action plans.
One of the major activities of our plans was to seek liaison to ISO/IEC/JTC1/SC27. In April 2017, we were invited to present our project at SC27 plenary and working group meeting in Hamilton, New Zealand. Our request for Level C liaison was formally accepted in September 2017. The liaison will allow us to provide input and actively contribute to standards in the field of cryptography and privacy technologies, both underlying disciplines to the solutions being designed and deployed in CREDENTIAL.
CREDENTIAL envisions to improve the privacy and usability aspects of identity management in security critical domains such as e-Health, e-Business and e-Government. Following up to this objective, we perform extensive privacy and usability and threat analyses with an aim to recommend best practices for privacy preserving IAM systems. To disseminate the results, we collaborate with EuroCloud Europe to derive a catalogue for IAM systems which will be included in their StarAudit certification program. This catalogue could be used by IAM providers to make a transparent quality assessment for their services.