Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities

Similar documents
International standardization activities in SC 27 regarding Security Assurance and Evaluation

Digital EAGLEs. Outlook and perspectives

ISO/IEC JTC 1/SC 27 N7769

Patent Portfolio Overview May The data in this presentation is current as of this date.

Cisco Aironet In-Building Wireless Solutions International Power Compliance Chart

Spoka Meet Audio Calls Rates Dial-In UK

Frequently Asked Questions

Carrier Services. Intelligent telephony. for over COUNTRIES DID NUMBERS. All IP

Electronic access to technical information. Work in progress in Development of. Members. International Standards,

The IECEE CB Scheme facilitates Global trade of Information Technology products.

Patent Portfolio Overview July The data in this presentation is current as of this date.

EventBuilder.com. International Audio Conferencing Access Guide. This guide contains: :: International Toll-Free Access Dialing Instructions

IECEE provides facilitation to the Global Trade

Security Standardization

iclass SE multiclass SE 125kHz, 13.56MHz 125kHz, 13.56MHz

The Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System

VOICE/DATA SIMCARD USA UNLIMITED

Mining and The Standards World

Items exceeding one or more of the maximum weight and dimensions of a flat. For maximum dimensions please see the service user guide.

Light Quality and Energy Efficiency The CIE Approach

Devices for LV overvoltage protection : Called Surge Protective Device (SPD) for Low Voltage. Different from high voltage : «surge arrester»

Payphone Origination Service Charge Rate Per Min. Mobile Origination Service Charge. MLB Switched Rate Per Min. MLB Dedicated Rate Per Min

Access Code and Phone Number

AN POST SCHEDULE OF CHARGES

International Business Mail Rate Card

MANUAL VOICE/DATA SIMCARD CANADA

ETSI Governance and Decision Making

DATA APPENDIX. Real Exchange Rate Movements and the Relative Price of Nontraded Goods Caroline M. Betts and Timothy J. Kehoe

For: Ministry of Education From Date: 19 November 18-2 December 18 Venue: M1 Shops

END-OF-SALE AND END-OF-LIFE ANNOUNCEMENT FOR THE CISCO MEDIA CONVERGENCE SERVER 7845H-2400

International Packets

INTERDIGITAL. 4 th Quarter 2013 Investor Presentation. invention collaboration contribution InterDigital, Inc. All rights reserved.

General Overview & Annex 1: Global Smart Grid Inventory

Cisco HCS Country Dial Plans

Overcoming the Compliance Challenges of VAT Remittance. 12 April :55 to 16:30 (CEST)

Purchasing. Operations 3% Marketing 3% HR. Production 1%

EE Pay Monthly Add-Ons & Commitment Packs. Version

CUSTOMER GUIDE Interoute One Bridge Outlook Plugin Meeting Invite Example Guide

Enterprise price plan guide Vodafone One Net Business

Welcome to Baker McKenzie Stockholm Fifth Annual Trade Day. 7 November 2017

INTERNATIONAL ELECTROTECHNICAL COMMISSION. IEC TC57 WG15 Data and Communication Security Status & Roadmap. May, Frances Cleveland.

This document is a preview generated by EVS

NANOELECTRONICS AND DIGITAL TECHNOLOGY ENABLING DISRUPTIVE INNOVATION LUC VAN DEN HOVE - PRESIDENT AND CEO

FAQ: The IECEE CB Scheme

Quintiles vdesk Welcome Guide

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

STANDARD BROADBAND & FIBRE BROADBAND PLANS

PAY MONTHLY ADDITIONAL SERVICES TERMS AND CONDITIONS

Cisco Voice Services Provisioning Tool 2.6(1)

Dashboard. Feb 18, Feb 18, 2008 Comparing to: Site. 13,318 Visits 28,414 Pageviews 2.13 Pages/Visit

STANDARD BROADBAND & FIBRE BROADBAND PLANS

International Business Parcels Rate card

Common European Submission Portal

Cisco Extensible Provisioning and Operations Manager 4.5

Moving Professionals Forward. World Leader In Competence Based Certification

Step 1: New Portal User User ID Created Using IdentityIQ (IIQ)

E-Seminar. Voice over IP. Internet Technical Solution Seminar

CISCO IP PHONE 7970G NEW! CISCO IP PHONE 7905G AND 7912G XML

Out of Bundle Vodafone

MORE THAN JUST A PRODUCT, CABLOFIL IS A GLOBAL SOLUTION. Safer, more economic economic and more performant and A SYSTEM AN EXPERTISE A SERVICE

Collaborative Regulation in the APP Economy

Power Analyzer Firmware Update Utility Version Software Release Notes

Global entertainment and media outlook Explore the content and tools

IGEL-Briefing March Managed Software and Hardware Thin Clients

The Traveller plans include a monthly Mobile Broadband allowance to be used within all Table 1: Go Europe + USA Destinations.

Digital Opportunity Index. Michael Minges Telecommunications Management Group, Inc.

Cisco ONS SDH 12-Port STM-1 Electrical Interface Card

Phase II Upgrades. Eckhard Elsen. LHC RRB Meeting, Oct 29-31, Director Research and Computing

The Canadian Experience

International Roaming Critical Information Summaries JULY 2017

IBM offers Software Maintenance for additional Licensed Program Products

Microsoft Dynamics 365 for Finance and Operations. Table of contents

Turquoise Terminal Returns User Guide for Creating & Uploading a Turquoise Terminal Return

Traffic Offload. Cisco 7200/Cisco 7500 APPLICATION NOTE

RT-AX95U Wireless-AX11000 Tri Band Gigabit Router

Microsoft Dynamics 365 for Finance and Operations, Enterprise edition. Table of contents

Reference ISO/IEC FDIS (Ed 2) Committee ISO/IEC JTC 1/SC 35 Edition number 2

DataKom Vodafone Mobile Tariff Minimum 30 day end of month notice cancellation - Subject to contract. DataKom O2 Mobile Tariff. All prices exclude VAT

MINUTES AND TEXTS CUSTOMER MOBILE BOLT-ON GUIDE JUNE 2018 BOLT-ON WILL KEEP YOU IN CONTROL OF YOUR COSTS. INTERNATIONAL NUMBERS FROM YOUR MOBILE, THIS

Cisco CallManager 4.0-PBX Interoperability: Lucent/Avaya Definity G3 MV1.3 PBX using 6608-T1 PRI NI2 with MGCP

PRIVACY NOTICE WHO WILL PROCESS YOUR PERSONAL INFORMATION? WHY IS YOUR PERSONAL INFORMATION REQUIRED?

No Purchase needed

GW-WN150M 11b/g/n USB Wireless User Manual

Rights and Responsibilities in. Benjamin Edelman Harvard Business School

Service withdrawal: Selected IBM ServicePac offerings

Automation DriveServer

Dataliner Message Displays Using DL50 Slaves with a DL40 Master

Measures to Maintain Post-Nuclear Security Summit Momentum for Continuously Enhancing Nuclear Security

Appendix G. Percentiles and Standard Deviations of Science Achievement TIMSS 2011 INTERNATIONAL RESULTS IN SCIENCE APPENDIX G 495

Digital Context Pacific Alliance

Griffin Training Manual Address Maintenance

NEW JERSEY S HIGHER EDUCATION NETWORK (NJEDGE.NET), AN IP-VPN CASE STUDY

Introduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing. Junfeng ZHAO

NEW METHOD FOR ORDERING CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES INTEGRATED SERVICES ROUTERS SOFTWARE SPARE IMAGES

Where is the EU in cloud security certification?: Main findings

OPERATIONS MANUAL Audio Conferencing

The Critical Importance of CIIP to Cybersecurity

PLEASE NOTE: firms may submit one set of research questionnaires covering both China and Hong Kong or separate sets for each jurisdiction

CISCO FAX SERVER. Figure 1. Example Deployment Scenario. The Cisco Fax Server solution consists of the following components:

CONFIGURING EPOLICY ORCHESTRATOR 3.0 AND MCAFEE 8.0i WITH CISCO CALLMANAGER

Transcription:

International Telecommunication Union ITU-T Report on ISO/IEC/JTC1/SC27 Activities in Digital Identities Dick Brackney ISO/SC27 Liaison Officer to ITU-T SG17 Standards Program Manager, U.S. Dept of Defense rcbrack@verizon.net Geneva, 5 December 2006

Outline o Overview o Identity Management Activities o Concluding Remarks Geneva, 5 December 2006 2

SC 27 Membership Brazil Belgium France Netherlands Sweden USSR Canada Denmark Germany Norway Switzerland China USA Finland Italy Spain UK Japan founding P-Members (in 1990) Russian Federation South Africa Kenya Korea Ukraine Malaysia Austria New Zealand Uruguay Australia 1994 Poland 1996 Czech Republic India Luxembourg 1999 2001 2002 additional P-Members Singapore 2003 Sri Lanka 2005/06 O-members: Argentina, Hong Kong, Indonesia, Belarus, Cyprus, Estonia, Hungary, Ireland, Israel, Lithuania, Serbia and Montenegro, Romania, Slovakia, Turkey Geneva, 5 December 2006 3

Overview o SC 27 Meets Twice/Year and is Responsible for ~ 90 Projects, ~ 45 Active Projects ~ 8 Active IdM Projects/Activities o Between 1990 and Today, SC 27 has Published 60+ International Standards (IS) and Technical Reports (TR) o SC 27 IdM Collaboration includes: ISO/IEC SC 37: Biometrics ISO TC 68/SC 6/WG 10: Financial Services Retail/Privacy ITU-T SG 13: Next Generation Networks ITU-T SG 17: Security, Languages, and Telecommunications Software FIDIS: Future of Identity in Information Society The International Conference of Data Protection and Privacy Commissioners o Open Group (IdM Forum and Jericho Forum) SC27 IdM Collaboration is expanding Geneva, 5 December 2006 4

ISO/IEC JTC 1/SC 27 IT Security Techniques ISO/IEC JTC 1/SC 27: Information technology - Security techniques Chair: Mr. W. Fumy Vice-Chair: Ms. M. De Soete SC 27 Secretariat DIN Ms. K. Passia Working Group 1 Information security management systems Convener Mr. Humphreys Working Group 2 Cryptography and security mechanisms Convener Mr. K. Naemura Working Group 3 Security evaluation criteria Convener Mr. Mats Ohlin Working Group 4 Security controls and services Convener Mr. Meng Choi Working Group 5 Identity managemt and privacy technologies Convener TBD Geneva, 5 December 2006 5

SC27 s Identity Management Goals o Involve as many IdM Communities of Interest as Possible o Encourage IdM Standards Development Contributions o Emphasize IdM Interoperability and Trust Relationships among Identity Providers o Develop IdM Best Practices that Ensures Privacy o Support Auditing, Reporting and Compliance Regulatory Requirements U.S. Sarbanes-Oxley new authentication and access controls requirements to include Separation of Duties Geneva, 5 December 2006 6

Identity Management and Privacy Technologies (WG 5) Study Period initiated by in late 2005 WG 5 First Meeting in Nov 06 Scope: Development and Maintenance of Standards and Guidelines addressing Security Aspects of Identity Management (IdM) and the Protection of Personal Information (PPI). Current activities Framework for Identity Management (ISO/IEC 24760) A Privacy Framework (ISO/IEC 29100) A Privacy Reference Architecture (ISO IEC 29101) Authentication Assurance (New) Authentication Context for Biometrics (ISO/IEC 24761) Biometric Template Protection (ISO/IEC 24745) Official Privacy Documents (Standing Document SD) (New) Joint ITU-T and ISO SC 27 Workshop on Digital Identity (New) Geneva, 5 December 2006 7

Identity Management and Privacy Technologies (WG 5) (Continued) Potential Future Topics Role Based Access Control IdM Provisioning Single Sign-On Privacy Infrastructures Identity Anonymity and Credentials Privacy Enhancing Technologies (PETs). Geneva, 5 December 2006 8

Privacy in a Global Environment o World s Privacy Guidelines are Twenty-Years Old EU Directive on Data Protection OECD s Guidelines on the Protection of Privacy and Transborder Flows of Personal Data o Today Environment is different Distributed vs Centralized Data bases Significantly more Computing Power More Invasive Data Collection Routine Trans-border dataflow Difficult to Destroy Information when it is No Longer needed Geneva, 5 December 2006 9

Framework for Identity Management (ISO/IEC 24760) o What: Provide a Framework for the Secure and Reliable Management of Identities o Scope: Applicable to Individuals and Devices Defines IdM Terminology, Concepts and Models Describes Basic Components of IdM, Federated Identities, and Control Objectives Discusses the Life Cycle of Identities and Identity Information as they are Established, Modified, Suspended, Terminated or Archived. Basis for Future ISO/SC27 Identity Standards o Status: 2 nd Working Draft Geneva, 5 December 2006 10

A Privacy Framework (ISO/IEC 29100) o What: Privacy Safeguards for Personally Identifiable Information (PII) o Scope Applicable on International Scale Provide Common Privacy Terminology Define Privacy Principles when processing PII Describe and Categorize Privacy Features Relate Privacy Requirements to Existing Security Guidelines Basis for Future ISO/SC27 Privacy Standards o Status: 1 st Working Draft - Scope and Outline Geneva, 5 December 2006 11

A Privacy Reference Architecture (ISO IEC 29101) o What: Best Practices for Consistent Technical Implementation of PII Privacy Requirements o Scope: Guidelines for the Planning and building architectures for the proper handling of PII Privacy Framework First, then Architecture o Status: Study Period - Call for Contributions in Following Areas Existing Implementation Guidelines Challenges/Questions Privacy Technologies Technology Forecast i.e. Maturity Levels Case Studies White Papers Geneva, 5 December 2006 12

Authentication Assurance (New Work Item Proposal) o What: Framework for Assessing How Close an Identity is to the Correct One o Scope: Provide Guidelines for Assigning Levels of Assurance to Identifiers that Account for: Authentication Mechanism Characteristics of Authentication Device Location of Entity Ease of Manipulation by an Attacker Etc. NIST SP800-63 e-authentication provides Four Level of Assurance i.e. 1 to 4 o Status: National Body Letter Ballot Geneva, 5 December 2006 13

Official Privacy Documents (Standing Document SD) o What: Living List of Official Privacy Requirements, Regulations and Standards o Scope: Name of organization Key Documents Executive Summary Hyperlinks o Status: Call for Contributions Requesting Nominations for Editor Geneva, 5 December 2006 14

Joint ITU-T & ISO/SC 27 IdM Workshop o A Proposal to ITU-T SG 13 and SG 17 o When: Oct 08, prior to SC27 Meeting o Where: Potentially Lucerne, Switzerland o Why: Follow-up to 5 Dec 06 ITU-T Identity Workshop Bridge Gap between Network Service Providers, IT Security Experts, and IdM Community o How: IdM Expert Presentations IdM Standards Bodies and Consortiums Reports IdM Telecommunications Case Studies Geneva, 5 December 2006 15

o Next Meetings May 2007 Oct 2007 SC 27 - Summary Moscow, Russia Lucerne, Switzerland o More Information & Contact SC 27 web-page: scope, organization, work items, standing documents (SDs), etc. http://www.ni.din.de/sc27 SD7: Catalogue of SC 27 Projects and Standards SC 27 Secretariat: Krystyna.Passia@din.de SC 27 Chairman: Walter.Fumy@siemens.com Geneva, 5 December 2006 16

International Telecommunication Union Back Up Slides Geneva, 5 December 2006

Authentication Context for Biometrics: ACBio (ISO/IEC 24761) o WG 1 Proposal April 2005 o Example of Authentication Assurance Standard o Biometric verification depends on the Quality of the Device Used o In the Internet, a Biometric Verifier may NOT Know the Biometric Device s Quality, o Better decision possible if knew Device s Quality Geneva, 5 December 2006 18

Authentication Context for Biometrics: ACBio (ISO/IEC 24761) Continued o Scope: A data format for data generated by the Five Biometrics Processing Units (BPU) described in ISO/IEC19092-1 Data Capture, Signal Processing, Storage, Comparison, Decision An ACBio instance includes Reports about Accuracy of each BPU Quality of the Data generated by BPU Security (tamper-resistance) of the BPU o Status: Final Committee Draft (FCD) Geneva, 5 December 2006 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback