Transcript Slide 1

Developments in cooperation between research
and standardization related to security and
secure communications
Presentation at eMayor clustering event, 4 March 2005
“Secure Information Processing in the Public Sector”
Bart Brusse, COPRAS Project Manager
COPRAS aims to improve the IST
research/standards interface…..
• FP6 Specific Support Action (SSA) addressing
projects in 18 Strategic Objectives in calls 1 & 2
• Improve interfacing between FP6 IST projects
and standards bodies:
– Act as a facilitator to FP6 IST projects wishing to upgrade
their deliverables through standardisation
– Prepare generic information on RTD/standards interfacing
guiding those proposing or evaluating future projects
• Project lifespan: 01/02/2004 – 31/01/2007
• Methodology:
– Survey projects and analyse their standards related output
– Develop Standardization Action Plans with selected projects
…..and addresses shortcomings
currently experienced on both sides
• Interfacing with standardisation is required but
the ‘right’ body may not always be easy to find
• Cooperation has to be initiated at an earlier stage,
making tangible results available sooner
• IST projects’ standardization targets have to be
better matched with ongoing activity
• Structuring cooperation will reduce overlap and
save resources on the side of research projects
Standardisation processes
Technical developments
Half
Start Requirements analysis way
Tests & pilots
IST project duration
End
‘Standardisation
gap’
Security related activities are
underway within CEN/ISSS and ETSI
•
•
Biometrics, standards
related issues with particular
emphasis on
ISO/IEC/JTC1/SC37;
preparation of a report on
European specific
requirements in Biometrics
ETSI TC ESI, addressing the
lack of standards supporting
electronic signatures and
public key certificates, in line
with, and endorsed by the
initiative of the European
Commission to establish a
harmonized infrastructure for
electronic signatures
•
•
CEN/ISSS Workshop on
Data Protection & Privacy,
aiming to help business in
Europe comply with the Data
Protection Directive and
relevant national legislation by
facilitating harmonization of
practice and developing the
understanding of current
practices
CEN/TC224/WG15 on a
European Citizen card,
defining the concept of a
smart card issued under the
authority of a national or local
government institution
A new focus group within CEN/ISSS
on eGovernment standardization
Background
Objectives
• Lack of a coherent
overview of eGovernment
standards issues, lack of
persistence, lack of
maintenance & lack of
visibility
• Identify issues & themes,
agencies & authorities,
standardized solutions &
mechanisms currently
existing in the field of
eGovernment in Europe
• Identify and map out
initiatives and services
including frameworks,
design rules, clearing
houses, existing standards
& specifications, etc.
• Involve public
administrators, identify
recurring policy issues &
obstacles, contribute to
IDABC proposals, analyze
standardization
requirements
Security related activities underway
within OASIS
• Application Vulnerability
Description Language
(AVDL), creating a uniform
way of describing application
security vulnerabilities
• eXtensible Access Control
Markup Language
(XACML), for the expression
of authorization policies in XML
• Provisioning Services, an
XML-based framework for
information exchange between
Provisioning Service Points
• XML Common Biometric
Format (XCBF), a common
set of secure XML encodings
for the patron formats
specified in CBEFF
• Public Key Infrastructure
(PKI), meeting business and
security requirements
• Rights Language, defining an
industry standard for a digital
rights language
• Security Services, advancing
the Security Assertion Markup
Language (SAML) as a standard
• Web Application Security
(WAS) providing guidance for
initial threat, impact, risk rating
• Web Services Security
(WSS), on Web Services
security foundations
• Digital Signature Services
(DSS), supporting the
processing of digital signatures
Security related activities underway
within W3C
• XML Encryption, developing
a process for encrypting/
decrypting digital content and
an XML syntax used to
represent the encrypted
content, as well as information
that enables an intended
recipient to decrypt it
• XML signature, developing
an XML compliant syntax used
for representing the signature
of Web resources and portions
of protocol messages and
procedures for computing and
verifying such signatures
• XML Key management,
development of a specification
for an XML application/protocol
allowing a client to obtain key
information from a web service
• Deployment of further
activities, on higher level
security applications, possibly
in combination with ETSI, are
being discussed
• Additional information on
XML security may be found at:
http://www.nue.et-inf.unisiegen.de/~geuerpollmann/xml_security.html
ICTSB Network and Information
Security Steering Group (NISSG)
• Aim - To act as an overall focal point for the
European standardization community on network
and information security issues
• Output – To ensure the implementation of the
NIS report produced by the CEN/ETSI NIS Group
• Next steps
– Meetings 9 March 2005, 1 June 2005
– Any issues regarding new activities (as distinct from issues
concerning existing ones, wherever they may be) should be
addressed to NISSG as the focal point
• Membership - open to any ICTSB member
organization and their relevant technical groups
and invited stakeholder interests
COPRAS maps standardization with
IST projects activities & output
FP6 Call 1
Strategic Objectives with
projects addressing security
164 projects addressed
across 10 Strategic
Objectives
51 projects targeted in
2.3.1.5, 2.3.1.9 & 2.3.1.11
92 responses received (56%)
31 responses received (61%)
40 projects approached for
participation in the COPRAS
Programme
7 projects invited with output
relevant to security related
standardization
Kick-off meeting 14th October 2004: jump-start development of
‘Standardization Action Plans’
5 “Security” projects participated in
the kick-off meeting
Project
Standardization objectives addressed
eMayor
Secure municipal government applications: X-forms digital signature &
smartcard integration; eGovernment XML exchange standards; government
digital identification tokens (smartcard) standardization and related CA
architecture.
TrustCom
Interoperability profiles covering: model driven security, collaborative business
processes, policies & security, contracts & service level agreements, trust PMI
and PKI, web & GRID technologies, semantic technologies.
SECOQC
Quantum cryptography: standardization of ‘internal’ interfaces to achieve
interoperability of QKD components from different manufacturers;
standardization of ‘external’ interfaces and network infrastructure to make
applications compatible with different QKD systems and to provide applications
standardized access to QKD based infrastructures.
BioSec
Biometrics: standardized multi-modal measurements of acceptance and trust
(privacy, data security, reliability, invasiveness); development of standards to
promote acceptance and trust of biometrics (standards for data & privacy
protection, for user-friendly design, handling & interfacing).
Digital
Passport
Next generation European digital passport with biometric data for secure and
convenient border passage: security concept & system architecture, minimum
security requirements for cards & personal identification; standards &
guidelines for a security framework, network security; use of electronic
signatures in passports; privacy & data protection.
Concrete cooperation on further
standardization steps with SECOQC
• Standardization Action Plan defining
– Specific technical issues
– Relevance towards the eEurope programme
• Possible standardization action steps
– COPRAS participation in SECOCQ Interface standardization
workshop
– Business plan for a dedicated CEN/ISSS workshop on
quantum cryptography
– Installation dedicated workshop and drafting CEN Workshop
Agreement (CWA)
• Definition of required dissemination and
consensus building support to be provided by
COPRAS
COPRAS remains open to cooperate with
and support other security &
eGovernment oriented projects
Thank you for your attention & feedback
Bart Brusse, COPRAS Project Manager
[email protected]
Tel: +31-653-225260