{"id":3114,"date":"2018-08-01T09:54:56","date_gmt":"2018-08-01T09:54:56","guid":{"rendered":"https:\/\/prismacloud.eu\/?p=3114"},"modified":"2018-08-01T09:54:56","modified_gmt":"2018-08-01T09:54:56","slug":"d9-7-standards-activity-report","status":"publish","type":"post","link":"https:\/\/prismacloud.eu\/d9-7-standards-activity-report\/","title":{"rendered":"D9.7 Standards activity report"},"content":{"rendered":"

Contributing Partners<\/strong><\/p>\n

UNIL<\/strong>, UNI PASSAU, AIT<\/p>\n

Executive Summary<\/strong><\/p>\n

The standardisation activity, which spanned over the entire duration of the project, started with one year of analysis, planning, and preparation. A standardisation plan was developed (D9.5, M12) and its implementation decided by the project plenary. In course of the imple-mentation, we established liaisons with two working groups of the ISO\/IEC JTC1 SC 27 \u201cIT Security\u201d1: WG2 \"Cryptography and Security Mechanisms\" for activities concerning low level cryptographic primitives, and WG4 \"Security Controls and Services\u201d for activities on a service level; and participated for one year (March 2017 \u2013 Feb. 2018) in the specialist task force ETSI TC CYBER STF5292 which produced a Technical Specification in the field of attribute based credentials.
\nIn the ISO, we attended four of ISO\/IEC\u2019s semi-annual meetings around the world and also participated in standardisation work between the meetings. Detailed intermediate reporting can be found in D9.6 (M24) and D9.3 (M30). To secure our impact, three project partners also sought accreditation through the mirror committees of SC27 of two European national bodies (of Germany and Austria). Through the national bodies we were able to contribute about 90 comments for the standard ISO\/IEC 19086-4 \u201cCloud computing Service Level Agreement (SLA) framework - Part 4: Security and privacy\u201d of WG4, which defines objec-tives to be negotiated between cloud providers and customers in a cloud SLA. Through the leverage of our national bodies\u2019 voting rights, we were able to add several objectives to the standard for the kinds of services and tools that we developed in the project. In more detail: objectives for integrity protection of data in motion, for anonymous and pseudonymous au-thentication support and for data minimisation cryptographic controls. We also contributed a complete overhaul of a \u201cCryptography Component\u201d, which is central to the standard, by systematically extending its scope to confidentiality and integrity protection not only \u201cin motion\u201d (as previously proposed), but also \u201cat rest\u201d and \u201cduring computation\u201d.
\nIn WG2 we carried out an operation through three of the ISO meetings: We proposed and organized a \u201cstudy period\u201d on the potential instantiation of a new standard for redactable signatures, being one of the core technologies proposed in PRISMACLOUD. Based on positive evaluation and feedback, we proposed a new \u201cwork item\u201d (i.e. to develop a new stand-ard) and finally found the support of five other national bodies to officially start the new standard ISO\/IEC 23264 \u201cInformation technology \u2013 Security techniques \u2013 Redaction of au-thentic data\u201d. ISO\/IEC 23264 will be a standard, proposed and shaped by a H2020 project3. A first \u201cworking draft\u201d version (of 15 pages) was prepared by project partners UNI PAS-SAU, AIT\u2014and was just by the time of this writing (19 June, 2018) sent out by ISO on its world-wide list with a call for contribution (See Appendix for this version).
\nA critical assessment of our activities confirms that we could achieve actual dissemination of project results into standards even during the relatively short (for standardisation processes) project duration of 3.5 years. We were certainly also lucky to encounter standards in project stages suitable for our contribution\u2014and to receive within the ISO context the support of colleagues from research, industry, and administration for our plans. But we also could se-cure the continuation of the standardisation activity beyond project end\u2014with AIT and UNI PASSAU having declared to remain active in cloud security and privacy standardisation in ISO SC27 and to continue to drive the standardisation activities that sprung off the PRISMACLOUD project.<\/p>\n","protected":false},"excerpt":{"rendered":"

Contributing Partners UNIL, UNI PASSAU, AIT Executive Summary The standardisation activity, which spanned over the entire duration of the project, started with one year of analysis, planning, and preparation. A standardisation plan was developed (D9.5, M12) and its implementation decided by the project plenary. In course of the imple-mentation, we established liaisons with two working […]<\/p>\n","protected":false},"author":2,"featured_media":3126,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,7],"tags":[],"_links":{"self":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/3114"}],"collection":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/comments?post=3114"}],"version-history":[{"count":1,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/3114\/revisions"}],"predecessor-version":[{"id":3115,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/3114\/revisions\/3115"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media\/3126"}],"wp:attachment":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media?parent=3114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/categories?post=3114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/tags?post=3114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}