120 likes | 201 Views
Developments in cooperation between research and standardization related to security and secure communications. Presentation at eMayor clustering event, 4 March 2005 “Secure Information Processing in the Public Sector” Bart Brusse, COPRAS Project Manager.
E N D
Developments in cooperation between research and standardization related to security and secure communications Presentation at eMayor clustering event, 4 March 2005 “Secure Information Processing in the Public Sector” Bart Brusse, COPRAS Project Manager
COPRAS aims to improve the IST research/standards interface….. • FP6 Specific Support Action (SSA) addressing projects in 18 Strategic Objectives in calls 1 & 2 • Improve interfacing between FP6 IST projects and standards bodies: • Act as a facilitator to FP6 IST projects wishing to upgrade their deliverables through standardisation • Prepare generic information on RTD/standards interfacing guiding those proposing or evaluating future projects • Project lifespan: 01/02/2004 – 31/01/2007 • Methodology: • Survey projects and analyse their standards related output • Develop Standardization Action Plans with selected projects
Standardisation processes Start Requirements analysis Tests & pilots End ‘Standardisation gap’ Technical developments Halfway IST project duration …..and addresses shortcomings currently experienced on both sides • Interfacing with standardisation is required but the ‘right’ body may not always be easy to find • Cooperation has to be initiated at an earlier stage, making tangible results available sooner • IST projects’ standardization targets have to be better matched with ongoing activity • Structuring cooperation will reduce overlap and save resources on the side of research projects
Biometrics, standards related issues with particular emphasis on ISO/IEC/JTC1/SC37; preparation of a report on European specific requirements in Biometrics ETSI TC ESI, addressing the lack of standards supporting electronic signatures and public key certificates, in line with, and endorsed by the initiative of the European Commission to establish a harmonized infrastructure for electronic signatures CEN/ISSS Workshop on Data Protection & Privacy, aiming to help business in Europe comply with the Data Protection Directive and relevant national legislation by facilitating harmonization of practice and developing the understanding of current practices CEN/TC224/WG15 on a European Citizen card, defining the concept of a smart card issued under the authority of a national or local government institution Security related activities are underway within CEN/ISSS and ETSI
Lack of a coherent overview of eGovernment standards issues, lack of persistence, lack of maintenance & lack of visibility Identify issues & themes, agencies & authorities, standardized solutions & mechanisms currently existing in the field of eGovernment in Europe Identify and map out initiatives and services including frameworks, design rules, clearing houses, existing standards & specifications, etc. Involve public administrators, identify recurring policy issues & obstacles, contribute to IDABC proposals, analyze standardization requirements A new focus group within CEN/ISSS on eGovernment standardization Background Objectives
Application Vulnerability Description Language (AVDL), creating a uniform way of describing application security vulnerabilities eXtensible Access Control Markup Language (XACML), for the expression of authorization policies in XML Provisioning Services, an XML-based framework for information exchange between Provisioning Service Points XML Common Biometric Format (XCBF), a common set of secure XML encodings for the patron formats specified in CBEFF Public Key Infrastructure (PKI), meeting business and security requirements Rights Language, defining an industry standard for a digital rights language Security Services, advancing the Security Assertion Markup Language (SAML) as a standard Web Application Security (WAS) providing guidance for initial threat, impact, risk rating Web Services Security (WSS),on Web Services security foundations Digital Signature Services (DSS), supporting the processing of digital signatures Security related activities underway within OASIS
XML Encryption, developing a process for encrypting/ decrypting digital content and an XML syntax used to represent the encrypted content, as well as information that enables an intended recipient to decrypt it XML signature, developing an XML compliant syntax used for representing the signature of Web resources and portions of protocol messages and procedures for computing and verifying such signatures XML Key management, development of a specification for an XML application/protocol allowing a client to obtain key information from a web service Deployment of further activities, on higher level security applications, possibly in combination with ETSI, are being discussed Additional information on XML security may be found at: http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html Security related activities underway within W3C
ICTSB Network and Information Security Steering Group (NISSG) • Aim - To act as an overall focal point for the European standardization community on network and information security issues • Output – To ensure the implementation of the NIS report produced by the CEN/ETSI NIS Group • Next steps • Meetings 9 March 2005,1 June 2005 • Any issues regarding new activities (as distinct from issues concerning existing ones, wherever they may be) should be addressed to NISSG as the focal point • Membership - open to any ICTSB member organization and their relevant technical groups and invited stakeholder interests
COPRAS maps standardization with IST projects activities & output FP6 Call 1 Strategic Objectives with projects addressing security 164 projects addressed across 10 Strategic Objectives 51 projects targeted in 2.3.1.5, 2.3.1.9 & 2.3.1.11 92 responses received (56%) 31 responses received (61%) 40 projects approached for participation in the COPRAS Programme 7 projects invited with output relevant to security related standardization Kick-off meeting 14th October 2004: jump-start development of ‘Standardization Action Plans’
Concrete cooperation on further standardization steps with SECOQC • Standardization Action Plan defining • Specific technical issues • Relevance towards the eEurope programme • Possible standardization action steps • COPRAS participation in SECOCQ Interface standardization workshop • Business plan for a dedicated CEN/ISSS workshop on quantum cryptography • Installation dedicated workshop and drafting CEN Workshop Agreement (CWA) • Definition of required dissemination and consensus building support to be provided by COPRAS
COPRAS remains open to cooperate with and support other security & eGovernment oriented projectsThank you for your attention & feedback Bart Brusse, COPRAS Project Manager bart@contestconsultancy.com Tel: +31-653-225260