Completed study periods and pwis

From IPEN Wiki
Revision as of 14:05, 16 September 2020 by Antoniok (talk | contribs) (Created page with "=== <span style="font-size: larger;">Privacy engineering framework (Started in April 2015. Completed in April 2016)</span> === {| cellpadding="1" cellspacing="1" border="1" s...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Privacy engineering framework (Started in April 2015. Completed in April 2016)

Leaders Antonio Kung, Matthias Reinis
Objective Study the concept of privacy engineering and see whether new work items are needed
Documentation Slides presenting motivation for study period by Antonio Kung: http://ipen.trialog.com/wiki/File:PRIPARE_Proposal_Study_Period_Privacy_Engineering_Framework_2.pdf
Timeline

Privacy-Preserving Attribute-based Entity Authentication (Started in October 2015. Completed in April 2016)

Leader Pascal Pailler, Nat Sakimura, Jaz Hoon Nah
Objective
Documentation
Comments
  • Initiated in Jaipur (Oct 2015)
  • Replaces SP privacy-respecting identity management scheme using attribute-based credentials (outcome of the ABC4trust FP7 project: https://abc4trust.eu,, initiated in April 2014 in Hong Kong), with an extended scope
  • Completed.
  • Followed by new project : ISO/IEC 27551: Requirements for attribute-based unlinkable entity authentication (see above)

Editorial inconsistencies to 29100 (Started in April 2016. Completed in October 2016)

Leaders Nat Sakimura, Mathias Reinis, Elaine Newton
Objective

Collecting errors and correcting inconsistencies

Documentation
Comments
  • Completed, has led to a draft amendment (with limited scope)

Guidelines for privacy in Internet of Things (IoT) (Started in April 2016. Completed in April 2017)

Leaders Heung Youl Youm, Srinivas Poorsala, Antonio Kung
Objective
  • assess the viability of producing guidelines for Privacy in IoT within WG5;
  • to potentially provide (a) New Work Item Proposal(s) and/or input material for existing relevant projects as a recommendation to the Working Groups 5 depending on the outcome of this assessmen

Documentation


Comments

Initiated in Tampa (April 2016)

Initial contribution in Abu Dhabi (October 2016)

Conclusions in Hamilton (April 2017) led to the merging with Guidelines fot security in IoT (WG4). See new study period below on security and privacy for Internet of things.

Discussion also led to a new study period "Framework of user-centric PII handling based on privacy preference management by users"


Guidelines for security and privacy for Internet of Things (IoT) (Completed in November 2017)

Start/Duration April 2017/6 months)
Leaders Eric Hibbard, Faud Khan, Tyson Macaulay, Srinivas Poorsala
Objective prepare the materials necessary to initiate an International Standard
coming out of the SC 27 meeting in Berlin (Oct-2017)

Documentation


Comments

Is an SC27/WG4 study periods involving WG4 and WG5.

Study period is completed and new work item has been proposed (https://ipen.trialog.com/wiki/ISO#New_Work_Item_Proposal_Security_and_Privacy_for_the_Internet_of_Things).

Kickoff expected in Wuhan in WG4

PII Protection considerations for smartphone app providers (Started in October 2015. Completed in April 2017)

Leader Rahul Sharma, Natarajan Swaminathan, Johan Eksteen, Sai Pradeep Chilukuri
Objective

Study mobile application ecosystems from a privacy viewpoint

Collect views of multiple stakeholders in the mobile applications space

Collect mobile apps privacy guidelines issued by various agencies

Collate a report on the findings

Potentially provide a new work item proposal

Documentation
Comments

Initiated in Jaipur (October 2015)

Privacy in smart cities (Started in October 2015. Completed in November 2017)

Leaders Antonio Kung, Sanjeev Chhabra, Udbhav Tiwari
Objective

Connect with multiple stakeholders in the smart city space

Refer the existing work on smart cities

Collate information, feedback, inputs from the stakeholders and draft the guidelines

Potentially provide (a) new work item proposal(s) that can translate in guidelines

Documentation
Comments

Initiated in Jaipur (October 2015)

Liaison to be established with ISO/IEC JTC1/SG1 (Smart cities) 

Presentation in Tampa (April 2016) of intermediate state

Presentation in Abu Dhabi (October 2016) of intermediate state

Presentation in Hamilton (April 2017) of intermediate state

Proposal for new work item in Berlin (Nov 2017)

Code of practice solution for different types of PII (Started in October 2016, Completed in April 2017)

Leaders Mathias Reinis, Heung Youl Youm
Objective

Study ISO/IEC FDIS 29151 and ISO/IEC IS 27018 with the objective to find a solution that is applicable for different types of PII processors, especially compatible with the needs of a SME

Documentation


Comments

Terminated due to lack of contributions

Requirements and outline for ISO/IEC 29115 revision (Started in April 2017. Completed in April 2018)

Leaders David Temoshok replacing Sal Francomacaro, Thomas Lenz, Patrick Curry, Andrew Hugues, Heung Youl Youm
Objective

Documentation


Comments

Has resulted in a NWIP

Application of ISO 31000 for identify-related risk (Started in April 2017. Completed in April 2018)

Leaders Christophe Stenuit, Joanne Knight
Objective Gather information in order to determine the viability of creating a standard providing guidance on the application of ISO 31000:2009 to assess identity-related risks

Documentation


Comments
 New work item proposal

Concept of PII Deletion (Started in November 2017. Completed in April 2018)

Leaders Volker Hammer, Srinivas Poosarla, Eduard de Jong, Alan Shipman
Objective Study the potential internationalisation of national standard DIN 66398 "Guideline for development of a concept for data deletion with derivation of deletion periods for personal identifiable information"

Documentation


Comments


Development of Identify standards landscape standing document (Started in  April 2018, Completed in October 2018)

Leaders Joanne Knight, Julien Bringer, Salvatore Francomacaro, Heung Youl Youm,
Objective

 Create an initial draft of a new SD that would provide:

  • The scope of the identity standards landscape
  •  Introductory content identifying the role of each existing and emerging standard within the landscape, as well as its relationship to the other landscape standards. To serve as an overarching guide to users of identity-related standards
  • A process (flow chart) for the analysis of the creation or revision of identity standards, to guide alignment
  •  A register of alignment issues that have been accepted as needing to be resolve
  • Develop a proposal for the process of maintaining the standing document that includes:

Documentation


Comments


Identify assurance framework (Started in April 2017. Completed in October 2018)

Leaders Patrick Curry, Anthony Nadalin
Objective analyze the outcomes of ISO/IEC 29003 and related matters, then to determine the possible next steps towards developing an International Standard (or other mechanisms) for an Identity Assurance Framework.

Documentation


Comments


Framework of user-centric PII handling based on privacy preference management by users (Started in April 2017, Completed in October 2018)

Start/duration

April 2017 / 18 months

Leaders Shinzaku Kiyomoto, Antonio Kung, Heung Youl Youm
Objective define frameworks of user-centric PII handling based on privacy preferences of users

Documentation


Comments

Triggered by an initiative from ITU-T for such a framework applied to the IoT. See https://ipen.trialog.com/wiki/ITU_Activities#X.iotsec-3:.C2.A0Technical_framework_of_PII_.28Personally_Identifiable_Information.29_handling_system_in_IoT_environment

In Berlin (November 2017),  it was decided to consider 3 options

  • extension of 29101
  • definition of a generic model
  • defintion of specific models

In Wuhan (May 2018), it was decided to prepare a NWIP

In Gjovik (October 2018), the NWIP was finalised

Additional Privacy-Enhancing Data De-identification standards (Started in April 2018. Completed in October 2019)

Leaders Malcom Townsend, Heung Youl Youm
Scope

This Study Period aims to analyze the challenges and risks associated with the implementation of data de-identification techniques described in ISO 20889, and provide a strategy and structured approach to the potential development of additional standards covering such potential topics such as requirements, risk analysis, codes of practice and so on.

Documentation


Comments


Identity Standards Landscape Document Update (Started in October 2018. Completed in October 2019)

Leaders

Andrew Hughes, Christophe Stenuit, Kai Rannenberg


Objective

Solicit additional content for the draft Standing Document; solicit comments on the current content and structure of the draft Standing Document; discuss and make a disposition of comments; and to update the Standing Document

Documentation


Comments



Consent receipts and records (Started in April 2019, completed in October 2019)

Leaders Collin Wallis, Andrew Hughes
Objective

The scope of this study period is to assess the need for a Consent Receipt and Record standard used to support transparency and accountability practices related to an individual's consent to PII processing

Documentation


Comments


Review of requirements for accredited certification for sector specific ISMS standards (Started in April 2019. Completed in October 2019)

Leaders Hans Hedbom, Alan Shipman
Objective

The scope of this study period is to review possible approaches to establishing the foundation for accredited certification for sector-specific standards. The concrete instantiation for this is ISO/IEC 27552, which is expected to be published soon.

Comments


Privacy consideration in practical workflows (Started in April 2018, completed in April 2020)

Leaders Mickey Cohen
Objective

The scope of this study period is to collect contributions:

(1) On workflows describing use-cases where the combination of privacy, security (including exposure period), identification quality and practical implementation need to be viewed as a whole

(2) For a merit function(s) combining the subjects into a qualitative evaluation of the privacy

Documentation


Comments


Retrieved from "https://ipen.trialog.com/?title=Completed_study_periods_and_pwis&oldid=1392"