- 1 Introduction
- 2 Standards and project
- 2.1 SG17 Security
- 2.2 SG20: Internet of things (IoT) and smart cities and communities (SC&C)
Two study groups could address privacy standards:
- SG17 security: https://www.itu.int/en/ITU-T/studygroups/2017-2020/17/Pages/default.aspx
- SG20: Internet of things (IoT) and smart cities and communities (SC&C): https://www.itu.int/en/ITU-T/studygroups/2017-2020/20/Pages/default.aspx
A study group is structured into working parties and questions. For instance,
- SG17 includes working party 1 (telecommunication/ICT security), which includes
- question 6/17: Security aspects of telecommunication services, networks and Internet of Things
- question 14/17: Security aspects of distributed ledger technologies
- SG20 includes working party 2, which includes
- question 6/17: Security, privacy, trust and identification for IoT and SC&C
A Study group can also create a focus group the role of which is to provide contributions that will later be an input to real standardisation work. For instance SG20 launched in March 2017 a Focus Group on Data Processing and Management to support IoT and Smart Cities & Communities: http://www.itu.int/en/ITU-T/focusgroups/dpm/Pages/default.aspx.
ITU collaborates with ISO/IEC in many common documents: http://www.itu.int/ITU-T/recommendations/iso.aspx?ser=-1&status=F&type=T&pg_size=100
Standards and project
X.iotsec-3: Technical framework of PII (Personally Identifiable Information) handling system in IoT environment
Yutaka Miyake, Bo Yu
This is a work item managed by Q6.
IoT devices can collect many kinds of data, and some kinds of data include PII (Personally Identifiable Information). Because the PII data is useful for several kinds of services, they can be shared with multiple service providers. It is better for users to handle own data including PII in IoT environment based on their intention. Because the situation of data usage in IoT environment with multiple service providers will be complicated, the user's intention on data usage should be reflected flexibly. For example, if the IoT platform has the following functions, the user can recognize that the collected data including PII can be controlled properly. The users can set up PII control preference. This preference includes the list of permitted data for shared by each service provider. The collected data is controlled access based on the PII control preference. Unauthorized data cannot be shared with other service providers. The users can check the history log of data sharing among the service providers. The users can understand the timing of data usage. This Recommendation will provide the technical framework of PII handling system for IoT environment to fulfil these functions.
SG20: Internet of things (IoT) and smart cities and communities (SC&C)
Focus Group on Data Processing and Management to support IoT and Smart Cities & Communities
Gyu Myoung Lee
This Focus Group plays a role in providing a platform to share views, to develop a series of deliverables, and showcasing initiatives, projects, and standards activities linked to data processing and management and establishment of IoT ecosystem solutions for data focused cities
Focus group includes 5 working group, including working group 4: security , privacy and trust, including governance. The chair of WP4 is Robert Lewis-Lettington (UN-HABITAT)
Two deliverables are planned related to privacy
Y.IoT-Interop. An Interoperability framework for IoT
Abdurahman M. Al Hassan
This is a work item managed by Q6
This document introduces the Digital Object Architecture (DOA) and its prospective in addressing security and interoperability among IoT applications. [DOA defines a framework for information oriented Internet service, on top of existing Internet infrastructure. It offers a set of security and management services at the Internet infrastructure level, that will enable secure sharing and management of information over distributed networking environment. Under DOA, information is encapsulated in terms of Digital Object, with its ownership and management defined independent from any hosting or application environment.] Information encapsulated as a Digital Object will no longer be confined within any particular application boundary. It may be moved from host to host, accessed from application to application, shared from organization to organization, without having to worry about losing its ownership or management control. The secure and robust infrastructure services provided by DOA encourages a common security and management interface across different IoT applications. This will not only improve the overall security protection of any individual IoT application, but also reduce the fragmentations among many IoT applications we witness today.
|Comments||[Antonio Kung] Integrates security and data protection capabilities in the framework|