What does the standardisation landscape for identity management in public services looks like?

by René Lindner – DIN

The consideration of relevant existing standards for the development of the projects’ solutions and the transfer of the projects’ results into standardisation by contributing to ongoing standardisation activities or by developing new standards offers a big opportunity for R&I projects such as IMPULSE. This post informs about the analysed standardisation landscape.

The European Commission supports actively, mainly since Horizon 2020, the integration of standardisation in their research projects to foster the dissemination and exploitation activities. This provides several advantages for the researchers, such as comply with regulations by applying standards or get an easy entry point to the standardisation systems and its network of more than 300,000 experts only in Europe (see e.g. https://www.standardsplusinnovation.eu/researchers).

If a standardisation body is integrated in such projects, in principle, the following five main activities are usually conducted (see Lindner et al., 2021):

  • Analysing existing standards and ongoing standardisation activities to support the development and implementation of project results with state-of-the-art information.
  • Analysing the standardisation potential of the projects’ results by assessing the projects’ results, the need of the end users and the already existing relevant standardisation activities to identify gaps in standardisation.
  • Defining a standardisation strategy for the project for deciding which potentials will be followed and, thus, for the collaboration with relevant standardisation committees to discuss the standardisation potentials chosen.
  • Initiating standardisation activities that could either lead to the development of new standards, such as CEN Workshop Agreements (CWA), or to provide input to existing standardisation activities to support the projects’ dissemination and exploitation efforts.
  • Disseminating the standardisation activities to a variety of stakeholders (e.g. to standardisation committees) to foster the uplift of the developed standards or identified standardisation potentials.

The IMPULSE project actively integrated standardisation as two separate tasks within its activities, which are led by DIN, the German Institute for Standardization. Initial outcomes of the first task on the analysis of the standardisation landscape relevant for IMPULSE are already available. The search for standards from the formal standardisation system (i.e. ISO, CEN) was conducted with the standards database Perinorm and by taking into account key words compiled by the project. Perinorm is a bibliographic database that comprises databases from 29 countries as well as data from European and international standardisation bodies with around 2.4 million records worldwide (Beuth, 2022). Informal standards (e.g. W3C) have also been collected during this activity.

Overview of standardisation committees

In principal, there a variety of standardisation committees that focus on identity management as well as blockchain or artificial intelligence. On international level, mainly ISO/IEC JTC1 “Information Technology” and ISO/TC 307 “Blockchain and distributed ledger technologies” have to be mentioned. On European level, the activities of ETSI (e.g. ETSI TC ESI “Electronic Signatures and Infrastructures”; ETSI ISG SAI “Industry Specification Group on Securing Artificial Intelligence”), CEN/TC 224 “Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment” and CEN-CENELEC/JTC 19 “Blockchain and distributed ledger technologies” can be highlighted. Furthermore, several countries have national activities of relevance. Herein, UNE “Spanish Association for Standardization” and CTN 071/SC 307 “Blockchain and distributed ledger technologies”. The later one and the European counterpart CEN-CENELEC/JTC 19 are maybe the most relevant standardisation committees for IMPULSE.

Overview of relevant standards

Initially, more than 550 formal standards and 102 informal standards were identified. After an assessment of the standards by the project team, this number was reduced by considering only ‘highly relevant’ standards that the project needs to take into account for e.g. the development of the IMPULSE solutions or ‘relevant’ standards that it may take into account during the project duration. In total, 390 formal and 87 informal ones were assessed as relevant for the IMPULSE project, with specifically 16 formal and 8 informal standards being highly relevant for this project.

Special attention needs to be paid to the standards series of UNE on Digital Enabling technologies. The first part of the standards series, UNE 71207-1 “Digital Enabling Technologies – Distributed Identities Management Model on Blockchain and other Distributed Ledger Technologies. Part 1: Reference Framework” has been published in 2020. The other parts are currently under development. As the UNE 71207 standards series is of high interest for IMPULSE, the project has set up a liaison with this committee to monitor the standardization activities and to provide input to the upcoming standards of this series where applicable.

Other documents of interest are standards on information security (i.e. ISO/IEC 27000 series) and information technology (i.e. ISO/IEC 29000 series). The results of this assessment were transferred into a dashboard to further analyse, for example, the origin, age or level of the standards identified or which countries are most active in standardization on this topic (see picture below).

Furthermore, as highly relevant informal standards can be listed some of W3C (i.e. Decentralized Identifiers (DIDs) v1.0; Verifiable Credentials Data Model 1.1; Verifiable Credentials JSON Schema Specification; Verifiable Credentials Use Cases). All identified standards will be further analysed and used within the project to support the development and implementation of the IMPULSE solution.