[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Identity in the Cloud Gaps and EU standards
Dear all, I read the Identity in the Cloud Gap Analysis with interest. What to me is missing in the list of standards are relevant EU/EEA standards that are gaining importance with existing and upcoming regulation. This as in particular public authorities might file those as a requirement. These are: [1] XAdES for signature part (tier 2 standard) ETSI TS 101 903 [2] STORK specifications (tier 3) D5.8.3b Interface Specification, 2010 [3] STORK 2.0 (tier 4) on representation/delegation On [1] XAdES is profiling XMLDSIG that has been mentioned. It is inter alia relevant under the EU Services Directive. In particular in the "Format Decision" 2011/130/EU which e.g. also gets used in the revision of the eProcurement Directive and might get a role related to the upcoming eID and Trust Services Regulation. So if a EU/EEA public authority deploys related services to the Cloud, it is a requirement. This is relevant for Use Case 13; to some extent to Use Case 9. Similarly on [2], STORK is using and extending SAML 2.0. It is used by the 18 piloting Member States and will as well have a role related to the upcoming eID and Trust Services Regulation. I.e. it is will also be a requirement on the EU/EEA federation related to it . It is relevant to Use Cases 12, 16, and 21. To some extent to UC 6. Finally, as UC 26 addresses "on behalf" authentication: That is exactly what STORK 2.0 [3] is working on as federating mandates and representation between the participating states. Though it is work in progress. Kind regards, Herbert Herbert Leitold A-SIT, Secure Information Technology Center - Austria Inffeldgasse 16a, A-8010 Graz, Austria Tel.: +43 316 873-5521 Fax: +43 316 873-105521 Herbert.Leitold@a-sit.at
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]