Recommendation ITU-T Y.3514 specifies a framework of trusted inter-cloud computing and relevant use cases. It provides general requirements for trusted inter-cloud and specific ones related to governance, management, resiliency, security and confidentiality of trusted inter-cloud.
Trust, as defined in ETSI GR NFV-SEC 003, is an important component of security. One weakness of software as opposed to hardware, is that software can be copied in whole or in part. Trust that is rooted in software may be less reliable than trust rooted in hardware, quickly, easily, and any number of times. For the particular case of sensitive workloads that have to be trusted, only the highest assurance in the root of trust is considered acceptable, thus for the purposes of the present document the root of trust shall be provided in hardware.
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. In the initial phase of TC work, three specifications will be transitioned from the US Department of Homeland Security (DHS) for development and standardization under the OASIS open standards process: STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable Expression).
This part of ISO/IEC 9798 specifies entity authentication mechanisms using symmetric encipherment algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require a trusted third party for the establishment of a common secret key, and realize mutual or unilateral entity authentication.
TC CYBER is recognized as a major trusted centre of expertise offering market-driven cyber security standardization solutions, advice and guidance to users, manufacturers, network, infrastructure and service operators and regulators. ETSI TC CYBER works closely with stakeholders to develop standards that increase privacy and security for organizations and citizens across Europe and worldwide. We provide standards that are applicable across different domains, for the security of infrastructures, devices, services, protocols, and to create security tools and techniques.
A biometric lifeless attack is one of the indispensable issues within biometric authentication. There are three major components in liveness detection systems: lifeless attack presentation, liveness detection, and lifeless attack instruments. The lifeless attack presentation is divided into artifact presentation and human-based presentation. The liveness detection method includes subject-based and scenario-based solutions, as well as other attributes such as decision elements, detection patterns, and implementations. The lifeless attack instrument is specified from aspects such as production elements, production types of artifacts, efficacy, etc. This document establishes terms and definitions in the field of biometric liveness detection and identifies characterizations of lifeless attack and liveness detection methods, with analysis on lifeless attack instruments. In addition, this document specifies the liveness detection process, implementation model, and metrics.
SAML is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A single assertion might contain several different internal statements about authentication, authorization and attributes. This Recommendation defines a protocol by which clients can request assertions from SAML authorities and get a response from them. This protocol, consisting of XML-based request and response message formats, can be bound to many different underlying communications and transport protocols; SAML currently defines one binding to SOAP over HTTP. In creating their responses, SAML authorities can use various sources of information, such as external policy stores and assertions that were received as input in requests. This Recommendation defines SAML assertions elements, subjects, conditions, processing rules and statements. Additionally, it develops a comprehensive SAML metadata profile that includes associated namespace, common data types, processing rules and signature processing. Several protocol bindings such as SOAP, PAOS (reverse SOAP), HTTP redirect, HTTP POST, among others, are also developed. This Recommendation provides a comprehensive list of SAML profiles such as web browser SSO profile and single logout profile to enable the wide adoption of SAML 2.0 in the industry. Guidelines for authentication context and conformance are also provided.This Recommendation is technically equivalent and compatible with the OASIS SAML 2.0 standard.
