Web 4.0 and virtual worlds

ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.This International Standard also provides explanations about related architecture, components and management functions.The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.

ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:- specifies four levels of entity authentication assurance;- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;- provides guidance for mapping other authentication assurance schemes to the four LoAs;- provides guidance for exchanging the results of authentication that are based on the four LoAs; and- provides guidance concerning controls that should be used to mitigate authentication threats.

ISO/IEC 24760-2:2015:- provides guidelines for the implementation of systems for the management of identity information, and- specifies requirements for the implementation and operation of a framework for identity management.ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.

This document defines terms for identity management, and specifies core concepts of identity and identity management and their relationships. It is applicable to any information system that processes identity information.

This standard can be applied to internet-based business scenarios, and can also be served serve as a practical guide to achieve help assess business security risk control through the big data technology. This standard can be applied in other types of organization, including public or privately-owned or state-owned enterprises, associations, or organizations, or by individuals, to improve assessment of their protection capability against business security risks based on big data technology.

This document provides information based on a study of the characteristics of head-mounted displays (HMDs) regarding the ergonomics of human-system interaction. Although this document covers the broad range of ergonomics issues that arise, it specifically provides more-detailed information about the visual aspects of the interaction, and it provides information that could form the basis for future possible standards related to HMDs. NOTE: It is preferable to take systematic approach to consider characteristics of HMD, since HMD affects a viewer not only by visual aspects, but also by some other physical aspects.

Blockchain-based digital assets exist in a specific system in the form of digitization. Considering the diversity of blockchain systems and applications, as well as the diversity of digital assets in these systems and applications, digital assets based on blockchain systems have typical characteristics such as intangibility, encryption verification mechanism, use of distributed ledgers, decentralization, consensus algorithms, etc. For better classification and management, this standard provides a unified classification method for blockchain digital assets for reference. This standard proposes the principles and methods for the classification of blockchain-based digital assets. This standard follows the principles of scientificity, systematicness and scalability, and proposes an attribute-based classification method for blockchain digital assets, whose classification attributes include technical attributes, economic attributes and legal attributes.

The technical architecture and details of three cross-chain approaches is described in this standard, including Centralized/Multi-signature Notary-based cross-chain technology, HTLC-based cross chain technology and Relay Chain-based cross-chain technology.

This standard defines a set of protocols that enable Blockchain networks to locate each other's trusted nodes through standardized names. The set of protocols define a naming scheme, an interface for name registration, and the data format that request and response messages use to resolve names.

This standard defines the types of occupations, competency requirements, and evaluation methods of blockchain and distributed ledger technology for service practitioners, including but not limited to competency elements, evaluated process, and employment grade. This standard applies to the ability evaluation and training of blockchain and distributed ledger technology service practitioners.

The standard establishes access control requirements for blockchain systems. The standard addresses the following access control attributes of the system, including but not limited to:a) Node permissions - the permissions of block generation, block synchronization, block verification and broadcasting, and sending transactions.b) Smart contract access permissions - interface access control, user access control, and hybrid access control.c) User permissions - registered user permissions and unregistered permissions. The concept of role is applied to differentiate the permissions of registered users, which means permissions vary according to the role of a user.d) Global permissions - user access to deploy smart contracts, and to read smart contracts.

This standard defines a decentralized identity and access management (IAM) framework for the Internet of Things (IoT) based on the emerging concepts such as decentralized identifiers (DIDs) and verifiable credentials (VCs). The framework addresses the integration of DIDs and VCs into the lifecycle of IoT devices as well as the decentralized IoT security services such as device authentication, data authorization and access control.