Standard

The standard establishes access control requirements for blockchain systems. The standard addresses the following access control attributes of the system, including but not limited to:a) Node permissions - the permissions of block generation, block synchronization, block verification and broadcasting, and sending transactions.b) Smart contract access permissions - interface access control, user access control, and hybrid access control.c) User permissions - registered user permissions and unregistered permissions. The concept of role is applied to differentiate the permissions of registered users, which means permissions vary according to the role of a user.d) Global permissions - user access to deploy smart contracts, and to read smart contracts.

This standard defines the types of occupations, competency requirements, and evaluation methods of blockchain and distributed ledger technology for service practitioners, including but not limited to competency elements, evaluated process, and employment grade. This standard applies to the ability evaluation and training of blockchain and distributed ledger technology service practitioners.

This standard defines a set of protocols that enable Blockchain networks to locate each other's trusted nodes through standardized names. The set of protocols define a naming scheme, an interface for name registration, and the data format that request and response messages use to resolve names.

The technical architecture and details of three cross-chain approaches is described in this standard, including Centralized/Multi-signature Notary-based cross-chain technology, HTLC-based cross chain technology and Relay Chain-based cross-chain technology.

Blockchain-based digital assets exist in a specific system in the form of digitization. Considering the diversity of blockchain systems and applications, as well as the diversity of digital assets in these systems and applications, digital assets based on blockchain systems have typical characteristics such as intangibility, encryption verification mechanism, use of distributed ledgers, decentralization, consensus algorithms, etc. For better classification and management, this standard provides a unified classification method for blockchain digital assets for reference. This standard proposes the principles and methods for the classification of blockchain-based digital assets. This standard follows the principles of scientificity, systematicness and scalability, and proposes an attribute-based classification method for blockchain digital assets, whose classification attributes include technical attributes, economic attributes and legal attributes.

This standard establishes a practical, technical baseline of specific methodologies and tools for the development, implementation, and use of effective fail-safe mechanisms in autonomous and semi-autonomous systems. The standard includes (but is not limited to): clear procedures for measuring, testing, and certifying a system's ability to fail safely on a scale from weak to strong, and instructions for improvement in the case of unsatisfactory performance. The standard serves as the basis for developers, as well as users and regulators, to design fail-safe mechanisms in a robust, transparent, and accountable manner.

This standard can be applied to internet-based business scenarios, and can also be served serve as a practical guide to achieve help assess business security risk control through the big data technology. This standard can be applied in other types of organization, including public or privately-owned or state-owned enterprises, associations, or organizations, or by individuals, to improve assessment of their protection capability against business security risks based on big data technology.

This document defines terms for identity management, and specifies core concepts of identity and identity management and their relationships. It is applicable to any information system that processes identity information.

ISO/IEC 24760-2:2015:- provides guidelines for the implementation of systems for the management of identity information, and- specifies requirements for the implementation and operation of a framework for identity management.ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.

ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:- specifies four levels of entity authentication assurance;- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;- provides guidance for mapping other authentication assurance schemes to the four LoAs;- provides guidance for exchanging the results of authentication that are based on the four LoAs; and- provides guidance concerning controls that should be used to mitigate authentication threats.

ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.This International Standard also provides explanations about related architecture, components and management functions.The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.

The ISO/IEC TS 29003:2018 standard:- gives guidelines for the identity proofing of a person;- specifies levels of identity proofing, and requirements to achieve these levels.ISO/IEC TS 29003:2018 is applicable to identity management systems.