Implementation and Management Approach
ABC4Trust consists of 12 well-known partners from 5 EU Member States and Switzerland. All partners of the Consortium are well recognized players in their competence area.
In ABC4Trust the following two pilot trials are conducted:
- Protecting the privacy of children in a school environment in Sweden will involve pseudonymous community access and social networking for pupils. This trial deals with online communication and exchange of sensitive personal concerns and advice between pupils and school personnel. Pupils will be able to seek advice from medical or pedagogical staff and other coaches inter alia on intimate questions related to their physical, psychological, social, financial, or other situation without necessarily revealing their true identity. They will also be enabled to communicate in restricted areas where access can be granted e.g. only to students of a certain age range and sex. This part of the trial benefits from the advantages of the ABC technology by allowing anonymous proofs of attribute values.
- Course evaluation within universities will be the second trial of the project. It comprises the provision of credentials to the students of a Greek university that certifies a number of facts to the students (e.g. year of study, major, percentage of attendance of a course, etc.). Eligible Students will be able to anonymously provide feedback on courses and teachers they had during a semester by using proper credentials.
By taking into account the collection of criteria and the implementation of necessary infrastructure (identity service provider, infrastructure to issue credentials, attribute databases, etc.), the evaluation of these pilots will provide a clear proof of concept of both the unified attribute-based credentials approach as well as the reference architecture, providing at the same time feedback for enhancements.
ABC4Trust aims at making Attribute-based Credentials interoperable by providing a unified architecture to deploy existing cryptographic solutions. The ABC4Trust architecture will be built into a reference implementation and tested within two pilot trials. ABC4Trust builds on the two available products in the field of Privacy ABCs: IBM's Identity Mixer and Microsoft's U-Prove. As these solutions are supported by two of the leading ICT companies, they are among the best candidates to provide input to standardization in this domain.
A contribution of this project to the state of the art will be the definition of such a common unified architecture for federating and interchanging different ABC systems in a way that:
- users will be able to obtain credentials for different Privacy ABC technologies and use them indifferently on the same hardware and software platforms,
- service providers will be able to adopt whatever Privacy ABC technology best suits their needs, and
- identity service providers will be able to accept credentials under one Privacy ABC technology and issue corresponding ones under another ABC technology, again using the same hardware and software platforms.
ABC4Trust considers standardization to be a strong outreach activity, which has thus gained considerable attention from the project. The report "D8.4 Architecture for Standardisation V1" published by the project outlines the landscape of the relevant standardization bodies and projects, and takes first steps into looking into the viability of having an impact on the most relevant ones. In this regard, ABC4Trust has identified two groups of high relevance within ISO/IEC JTC 1/SC 27, namely Working Groups (WG) 2 and 5.
Taking from the results of the work done on the definition of the first version of the ABC4Trust architecture, the report addresses concrete proposals to three specific projects underway within WG 5, namely ISO/IEC 24760-2, ISO/IEC 29101 and ISO/IEC 29191.
"ISO/IEC 24760-2: Information technology - Security techniques - A framework for identity management - Part 2: Reference architecture and requirements "focuses on the description of the lifecycle model of identity information, providing guidelines for the implementation of systems for the management of identity information, and specifying requirements for the implementation and operation of a framework for identity management. The report suggests a number of improvements to the current working draft of ISO/IEC 24760-2. Additionally, ABC4Trust also presents a mapping of some of the terms used in the two (ABC4Trust and ISO/IEC 24760-2) architectures.
The report also presents the ABC4Trust Architecture in the spirit of the "ISO/IEC 29101: Information Technology - Security Techniques - Privacy Architecture Framework". The presented comparison takes the current version of the ABC4Trust architecture, adapting it to the structure and terminology of ISO/IEC 29101. This comparison outlines how the ABC4Trust architecture already implements many of the privacy-enhancing features by design, reducing the additional implementation burden for an application that uses this architecture to also comply with ISO/IEC 29101. In addition, the comparison presented here can also be used as an annex to the upcoming version of the ISO/IEC 29101.