Standardization Transparency

An Out of Body Experience
  • Phillip H. Griffin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8893)

Abstract

This paper examines the issue of transparency in standards setting organization processes used to select security techniques for standardization. Analysis of data collected from interviews, electronic mail, and other documentation is presented as a narrative in two case studies. A Kaleidoscope conference case study illustrates the positive impacts of open participation on improving transparency through the reduction of bias in the selection process. These impacts include more timely inputs from researchers on emerging technology issues, and greater diversity in the sources of creative new ideas and solutions considered for standardization. Restrictions imposed on the selection process by government control of national body activities are described through a second case study of practice in the United States. Finally, recommendations are proposed on actions standards setting organizations can take to broaden participation in the selection of techniques for standardization and to strengthen communications between standards developers and the research community.

Keywords

openness security standardization transparency 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    SSR 2014: Security Standardisation Research, http://www.ssr2014.com/
  2. 2.
    International Telecommunication Union, http://www.itu.int
  3. 3.
    Werle, R., Iversen, E.: Promoting legitimacy in technical standardization. Science, Technology & Innovation Studies 2 (2006)Google Scholar
  4. 4.
    Sherif, M.H., Seo, D.: Government role in information and communications technology innovations. In: Innovations for Digital Inclusions. ITU-T Kaleidoscope, pp. 1–5. IEEE (2009)Google Scholar
  5. 5.
    Regulation of the European Parliament and Council, (EU) No 1025/2012, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32012R1025
  6. 6.
    Graham, I.: Reflexive Standardization of Network Technology. In: Proceedings of the ITU Kaleidoscope Academic Conference, pp. 83–88 (2011)Google Scholar
  7. 7.
    Murata, Y., Hasegawa, M., Murakami, H., Harada, H., Kato, S.: The architecture and a business model for the open heterogeneous mobile network. In: Proceedings of the 2008 ITU Kaleidoscope Academic Conference: Innovations in NGN, pp. 143–150 (2008), http://www.itu.int/pub/T-PROC-KALEI-2008/en
  8. 8.
    Ibarrola, E., Xiao, J., Liberal, F., Ferro, A.: Quality of Service management for ISP: A model and implementation methodology based on ITU-T Rec. E.802 framework. In: Proceedings of the 2009 ITU Kaleidoscope Academic Conference: Innovations for Digital Inclusion, pp. 35–42 (2009), http://www.itu.int/pub/T-PROC-KALEI-2009
  9. 9.
    Griffin, P.: Telebiometric Security and Safety Management. In: Proceeding of the 2013 ITU Kaleidoscope Academic Conference: Building Sustainable Communities, pp. 127–134 (2013), http://www.itu.int/pub/T-PROC-KALEI-2013
  10. 10.
    Griffin, P.: Telebiometric Security and Safety Management. IEEE Communications Magazine 52(1), 186–192 (2014)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Jakobs, K.: ICT Standardisation in China, the EU, and the US. In: Innovations for Digital Inclusions, K-IDI 2009. ITU-T Kaleidoscope, pp. 1–6. IEEE (2009)Google Scholar
  12. 12.
    INCITS Proposal to create new security technical committee CS1, in050057 (2005), http://csrc.nist.gov/groups/SNS/rbac/documents/in050057.pdf
  13. 13.
    National Institute of Standards and Technology - Computer Security Resource Center, http://csrc.nist.gov/groups/SNS/rbac/faq.html#timeline
  14. 14.
    Li, N., Byun, J., Bertino, E.: A Critique of the ANSI Standard on Role Based Access Control. IEEE Security & Privacy 5(6), 41–49 (2007)CrossRefGoogle Scholar
  15. 15.
    Hoel, T.: Paradoxes in LET standardisation–towards an improved process. In: Proceedings of the 21st International Conference on Computers in Education. Asia-Pacific Society for Computers in Education, Indonesia (2013)Google Scholar
  16. 16.
    Backhouse, J., Hsu, C., Silva, L.: Circuits of power in creating de jure standards: shaping an international information systems security standard. MIS Quarterly 30, 413–438 (2006)Google Scholar
  17. 17.
    National Institute of Standards and Technology SP 800-49 Federal S/MIME V3 Client Profile, http://csrc.nist.gov/publications/nistpubs/
  18. 18.
    ITU-T Recommendation X.208, https://www.itu.int/rec/T-REC-X.208/en

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Phillip H. Griffin
    • 1
  1. 1.Griffin Information Security ConsultingRaleighUSA

Personalised recommendations