ISO/IEC 27551
ISO/IEC 27551:2021 — Information security, cybersecurity and privacy protection — Requirements for attribute-based unlinkable entity authentication
(first edition)
Abstract
ISO/IEC 27551 "provides a framework and establishes requirements for attribute-based unlinkable entity authentication (ABUEA).”
[Source: ISO/IEC 27551:2021]
Introduction
Attribute-Based Unlinkable Entity Authentication is a mechanism for authenticating unfamiliar parties through the services of a mutually-trusted third party, whilst maintaining privacy of the authenticated.
‘Unlinkable’ refers to the need to be able to handle and process personal information anonymously, in a way that precludes being able to identify the original data subjects from the information being communicated and processed.
Scope
The standard describes a framework and requirements for ABUEA - a way of avoiding the privacy leakage that can occur when (for instance) we use Internet sites, providing different information to each one or on each occasion, giving the possibility of linking our disparate disclosures back to us, specifically.
Structure
Main sections:
5: General objectives of attribute-based entity authentication
6: Properties of attribute-based entity authentication protocols
7: Unlinkability properties of attribute-based entity authentication protocols
8: Attributes
9: Requirements for level N attribute-based unlinkable entity authentication
Annex A: Formal definitions for security and unlinkability notions
Annex B: Examples of attribute-based entity authentication protocols
Annex C: ABUEA with OpenID & FIDO
Annex D: Use cases for attribute-based unlinkable entity authentication
Status
The current first edition was published in 2021.
Commentary
It would be a challenge to rewrite this standard in accordance with ISO’s version of plain English, given such a deep dive into the technology.