1、INTERNATIONA1.STANDARDISO/IEC27551editionFirSt202109Informationsecurity,cybersecurityandprivacyprotection一Requirementsforattribute-basedun1.inkab1.eentityauthenticationSecuritydeVinformation,CybersecuriteetprotectiondeIavieprivee-Exigencesre1.ativesaauthentificationdesenti1.esnonrattachab1.espardesa
2、ttributsReferencenumberISO/IEC275S1:2O21(E)COPYRIGHTPROTECTEDDOCUMENTISO/1EC2021M11cheivdi1.itedotherwiseS1.Rnrirftuw!rryH可11cho。城et1.u1.IOHai(Xt)Iinra”;ItmI1.GPhrt1.丽IrfVIXxxPxin%PRWIH(InPOStingontheinternetoranInunnu1.withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOatt1.addressb
3、e1.oworISO*smemberhodyinthecountryoftherrcucstcr.Vftft0ifBhndonnct8CH124rernier,GeneviiPhone:-41227490111朋袖tc:相湖糊幽so.orgPub1.ishedinSwitzer1.andContentsForeword7.3Specificdefinitions7.3.4 AP-UUnhnkabi1.ity77.3.8 RP+RP-Uun1.inkabi1.ity88.1.2 Se1.f-c1.aimedattributes.108.1.6Computedattributes.一一“11Ann
4、exB(informative)Examp1.esofattribute-basedentityauthenticationprotoco1.s1934Bib1.iographyiiiIntroductionvScope1Normativereferences1Termsanddefinitions1SymbO1.Sandabbreviatedterms2Genera1.objectivesofattribute-basedentityauthentication2Propertiesofattributebasedentityauthenticationprotoco1.s46.1 Corr
5、ectness46.2 Unforgeabi1.ity4Genera1.7.17.2Un1.iiikabi1.itypropertiesofattribute-basedentityauthenticationprotoco1.sGenericdefinitionofun1.inkabi1.ity7.3.1 Genera1.O1.un1.inkabi1.ity7.3.2 Passiveoutsiderun1.inkabi1.ity(anti-tiackingfrompassiveoutsiders)77.3.3 Activeoutsiderun1.inkabi1.ity(anti-tracki
6、ngfromactiveoutsiders)77.3.5 RP-U(*,anonymousvisits*toanRP)7.3.6 RPAP-Uun1.inkabi1.ity(anti-RP-AP-co1.1.usion)87.3.7 AP-RPun1.inkabi1.ity(antitackingofRPfromAP)87.3.9 AP-RP+U(anti-trackingofUfromasetofco1.1.udingRPS)7.4Re1.ationshipsbetweennotionsofun1.inkabi1.ity97.5Un1.inkabi1.ity1.eve1.sforattrib
7、ute-basedentityauthentication9ttr1.bUteS108.1Categoriesofattributes108.1.1 Persona1.attributes108.1.3 Verified8.1.4 Staticattributes118.1.5 Semi-Staticattributes118.1.7 Dynamic8.1.8 IdentifyingOttributcs118.1.9 Supportingattributes11Requirementsfor1.eve1.Nattribute-basedun1.inkab1.eentityauthenticat
8、ion11Annex(informative)Forma1.definitionsforsecurityandun1.inkabi1.itynotions13Annex C (informative)26Annex D (informative)Usecasesforattribute-basedun1.inkab1.eentityauthentication33ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(inrt)C55jo6)Sr
9、nIHGspartHipidtsye耐IciAwHophAwM1.etHtdndandgionStNndzwdriBudiughtechniMbcommitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsOfmutua1.interestOtherinternationa1.ornizations,governmenta1.andnon-governmenta1.rin1.iaiso
10、nwithISOandIEC,a1.sotakepartintheTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenancearc咽确fetfM8节CS1.gdH照m班的战fA屈.pMh星M皿Z三4rQ帆丽叫H融矩&kd段edkWH1.n1.esWthCISO/IECDirectives.Part2(seewww.iso.org/dircc1.ivesorwww.icc.ch/niembcrs,expertsrefdocs).JfiffiUFrigWiwn1.g喻愁S融Umtwf!三bk由H三朔
11、0VhyMaf1.11Wubjectrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentof4h4HHiHUwiU4eintheIntroductionand/orontheISO1.istofpatentdec1.arationsreceived(seewww.iso.org/patents)ortheIEC1.istofpatentdec1.arationsreceived(seepatents.iec.ch).Anytradenameusedinthisdocumentisinformationgivenforth
12、econvenienceofusersanddoesnotconstituteanendorsement.B即邮SiOnSeXmHnttrtbM岫CMtbwMty第榄碗e11,ofa用HhdardSJhftW2t11Ntfout1.S0tttUmmiwdWw1.4-4t4Ot*ization(WTO)pip1.esthdwB*ies4oTrade(TBT)seewww.iso.org/isoforcword.htm!.IntheIECrseewww.icc.chundcrstandings1.andards.j族。例M腺里SC编妞肿群梆隰CUrj夕或M1.wfm阳(SOI&肪小econ./br
13、maontechno1.ogy,Anyfeedbackorquestionsonthisdocumentshou1.dbedirectedtotheusersnationa1.standardsbody.A1.ftes1.iVtingofthesebodiescanbefoundatvwisfMFgHeHbeF54HH1.andvwwi4ee4fwH4eni)IntroductionprocessingstatePU.Theartsecondprincip1.esitesco1.1.ectionIimitation.necessaryrecommendation,theHowever,poss
14、ib1.ethecasevisitsotherinformationprincipa1.thedifferenersistentidentifiertwosupp1.ied.typeadhereentityidentifierthatdoesco1.1.ectionIimitation1IinktwoornoreabovecaseShou1.dprincipa1.Thisothertypesofun1.inkabi1.itycana1.sobeconsideredanddesiredinapp1.ications.imp1.ementationsfocsBUEonUn1.inkabiIityT
15、hisdocumentmeasurescasesStrength1.eastattributeTherequirementsdeve1.opedbythisdocumentapp1.ybetai1.oredapp1.icationapp1.iedcomnunicationprivacyprincip1.es.takcnva1.idconsiderationtoensureprivacyandPropertiescharacteristicsapp1.icationcommunication1.ayers./IEC2021-A1.1.nghtsreservedISO/IEC29100setsfo
16、rthe1.evenprivacyprincip1.eswhichapp1.ytoa1.1.actorsthatcanheinvo1.vedinthecurrentofoftheisthatinternetthemorethanDespiteIhisinformationduringthePIIPrinCipa1.saccesstotheservice.Forexamp1.e,ifthesiteon1.yrequiresverificationthattheP1.1.principa1.isoveracertainage,on1.ythatinfo11nationshou1.dbenecess
17、aryfortheconsumptionoftheservice.makingititoftento1.inkthatfromthesamePi1.suchastousersorto1.inkisormorevisitsfromthesameP1.1.principa1.tothesamesite.Tooftotheprincip1.eofthea1.1.owthesitethesiteinthevisitsbytheP11insteaduseameansthat,whentwotransactionsareperformed,itisdifficu1.ttodistinguishwhethe
18、rthetransactionswereperformedbythesameuserorbytwodifferentusers.ThisisonetypeOfun1.inkabi1.ity.Severa1.Attribute-basedun1.inkab1.eentityauthentication(AB1.JEA)providesameansforP1.1.principa1.stoestab1.ishtheauthenticityofase1.ectedsubsetoftheiridentityattributeswithoutrevea1.inga1.argersubset.Specia
19、1.isputisintroduced,andametricthatfocusesonthewhereatofIhiSOI1.eProPe囚inisattestedbyathirdparty.Thisdocumenta1.soidentifiessecuritypropertiestobemettoachievevariousprotectionsaswe1.1.asun1.inkab1.eproperties.methodo1.ogyidentifiedinmayattheandother1.ayer.Howeverofthe1.owersomepropertiesmetattheapp1.
20、ication1.ayerprotoco1.canberuinedbya1.ower1.ayerprotoco1.,suchasthenetrork1.ayer,whichmeansthatthe1.ower1.ayers*privacyandsecuritypropertiesshou1.da1.sobesti1.1.intowhenconsideringthethatthesecuritymetInformationsecurity,cybersecurityandprivacyprotectionRequirementsforattribute-basedun1.inkab1.eenti
21、tyauthentication1ScopeThisdocumentprovidesaframeworkandestab1.ishesrequirementsforattribute-basedun1.inkab1.e2NoEI1.uIMfr企atio(曲曲妙ICeS3Ws!睡砥峥解暗破hisr(fient.如依庭dMrC也设例1瓶网怕Cediobnan函1.聃依副Cntundatedreferences,the1.atesteditionofthereferenceddocument(inc1.udinganyamendments)app1.ies.is(IECncepts24760-1.,
22、ITSecurityandPrivacyframeworkforidentitymanagementPart1:Termino1.ogyISO/IEC29100.Informationtechno1.ogySecuritytechniquesPrivacyframework3TermsanddefinitionsForthepurposesofthisdocument,thetennsanddefinitionsgiveninISO/IEC29100,1SO1EC24760-1.tandthefo1.1.owingapp1.y.ISOandIECmaintaintermino1.ogydata
23、basesforuseinstandardizationatthefo1.1.owingaddresses:ISOOn1.inebrowsingp1.atform:avai1.ab1.eath&tp9/WW*rFgbpj-jIECE1.ectropedia:avai1.ab1.eathttps:/www.e1.cctropedia.org/anonymitysetidentitiesthatsharescertaincharacteristicsattributeproviderauthoritytrustedbyoneormoreusersandoneormorere1.yingpartie
24、stoissueorverifyattributes下Ftedtoanentitysignificant1.yvanishingfasterthananyinversepo1.ynomia1.inthesecurityparameteruser-agentsoftrareand/orhardwareusedbytheP1.1.Principa1.tointeractwiththesystem4Symbo1.sandabbreviatedtermsAadversaryAOactiveoutsiderAPattributeproviderOIDCP1.1.OpenIDConnectpersona1
25、1.yidentifiab1.einformationPORPpassiveoutsiderre1.yingpartySIOPUse1.f-issuedOpenIDprovideruser-agentH1.Genera血嬲黜%髀OfattribUte-basedentityauthenticationtity.estab1.ishaformoftrustbetweentwounfami1.iarThisc1.ausedefinesthenotionofattribute-municationthreeparties4ode1.invo1.vingthreeentityro1.esU.R2an
26、dAPasdepictedinFgre1.33authenticationphaseOptiona1.Figure1Phasesofattribute-basedentityauthenticationRPtrustsAPinthesensethatRPisconvincedofthecorrectnessofstatementsexpressedbyAP.RPand口自VeRRWgagedaSCertatHM诲怅(Iine,toasthesetupphase,whichAP1.Iprincipa1.,referredtoasauserhereafter,usesasoftwareca1.1.
27、eduser-agentorUtocommunicate制MKBnBAyrut创州H胸科亚B浊性的4女怔褥SEWreP祸棘他MSgw那跟nE妙RS9由的dAPAPva1.idatestheuser*sattributesand1.inksthemtoU,sattibutes.Duringthisprocess,Ucanbegivendatamateria1.toenab1.e1.aterattribute-basedentityauthenticationtowardsRP.2Thereanother.pre1.iminaryprocedurebetweenUandRP,meaningthat
28、UandRPareaprioristrangersamongconvincedthatstatementconductedsuccessfu1.1.ythroughout,correctresu1.tsnotaStatepuqiosewhereauthenticationorphaseistheprotoco1.stagewhereUandRPinteract,whichcaninvo1.vethecommunicationsbetweenSta1.CnWn凶par1.ies.Itinc1.udesOndescnptionwc1.1.thcauthenticationphase,andbeyo
29、ndtheAttributebasedmode1.authenticationinvo1.vingadditiona1.Specific-Purposecommunicationonnode1.siimitingextendAttributesaredefinedinISO1EC24760-1.Asproperties,theycanhave:1.istofmixedstringsandintegers,andsoforth);ava1.uese1.ectedwithintherangeofadmissib1.eva1.uesfortheconsideredtype.nameandusua1.
30、1.yencodeddescribingadditiona)attributes.Therefore,itisenoughtore1.yonthenotionsoftype,returningoperatorsboo1.eanva1.ue.ItANDdefinedpossibIymorepredicatecombiningbasicre1.ationa1.expressionsusingequa1.ityofanattributeva1.uetoaparticu1.arva1.ue;inequa1.ityattributeattributesupportOrderingparticu1.ars
31、etva1.ueadmissib1.egreaterthan),ThisrequiresOSISextensib1.eAccesshard-coded1.anguageattribute-basedentityauthenticationprotoco1.app1.ications,restrictedpo1.icies,where:thenatureorthenumberof1.ogicoperatorsis1.imited;orb) unforgeabi1.ity:identica1.toProtoco1.1;c) PO-Uun1.inkabi1.ity:sincethecontentso
32、fproofarenowencryptedandon1.yRPpossessesthedecryptionkeydp,noinformationcanbeinferredonUthroughpassiveobservation.MftEshry1.scanbevf11mm1.p8bftttydneg1.iHijfi1.tieencryptinpHM由双Ntssin金酰M&be黜ekn根%d新冷区9刖m1期班即曲前WhiChR掇幽腓Uha1.idsignatureontheadversaryspub1.ickey.Thisisinfeasib1.eassumingthatthesignature
33、schemeissecure.fiftPryHiscan*jeWWHR8Wkdne1.ihi1.V8treha1.f.schemeisexistentia1.1.yunforgeab1.e,thentheAO-UHowever,Protoco1.2isnotRP-Uun1.inkab1.esinceUrevea1.sitspub1.icverificationkeyVk1.1.toRPduringtheauthenticationphase.Protoco1.2isnotAP-Uun1.inkab1.ceither:1.ookinga1.theAP-Ugame,oneseesthatitise
34、asyfortheAP-Uadversary(whichcontro1.sAP)toactive1.yrep1.acethepair(pofAPtoverifythatSAPisava1.idsignatureonek,p.3) Ugeneratesanasymmetrickeypair(Sk1.,VkU)foradigita1.signaturemechanism.4) Usendsitspub1.icverificationkeyvkutoAP.5) UandPjoint1.yagreeonasetofattributesu=11thatwi1.1.beattachedtoU.包副!耻ft
35、ftfHdftPha般ItabaSe.1) UsendsanauthenticationrequesttoRP.2) RPsendsanattributepo1.icyPtoUaswe1.1.asarandomnumberr,3) U:a) UsesitssigningkeyskutogenerateasignareSOn(P,r).b) EnCryPtS(P,r,s,vu)undertheencyptionkeyefcpOfAPtoobtainaciphertextc.c) SendsctoAP.4) AP:a) UsesitsdecryptionkeydkPtodecryptcandpar
36、sestheresu1.tingp1.aintextas(P,r,s,Wcu),b) SearchesforarecordWku,Au)initsdatabase.c) UsesvktoverifythatS1.Sava1.idsignatureofUon(P.r).d) AssertsthatP(u)=true.e) Usesitssigningkeysk?togenerateasignaturesigon(P,r).f) SendssigtoU.Ifanyoftheabovestepsfai1.sforanyreason,thenAPaborts.5) UforwardssigtoRP.如
37、ISO1EC27551:2021(E)AnnexC(informative)C.1.Genera1.Thisannexdescribesthefo1.1.owingimp1.ementationsofABUEA:1) OpenIDConnect:2) FIDO.C.2Imp1.ementingBUEwithOpenIDConnectse1.f-issuedOPC.2.1Genera1.OpenIDConnect,apopu1.aridentityfederationprotoco1.,canbeusedtoprovideanexamp1.eofanattribute-basedauthenti
38、cationprotoco1.thatachievesRP-Uun1.inkabi1.ity.Theprotoco1.be1.ongstoc1.assU1.3+.Therearemu1.tip1.ewaysofusingOpen1.DConnecttoachieveABUEA.ThisSUbdaUsCusesase1.f-issuedi5!A心I画皿力生网总血91畸网?制比Con碘窕&丽RAV催simp1.estexamp1.eandtherecanbeotherWayStoimp1.ementABUEA.Inthismode1.,thefo1.1.owingactorsarepresent:
39、 se1.f-issuedOpenIDprovider(SIOP)actingasUinABUEA; c1.aimsprovideractingasAPinABUEA; c1.ientactingasRPinBUEA;91Psrt4ftfcft1.user,smachine.Itisassumedthatuser-agentisnotidentifiab1.eviauser-agentmetadataItisa1.soassumedthattheRPtruststheAP.Theexactmechanismfortheestab1.ishmentofthetrustis如81)融通?Ry伍期N
40、ASA%en1.butcaninvo1.vetrustframeworkoperatorthatprovidesassuranceonTheprotoco1.featurespre1.iminaryphases(asetupphaseandauserregistrationphase)thatarecarried.2beforeCBf噪/enticationphaseitse1.f.1) APgeneratesanasymmetrickeypair(sAp,而P)foradigita1.signaturemechanism.2) APgeneratesanasymmetrickeypair(e
41、AP,dkAv)foranencryptionmechanism.)2.3RP881.ainybbiBfeSrificationkeyVkAPofAP.1) APsendsitspub1.ickeys(UkAp,ecp)toUaswe1.1.asasignaturesaponekAVunder5ap.2) Uusestheverificationkeyv/capofPtoverifythatSAPisava1.idsignatureonefcP.4) Usendsitspub1.icverificationkeyvtoAP.C.2.4APAuthenticationdatabase.1) UG
42、eneratesanasymmetrickeypair(SkU比vkuR)towardstheRPforadigita1.signaturemechanism.3) numberr(Whichattributeca1.1.edpo1.icyP(whichisinvokinguser-agentthrough*openid:customscheme.a)Usesitssigningkeyskt)togenerateasignatureson(P,r).authenticatestheAPthroughtheservercertificate.)5) AP:b) Searchesforarecord(vfcu,Au)initsdatabase.d) Derivespo1.icyPafromPthattheAPbe1.ievestobeequiva1.enttoPandassertsthatPa(Au)=e) SendsSigtoU.Ifanyoftheabovestepsfai1.sforanyreason,thenAPaborts.f) UsesitssigningkeyS1.aJKtogenerateasignatureSigUonsig.7) RP:g) UsestheverificationkeyvapofA
