- Email: [email protected]
IEC secretariat on IT security
Computer
Standards
& Interfaces
ine years of an ISO/IEC Annette
17 (19%)
13Y-143
Secretariat on IT set Calkin *
Abstract This article outlines ISO/IFC JTCI/SC27 tics and work involved. .%~~or~.d~: Dircctivcs;
the organisation rind function of the Sccrctnriat of an international ‘IT Security Tcchniqucs’, and prcscnts some impressions by its Sccrctary It cc~ncludcs with a few personal cxpcricnccs expressed in a dclibcratcly
International Rcsponsibilitics;
st;~ndardizati~~n: Security
National
body:
When 1 was first introduced not Fully aware that “IS0
to standards work (the International nisation for Stnndardization) and 1EC (the Intcrnation:ti Elcctrotechnical Commission) form the special&d system for worldwide standardization” 111. Neither did I know that they had their brad
oUices
within
the
I
also
in same learned
Geneva
-
and,
as
it
happens,
is
open
building! that
membership
to
National Bodies (NB), i.e. the various national ~t~~d~rd§ associations or institutes (one per country which agree to participate in the dcvclopmcnt OF international standards. In order to rich&e maximum efficiency within committee work, NBS. on joining a committee, register their status of activity as either P (participating) member - whereby they have an obligation to vote
a Email:
anncttcxnlkin6
gmd.dc
Mcmhcr
status;
Sub-committee:
standards c~~~l~jt,~~~ of her rcsponsihiiisubjcctivc way. Sccrctariat;
Sccrctary;
anti to contribute to the work - or w 0 (ohsewing) mcmbcr; here they have an option to monitor the work and contribute when possible. I was told that when ;I decision is taken to establish n new standards committee, which can be either a Technical Commit&e (‘I’C) or IL SubCommittee (SC), the major responsibility for operating the committee is accepted by one of the P nationai bodies. The term ‘Secretariat’ is used to refer to this responsibility and the individual appointed by the NB to manage the technical and administrative work is called ;? ‘Secremy’.
2. Creation
of j’K1
Until 1986 1SO and IEC were i~de~~~den~ organisations with their own committee hicrarthy. Howcvcr, particularly because of increasing liaison activities, they agreed to adopt a combined system oF management and a similar committee structure f2]. They also est~b~i~hcd in 19X7
the first joint technical committee JTCl on Infurmafion Technology. merging ISO/TC97 tnfurmutiurr Processing with a few IEC committees working in the same field. The Secretariat was assigned to the US National Body. American National Standards Institute (ANSI), which had held the Secretariat of ISO/TC97 since its creation in 1960. All the sub-committees from TC97 and two IEC committees initially formed JTCl until the restructuring of the technical committee was completed (see in [6] page v. “JTCI Organisational Chart”). IManagement of the current 1s Sub-Committee Secretariats is carried out by 8 of the 2-l participating national body members of JTCI. Some of them (e.g. Canada. Germany, Japan, Switzerland, UK) have made internal arrangements that a Secretariat be administered on behalf of the national body by another institution sympathetic to the ideals of IS0 and IEC. At all times such an institution is responsihlc to its national body and maintains a technically neutral position.
3. GklI) administers ;UI SC Stcretari:tt of I)IlN
OII hehalf
When ISO/TCY7 proposed to allocate the work of its temporary working group WGI I1titcr Grc~~~~iu~l to a new SC, no national body was at first willing to accept the responsibilities of Sccretariat. In lY83 GMD agreed, on request from the German national body, DIN Dcutschcs lnstitut fiir Normung, to supply the resources for and take over the function of the Secretariat on behalf of DIN. The new SC was given the numbcr 20 and the title Dtrrrr Cryptttgrtrphic T~‘chtiiqiws. Its first Plenary was held in January lY84 at GMD, Sankt Augustin. In IYSY, because of the need to standardize on more common and gcncral security measures instead of merely SpSciilliSing on cryptography, JTCl dissolved SC20 and crcatcd SC27 IT Secrcri[y Techniques. The Sccrctariat was to remain with DIN and GMD agreed to continue to provide the rcsourccs. However, in IYY:! GMD. due to internal rcorganisation, asked to bc rclievcd of supporting the SC27 Secretariat. After considering other alternatives it was dc-
cidrd that DIN should assume full responsibility and during December the SC17 Secretariat was transferred from GMD to DIN headquarters in Berlin, GMD having held the Secretariat for 9 years. Being a research establishment. GMD has good modern data processing facilities and ready access to telecommunication networks. Without this infrastructure the task of processing the enormous and ever increasing amount of information passing through the Secretariat’s office would not have been carried out so promptly. Another advantage was that expert advice was always available when any technical problem arose.
4. Activities of the Secretary In late 19S3 I was asked to assist in the Secrctariat of the newly formed sub-committee SC20 and during lY85 I took over the position of Sccrctary and continued managing the Secretariat’s office sin&handed for the next 7 years. a task that gave mc great Satisfaction. 1 found running a Sub-Committee Secretariat to hc most intcrcsting but very Jcnwlding and exacting. One has to bc fluent in English. both written and spoken. and a smattering of French can bc very useful. ‘I’hc work comes in waves, somctimcs thcrc is littlc to do and other times one is up to one’s eyes in temporary overtime in order to meet the deadlines. As I only had a part-time job, I also volunteered to work variable and somewhat unusual hours in order to communicate with experts and officers in all parts of the world, in particular with IS0 Central Secretariat in Geneva for administrative procedures and JTCl Sccrctariat in New York for managerial issues. Since lY83 there have been four Sub-Committee chairmen. The first two (for SC?()) were appointed from the UK while after the creation of SC?7 the next two chairmen came from Gcrmany. The Secretary and Chairman have to work closely with each other to cnsurc the smooth running of the committee both during and between the Plenary meeting sessions. The Sub-Committee formed three Working
Groups for the purpose of developing standards in their specialised areas. In SCX. these were - WG 1: Secret key ulgorithrns und upplicutiuns. - WG2: Acblic key crypto-systems untf rnotles uf
- WG3:
rue. use of enciphrrnwnt technicll~esin m~rnicution urchitrctures.
and in SC?7 they are - WG 1: Requirements, Security
- WG7:
Srrrkcs
coral-
untl
Secwity Techniquesunti ,\ld~unisrns,
(incorporating most of the work of the old SC20) - WG3: Security Elduution Critcriu. These WGs are led by conveners who have been appointed by the SC from UK, France. USA. Canada and Norway and who have to co-ordinate closely with the SC Secretariat’s office. In addition to administering normal secretarial functions, the SC Secretary has to be 3 good organiser (see [h] Annex A:! and A3) and to have facilities for continuously supervising, monitoring and updating the structure of the committee; administering the tlow of information: assessing the committee’s pcrform~~ncc and issuing Omonthly progress reports 011 all work items; coordinating the work items uithin the WGs; and conducting the voting by corrcspondcncc. 1:urthcr activities included ensuring that texts of Draft International Stand;irds (DIS) comply with the rules [5]: supervising and proof-reading camcraready copy of standards submitted for publication; planning for ad organising the ~tnnual l’lcnary meetings and negotiating with the hosts for backup support; arranging for mid-term WG mceting:s, for editorial and project nicctings; acting ;LS initial contact person for all inquiries to the SC and its work, hoth internationally and nationally; and regularly consulting with the chairman on management and technical issues. The Sccrctary also has to officiate at all Plenary meetings of the Sub-Committee which are hosted each year by I national body. (SC27 has 31 active participrrting national bodies from cast and west Europe, the Americas, the Far East and Australia.) When visiting thcsc Standards Institutions one is able to share cxpcricnccs in the II world and make new contacts for work not di-
rectly concerned with the specialist area of the Sub-Committee. In my case I was also able to answer a few inquiries about the activities of the GMD. My address book contained over 200 contacts and was ever increasing. One of the many duties at a Plenary is to supply the committee with all necessary documents. and to bring home the latest copies of documents generated or revised at the meetings for official distribution to national bodies. During the early days of the Sub-Committee this entailed the shuffling of much paper. but with the advance of technology more and more documentation ciln be and is transferred digitally. For exilmple. after the Plenary in Japan I returned with only 20 sheets of information. the bulk of the documentation being transferred on site to my laptop for mc to gcncratc in the office while tjthcr ducumcnts wcrc later submitted via Email. At least I5 large d~tcunicnts wcrc prclcesscd by thcsc nlca~is. (Hcrc was an example of how JCTI st;lnd;irds wcrc put to good use.) 011~ very awesome task I pcrson:llly had to assume WiIS t0 ilCt almost iIS ;I11 11110ffiCi;ll SC chairman during two unfortuniltc 9-month pcriads when this position was v;IciIIlt. It W;IS then I rcaliscd how lucky I was as Sccrct;try to have such valuable LIntI efficient WG C’onvcncr~ to xlvisc 2nd support me. During our first 9 YCilrS of activity. the cxpcrt5 of SC0 iI[ld of its successor SC77 worked 011 various projects which resulted in the publication of 7 International Standards [7]. with ;I further 2h drafts in various stages of dcvclopment [S]. More than a third of ISO/IEC standards arc produced by J’I’CI old its Sub-Committees. And the work in Information Technology is always increasing. The subject of IT Security is being studied h) many international. national illld regional orgrrnisations and the importance of liaison with thcxc organisiltions is it vital issue. Also, rcscarch projccts within the European Union arc often providing material for input to JTCl’s Sub-Committees. As Sccrctary one has to be aware of thcsc activities and to channel new information rcccivcd into the right WCs for attention and processing ilS IlCCCSSilrY. Several of my GMD colIcagues - its is appar-
A. Culkm
/Computer
Stankrdr
ent from other articles in this special issue serve in the course of their research projects as experts either on various Sub-Committees within JTCl or on their German counterparts. These cover a wide range of activities in Information Processing and Information Technology. Having an SC Secretariat at the GMD enabled some of my colleagues to receive first hand information on ISO/IEC and JTCL procedures. Through the amount of liaison information that passed through the office I was also able to put them in touch with other contacts and perhaps relevant people who could possibly be of help to them in their standards activities, and to inform them of additional material they might not otherwise have been aware of.
5. Personal experiences (in retrospect) Littlc did I rcalise in 1083 that the work of a Sub-Committee Secretary also entailed attending meetings once (and pcrhnps twice) a year in diffcrcnt countries on invitation from our mcmhcrs, the National Bodies. Between our first I’lcnary meeting in January IYXJ at GM11 until my last Plsnary in October 19Y2 in the Washington arca, the work cntailcd attending lti meetings - only three of which wcrc held at GMD. In the course of my travels and communications not only did I meet and get to know people from all parts of the world but I was also meeting the same facts. or seeing the same names on meeting attendance lists or as authors of spccialist papers in differing environments. Security experts are a unique breed, turning up for every sort of occasion. As a result, some of our specialist liaison activities were made easier as experts could carry information and documents into the various committees and response times could be rcduccd. At the same time lasting international friendships wcrc made and one had the opportunity of learning about the customs of various nations. During my association with the Sub-Committee I expcricnced many problems. Thcrc were technical and administrative issues like chasing after reports, drafts and contributions promised
& lntetfuces
17 (19951
139-I-13
by our experts who failed to deliver by the deadlines; insisting that Project Editors follow the IEC/ISO rules [5] when drafting their standards: finding Project Editors had unintentionally mailed me incomplete documents; discovering drafts had been updated since I had distributed what I thought was the latest version: trying to explain to those new delegates less experienced in English the official procedures for getting back numbers of technical documents. There were also problems associated with travelling, such as hotels loosing my booking; returning one evening to my room to find all my luggage and every bit of movable furniture piled high on the bed; waking up one morning to find the carpet had turned into a soggy sponge because of a slow leak from the room above: train routes suddenly being diverted because of unusual weather conditions; misdirection of luggage on transatlantic flights; receiving a flight reservation for an airline that didn’t exist; getting stranded late at night at Cologne station bccausc a mail train occupied the platform, blocking entry for our train, thcrcforc causing mc to miss my conncctions home. Was it coincidcncc I never cxpericnccd similar difficult& when on holiday‘? ‘I’hings wcrc not always black - thcrc wcrc many pleasurable morncnts. In addition to the satisfaction of formally announcing the publication of our International Standards, there were often many other delights, such as a surprise visit to the offices of dclcgates from the hosting NB with a private conducted tour of the research department; spending nearly 2 hours in the flight deck of a Boeing 717 and receiving a demonstration of the computer control system including the automatic pilot; learning about and seeing rehearsals for the winter Olympics for the handicapped; stumbling on a ceremonial Buddhist procession and accidentally taking part in the Templc ccrcmony. Looking back on my 9 years I can see the funny side of many of the difficulties I encountered both in the office and during those business trips. Although at the time they may have been rather annoying, never did I rcgrct having gone on my travels and I always looked forward with pleasure to planning for and taking part in the
A. Calkin
/Computer
Standards
next round of meetings. Now, no longer Secretary, my memories will remain with me. I can look back with much amusement and laughter at my various challenges, an experience that will no doubt never be repeated.
& Interfaces
17 (1995)
ISO/IEC Procedures
[8]
ISO/IEC operation Multi-part
99791991, 10116:1991,
for an n-bit drafts
Key Management Guidelines for
See
IEC/ISO Directives lished between 1986
the
in and
[3]
IEC/ISO work. 2nd
Part
[J]
IEC/ISO Directices ment of International
[S] IEC/ISO lntemutional [6] IEC/lSO ATI, [7] The
Foreword
to any
Directives ed. (1992).
Directices Standards. Directives:
ISO/IEC three 1989.
published parts:
for
1: Procedures
the
pub-
developed
by the -
SC have
Modes
cry. ISO/lEC 9797: 1989. Dutu Dutu intrgrity mechuni.sms ftcnctian ISO/lIX
employing 9798-I:
techniyurs General
modrl.
of
enci-
- Security mrssuge recot
ulgorithm . technology mrchunisms.
Modes
and
of
projects
reached various stages Draft). CD (CommitStandard):
mechanisms
(DIS
and
of IT security
CD). (Draft
-
(WD). (WD).
with appendix. for IT systems
of IT security
(WD).
terminology.
been
j-
cryptogruphic tcchnirturs using u cryptographic check
u block cipher I99 I, Informution Entity ucrthenticution
Glossary
-
-
of
of opcru-
9160: 18HR. fnformution processing - Duta - Physicul luyer intcroperuhility requirements. 9796: I99 I, Informuthm technoioky - Digitul signuture scheme giving
Digital signature Evaluation criteria
techniyurs ulgorithms.
technology algorithm. work items
(CD and WD). the management
Security Information Objects Zero Knowledge Techniques,
develop-
3: Drafting and presentation 2nd ed. (19X9). Procedures for the technical work
fnformation block cipher the following
Functions (DIS). authentication
Technical Report). Non repudiation
technical
Part
published by IS0 and ISO/IEC: IS0 8372: 19X7. Infvrmution processing tion for a H-Bit block cipher algorithm.
ISO/ IEC techniuues
editions
Part 2: Methodology for the Standards. 2nd ed. (1991).
2nd ed. (1992). following 7 Standards
KSO/IEC pherment
standard.
first
on
cryptographic of cryptographic
are currently under study and have of development from WD (Working tee Draft) to DIS (Draft International Hash Entity
[I]
Data
for the registration
References
[2]
143
I39-143
- Srcurity Purr
I:
Annette Cdkin received her LRAM dioloma at the Rovnl Academv of Music, University of London, -and came to Germany in 1971. leaving a career as a self-employed professional musician and teacher in the London area. In 1972 she joined GMD by supervising student help in a major project for the Federal Ministry of Justice. After training in informatics she concentrated on providing trchnical advice and support within various projects, desk-top publishing and English language documentation, while at the same time managing the secretariat of an international standards committee from 1983 to lY‘J2 on behalf of DIN.
Standards
& Interfaces
ine years of an ISO/IEC Annette
17 (19%)
13Y-143
Secretariat on IT set Calkin *
Abstract This article outlines ISO/IFC JTCI/SC27 tics and work involved. .%~~or~.d~: Dircctivcs;
the organisation rind function of the Sccrctnriat of an international ‘IT Security Tcchniqucs’, and prcscnts some impressions by its Sccrctary It cc~ncludcs with a few personal cxpcricnccs expressed in a dclibcratcly
International Rcsponsibilitics;
st;~ndardizati~~n: Security
National
body:
When 1 was first introduced not Fully aware that “IS0
to standards work (the International nisation for Stnndardization) and 1EC (the Intcrnation:ti Elcctrotechnical Commission) form the special&d system for worldwide standardization” 111. Neither did I know that they had their brad
oUices
within
the
I
also
in same learned
Geneva
-
and,
as
it
happens,
is
open
building! that
membership
to
National Bodies (NB), i.e. the various national ~t~~d~rd§ associations or institutes (one per country which agree to participate in the dcvclopmcnt OF international standards. In order to rich&e maximum efficiency within committee work, NBS. on joining a committee, register their status of activity as either P (participating) member - whereby they have an obligation to vote
a Email:
anncttcxnlkin6
gmd.dc
Mcmhcr
status;
Sub-committee:
standards c~~~l~jt,~~~ of her rcsponsihiiisubjcctivc way. Sccrctariat;
Sccrctary;
anti to contribute to the work - or w 0 (ohsewing) mcmbcr; here they have an option to monitor the work and contribute when possible. I was told that when ;I decision is taken to establish n new standards committee, which can be either a Technical Commit&e (‘I’C) or IL SubCommittee (SC), the major responsibility for operating the committee is accepted by one of the P nationai bodies. The term ‘Secretariat’ is used to refer to this responsibility and the individual appointed by the NB to manage the technical and administrative work is called ;? ‘Secremy’.
2. Creation
of j’K1
Until 1986 1SO and IEC were i~de~~~den~ organisations with their own committee hicrarthy. Howcvcr, particularly because of increasing liaison activities, they agreed to adopt a combined system oF management and a similar committee structure f2]. They also est~b~i~hcd in 19X7
the first joint technical committee JTCl on Infurmafion Technology. merging ISO/TC97 tnfurmutiurr Processing with a few IEC committees working in the same field. The Secretariat was assigned to the US National Body. American National Standards Institute (ANSI), which had held the Secretariat of ISO/TC97 since its creation in 1960. All the sub-committees from TC97 and two IEC committees initially formed JTCl until the restructuring of the technical committee was completed (see in [6] page v. “JTCI Organisational Chart”). IManagement of the current 1s Sub-Committee Secretariats is carried out by 8 of the 2-l participating national body members of JTCI. Some of them (e.g. Canada. Germany, Japan, Switzerland, UK) have made internal arrangements that a Secretariat be administered on behalf of the national body by another institution sympathetic to the ideals of IS0 and IEC. At all times such an institution is responsihlc to its national body and maintains a technically neutral position.
3. GklI) administers ;UI SC Stcretari:tt of I)IlN
OII hehalf
When ISO/TCY7 proposed to allocate the work of its temporary working group WGI I1titcr Grc~~~~iu~l to a new SC, no national body was at first willing to accept the responsibilities of Sccretariat. In lY83 GMD agreed, on request from the German national body, DIN Dcutschcs lnstitut fiir Normung, to supply the resources for and take over the function of the Secretariat on behalf of DIN. The new SC was given the numbcr 20 and the title Dtrrrr Cryptttgrtrphic T~‘chtiiqiws. Its first Plenary was held in January lY84 at GMD, Sankt Augustin. In IYSY, because of the need to standardize on more common and gcncral security measures instead of merely SpSciilliSing on cryptography, JTCl dissolved SC20 and crcatcd SC27 IT Secrcri[y Techniques. The Sccrctariat was to remain with DIN and GMD agreed to continue to provide the rcsourccs. However, in IYY:! GMD. due to internal rcorganisation, asked to bc rclievcd of supporting the SC27 Secretariat. After considering other alternatives it was dc-
cidrd that DIN should assume full responsibility and during December the SC17 Secretariat was transferred from GMD to DIN headquarters in Berlin, GMD having held the Secretariat for 9 years. Being a research establishment. GMD has good modern data processing facilities and ready access to telecommunication networks. Without this infrastructure the task of processing the enormous and ever increasing amount of information passing through the Secretariat’s office would not have been carried out so promptly. Another advantage was that expert advice was always available when any technical problem arose.
4. Activities of the Secretary In late 19S3 I was asked to assist in the Secrctariat of the newly formed sub-committee SC20 and during lY85 I took over the position of Sccrctary and continued managing the Secretariat’s office sin&handed for the next 7 years. a task that gave mc great Satisfaction. 1 found running a Sub-Committee Secretariat to hc most intcrcsting but very Jcnwlding and exacting. One has to bc fluent in English. both written and spoken. and a smattering of French can bc very useful. ‘I’hc work comes in waves, somctimcs thcrc is littlc to do and other times one is up to one’s eyes in temporary overtime in order to meet the deadlines. As I only had a part-time job, I also volunteered to work variable and somewhat unusual hours in order to communicate with experts and officers in all parts of the world, in particular with IS0 Central Secretariat in Geneva for administrative procedures and JTCl Sccrctariat in New York for managerial issues. Since lY83 there have been four Sub-Committee chairmen. The first two (for SC?()) were appointed from the UK while after the creation of SC?7 the next two chairmen came from Gcrmany. The Secretary and Chairman have to work closely with each other to cnsurc the smooth running of the committee both during and between the Plenary meeting sessions. The Sub-Committee formed three Working
Groups for the purpose of developing standards in their specialised areas. In SCX. these were - WG 1: Secret key ulgorithrns und upplicutiuns. - WG2: Acblic key crypto-systems untf rnotles uf
- WG3:
rue. use of enciphrrnwnt technicll~esin m~rnicution urchitrctures.
and in SC?7 they are - WG 1: Requirements, Security
- WG7:
Srrrkcs
coral-
untl
Secwity Techniquesunti ,\ld~unisrns,
(incorporating most of the work of the old SC20) - WG3: Security Elduution Critcriu. These WGs are led by conveners who have been appointed by the SC from UK, France. USA. Canada and Norway and who have to co-ordinate closely with the SC Secretariat’s office. In addition to administering normal secretarial functions, the SC Secretary has to be 3 good organiser (see [h] Annex A:! and A3) and to have facilities for continuously supervising, monitoring and updating the structure of the committee; administering the tlow of information: assessing the committee’s pcrform~~ncc and issuing Omonthly progress reports 011 all work items; coordinating the work items uithin the WGs; and conducting the voting by corrcspondcncc. 1:urthcr activities included ensuring that texts of Draft International Stand;irds (DIS) comply with the rules [5]: supervising and proof-reading camcraready copy of standards submitted for publication; planning for ad organising the ~tnnual l’lcnary meetings and negotiating with the hosts for backup support; arranging for mid-term WG mceting:s, for editorial and project nicctings; acting ;LS initial contact person for all inquiries to the SC and its work, hoth internationally and nationally; and regularly consulting with the chairman on management and technical issues. The Sccrctary also has to officiate at all Plenary meetings of the Sub-Committee which are hosted each year by I national body. (SC27 has 31 active participrrting national bodies from cast and west Europe, the Americas, the Far East and Australia.) When visiting thcsc Standards Institutions one is able to share cxpcricnccs in the II world and make new contacts for work not di-
rectly concerned with the specialist area of the Sub-Committee. In my case I was also able to answer a few inquiries about the activities of the GMD. My address book contained over 200 contacts and was ever increasing. One of the many duties at a Plenary is to supply the committee with all necessary documents. and to bring home the latest copies of documents generated or revised at the meetings for official distribution to national bodies. During the early days of the Sub-Committee this entailed the shuffling of much paper. but with the advance of technology more and more documentation ciln be and is transferred digitally. For exilmple. after the Plenary in Japan I returned with only 20 sheets of information. the bulk of the documentation being transferred on site to my laptop for mc to gcncratc in the office while tjthcr ducumcnts wcrc later submitted via Email. At least I5 large d~tcunicnts wcrc prclcesscd by thcsc nlca~is. (Hcrc was an example of how JCTI st;lnd;irds wcrc put to good use.) 011~ very awesome task I pcrson:llly had to assume WiIS t0 ilCt almost iIS ;I11 11110ffiCi;ll SC chairman during two unfortuniltc 9-month pcriads when this position was v;IciIIlt. It W;IS then I rcaliscd how lucky I was as Sccrct;try to have such valuable LIntI efficient WG C’onvcncr~ to xlvisc 2nd support me. During our first 9 YCilrS of activity. the cxpcrt5 of SC0 iI[ld of its successor SC77 worked 011 various projects which resulted in the publication of 7 International Standards [7]. with ;I further 2h drafts in various stages of dcvclopment [S]. More than a third of ISO/IEC standards arc produced by J’I’CI old its Sub-Committees. And the work in Information Technology is always increasing. The subject of IT Security is being studied h) many international. national illld regional orgrrnisations and the importance of liaison with thcxc organisiltions is it vital issue. Also, rcscarch projccts within the European Union arc often providing material for input to JTCl’s Sub-Committees. As Sccrctary one has to be aware of thcsc activities and to channel new information rcccivcd into the right WCs for attention and processing ilS IlCCCSSilrY. Several of my GMD colIcagues - its is appar-
A. Culkm
/Computer
Stankrdr
ent from other articles in this special issue serve in the course of their research projects as experts either on various Sub-Committees within JTCl or on their German counterparts. These cover a wide range of activities in Information Processing and Information Technology. Having an SC Secretariat at the GMD enabled some of my colleagues to receive first hand information on ISO/IEC and JTCL procedures. Through the amount of liaison information that passed through the office I was also able to put them in touch with other contacts and perhaps relevant people who could possibly be of help to them in their standards activities, and to inform them of additional material they might not otherwise have been aware of.
5. Personal experiences (in retrospect) Littlc did I rcalise in 1083 that the work of a Sub-Committee Secretary also entailed attending meetings once (and pcrhnps twice) a year in diffcrcnt countries on invitation from our mcmhcrs, the National Bodies. Between our first I’lcnary meeting in January IYXJ at GM11 until my last Plsnary in October 19Y2 in the Washington arca, the work cntailcd attending lti meetings - only three of which wcrc held at GMD. In the course of my travels and communications not only did I meet and get to know people from all parts of the world but I was also meeting the same facts. or seeing the same names on meeting attendance lists or as authors of spccialist papers in differing environments. Security experts are a unique breed, turning up for every sort of occasion. As a result, some of our specialist liaison activities were made easier as experts could carry information and documents into the various committees and response times could be rcduccd. At the same time lasting international friendships wcrc made and one had the opportunity of learning about the customs of various nations. During my association with the Sub-Committee I expcricnced many problems. Thcrc were technical and administrative issues like chasing after reports, drafts and contributions promised
& lntetfuces
17 (19951
139-I-13
by our experts who failed to deliver by the deadlines; insisting that Project Editors follow the IEC/ISO rules [5] when drafting their standards: finding Project Editors had unintentionally mailed me incomplete documents; discovering drafts had been updated since I had distributed what I thought was the latest version: trying to explain to those new delegates less experienced in English the official procedures for getting back numbers of technical documents. There were also problems associated with travelling, such as hotels loosing my booking; returning one evening to my room to find all my luggage and every bit of movable furniture piled high on the bed; waking up one morning to find the carpet had turned into a soggy sponge because of a slow leak from the room above: train routes suddenly being diverted because of unusual weather conditions; misdirection of luggage on transatlantic flights; receiving a flight reservation for an airline that didn’t exist; getting stranded late at night at Cologne station bccausc a mail train occupied the platform, blocking entry for our train, thcrcforc causing mc to miss my conncctions home. Was it coincidcncc I never cxpericnccd similar difficult& when on holiday‘? ‘I’hings wcrc not always black - thcrc wcrc many pleasurable morncnts. In addition to the satisfaction of formally announcing the publication of our International Standards, there were often many other delights, such as a surprise visit to the offices of dclcgates from the hosting NB with a private conducted tour of the research department; spending nearly 2 hours in the flight deck of a Boeing 717 and receiving a demonstration of the computer control system including the automatic pilot; learning about and seeing rehearsals for the winter Olympics for the handicapped; stumbling on a ceremonial Buddhist procession and accidentally taking part in the Templc ccrcmony. Looking back on my 9 years I can see the funny side of many of the difficulties I encountered both in the office and during those business trips. Although at the time they may have been rather annoying, never did I rcgrct having gone on my travels and I always looked forward with pleasure to planning for and taking part in the
A. Calkin
/Computer
Standards
next round of meetings. Now, no longer Secretary, my memories will remain with me. I can look back with much amusement and laughter at my various challenges, an experience that will no doubt never be repeated.
& Interfaces
17 (1995)
ISO/IEC Procedures
[8]
ISO/IEC operation Multi-part
99791991, 10116:1991,
for an n-bit drafts
Key Management Guidelines for
See
IEC/ISO Directives lished between 1986
the
in and
[3]
IEC/ISO work. 2nd
Part
[J]
IEC/ISO Directices ment of International
[S] IEC/ISO lntemutional [6] IEC/lSO ATI, [7] The
Foreword
to any
Directives ed. (1992).
Directices Standards. Directives:
ISO/IEC three 1989.
published parts:
for
1: Procedures
the
pub-
developed
by the -
SC have
Modes
cry. ISO/lEC 9797: 1989. Dutu Dutu intrgrity mechuni.sms ftcnctian ISO/lIX
employing 9798-I:
techniyurs General
modrl.
of
enci-
- Security mrssuge recot
ulgorithm . technology mrchunisms.
Modes
and
of
projects
reached various stages Draft). CD (CommitStandard):
mechanisms
(DIS
and
of IT security
CD). (Draft
-
(WD). (WD).
with appendix. for IT systems
of IT security
(WD).
terminology.
been
j-
cryptogruphic tcchnirturs using u cryptographic check
u block cipher I99 I, Informution Entity ucrthenticution
Glossary
-
-
of
of opcru-
9160: 18HR. fnformution processing - Duta - Physicul luyer intcroperuhility requirements. 9796: I99 I, Informuthm technoioky - Digitul signuture scheme giving
Digital signature Evaluation criteria
techniyurs ulgorithms.
technology algorithm. work items
(CD and WD). the management
Security Information Objects Zero Knowledge Techniques,
develop-
3: Drafting and presentation 2nd ed. (19X9). Procedures for the technical work
fnformation block cipher the following
Functions (DIS). authentication
Technical Report). Non repudiation
technical
Part
published by IS0 and ISO/IEC: IS0 8372: 19X7. Infvrmution processing tion for a H-Bit block cipher algorithm.
ISO/ IEC techniuues
editions
Part 2: Methodology for the Standards. 2nd ed. (1991).
2nd ed. (1992). following 7 Standards
KSO/IEC pherment
standard.
first
on
cryptographic of cryptographic
are currently under study and have of development from WD (Working tee Draft) to DIS (Draft International Hash Entity
[I]
Data
for the registration
References
[2]
143
I39-143
- Srcurity Purr
I:
Annette Cdkin received her LRAM dioloma at the Rovnl Academv of Music, University of London, -and came to Germany in 1971. leaving a career as a self-employed professional musician and teacher in the London area. In 1972 she joined GMD by supervising student help in a major project for the Federal Ministry of Justice. After training in informatics she concentrated on providing trchnical advice and support within various projects, desk-top publishing and English language documentation, while at the same time managing the secretariat of an international standards committee from 1983 to lY‘J2 on behalf of DIN.