ISO/IEC 29100

ISO/IEC 29100 specifies a privacy framework for the protection of Personally Identifiable Information (PII). It is a general framework that targets organisations and supports them for the definition of privacy requirements that should be considered complementary to legal ones, whenever personal information is processed. In addition, the standard specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information, and includes a set of eleven privacy principles for ICT systems.

ISO/IEC 29101

ISO/IEC 29101 defines a privacy architecture framework. It specifies important concerns that should be considered for the design of ICT systems that process personal identifiable information, lists the components of the system for the implementation of such systems, and provides architectural views contextualizing these components.

ISO/TR 21548

ISO/TR 21548 complementary Technical Report provides additional guidance for implementation of requirements defined in ISO/TS 21547. It discusses practical methods and tools for the development and management of digital archives that satisfy the security requirements.

ISO/TS 21547

ISO/TS 21547 discusses the security requirements for archiving of electronic health records in any format for the long term. This standard specification discusses the document management and privacy protection, rather than specific messages and protocols, and applies the same care for the management of Electronic Health Records (HERs) as in the paper form. Document management is intended as the practise to archive documents, which can be implemented as a separate independent archive or a federated one. HERs management includes maintenance, retention, disclosure and destruction. The standard also focuses on security requirements (integrity, confidentiality, availability and accountability) and privacy requirements to protect the patient records for their long-term digital preservation in digital archives.

ISO/TS 25237

ISO/TS 25237 contains principles and requirements for privacy protection using pseudonymization of health records. The specification defines organisational and technical aspects for pseudonymization (reversible and irreversible) and gives a guide to risk assessment in case of re-identification. Furthermore, it specifies a policy framework and minimal requirements for pseudonymization.


OAuth2 is an IETF standard (RFC 6749) for authorisation; it enables the delegation of rights and permissions by creating dynamic credentials to provide a trustworthy communicating infrastructure. On top of OAuth, OpenID Connect provides user authentication via a simple API to verify the identity of the user and obtain basic profile information.

OCCI (Open Cloud Computing Interface)

OCCI (Open Cloud Computing Interface) from OGF is a major standard, widely supported by open source products (e.g., OpenNebula and OpenStack) and international initiatives (such as the EGI). The standard is intended for the management of IaaS resources and it is quite extensible so that it can be used for PaaS and SaaS services as well. In the current release (version 1.1), it supports HTTP rendering and provides infrastructure extensions to deal with IaaS clouds. A new release (1.2, now available in public comment) is planned in 2015 with additional functionalities and extensions like the support for Service Level Agreement negotiation and resource monitoring.

OGC Catalogue Service for the Web (CSW)

The OGC Catalogue Service for the Web (CSW) is a standard for interacting with one or many catalogue(s) of geospatial records on the web. CSW makes it possible to publish and search collections of descriptive information (metadata) for data, services, and related information objects. Metadata in catalogues can be queried thanks to different CSW operations (e.g. GetCapabilities for retrieving service metadata, DescribeRecord for discovering elements of the information, GetRecords for searching for records).

OGC Simple Features Access (SFA)

The OGC Simple Features Access (SFA) is a standard that describes the common architecture for simple feature geometry (i.e. two-dimensional geographical data like points, lines, polygons, multi-lines) and defines a standard SQL schema that supports storage, access and update of these data. The PostGIS extension to PostgreSQL is an example of open source software that follows the Simple Features for SQL specification.

OGC Web Feature Service (WFS)

The OGC Web Feature Service (WFS) is a standard communication protocol ensuring interoperability for exchanging geographical features across the web. Geographical features are vector data like points, lines and polygons. WFS provides interfaces for manipulating features via different operations (e.g. GetCapabilities for serving the supported operations, GetFeature for serving geometries or attributes under various formats like GML or JSON, Transaction for creating, modify and deleting features published by the service).