The State of Industry Standards: Highlights From SIA’s Webinar

On Feb. 11, 2025, the Security Industry Association (SIA) Standards Committee hosted a webinar on the state of security industry standards.

In a discussion moderated by SIA Standards Committee Chair Peter Boriskin (chief technology officer at ASSA ABLOY Opening Solutions, experts from SIA and fellow industry-related standards development organizations (SDOs) highlighted their most recent developments.

Leo Levit, steering committee chair at the Open Network Video Interface Forum (ONVIF), discussed what ONVIF is doing as a global, open standard, explaining how IP-based security devices communicate. Highlights include how ONVIF ensures interoperability across brands and seamless integration of security systems. ONVIF’s profiles cover access control, door control and event management, edge storage and metadata for analytics, as well as basic and advanced video streaming.

Looking ahead, ONVIF is exploring cloud-based security integration, an audio profile, standardized cloud communication for surveillance and media authenticity for evidentiary use.

Pierre-Antoine Champin, data strategist at the World Wide Web Consortium (W3C), discussed verifiable credentials and efforts to standardize digital identity. He detailed a three-part method to demonstrate the process:

1. Issuer – Issues the credential
2. Holder – Stores and presents it
3. Verifier – Confirms its authenticity

Champin identified that, unlike physical credentials, digital credentials are unique in that they also include additional elements including metadata, offering added security, privacy and an ability to be machine verifiable. Real-world examples show the technology being used for digital driver’s licenses, library cards, university degrees and more. W3C’s framework ensures both cryptographic security and respect for privacy. Also discussed was working group activity, which recently published three crypto suites, as embedded proofs, and demonstrated secure credential structuring using “JOSE” and “COSE” enveloping proofs.

Frederik Hamburg, chair of the Open Security Standards Association (OSS Association), discussed the organization’s role in developing open security standards and how leveraging its members is essential.

Hamburg highlighted Standard Offline, a uniform data protocol that was introduced a decade ago and has been adopted throughout Europe and beyond. The protocol facilitates the management and processing of offline locking components for both doors and management systems. Supporting technologies include Legic Advant, MIFARE Classic and MIFARE DESFire.

Hamburg also discussed OSS Secure Identity (SID), which standardizes badge numbers, an example used was how wheel rims standardized bolt patterns to attach them to cars. Mobile Access Standard Offline data format was also covered, mobile access interfaces and the Key Transport Card is a solution for seamless key transport based on Standard Offline which is adaptable for any system using the supported technologies.

Kim Hamilton Duffy, executive director of the Decentralized Identity Foundation (DIF), discussed identity standards and how they help mitigate security risks. She outlined major identity-related risks for security professionals, including onboarding fraud, centralized data vulnerabilities, artificial intelligence risks, challenges related to scalability and impersonation risks.

Some of the digital identity standards highlighted were W3C Verifiable Credentials, identity wallets, decentralized biometric authentication and decentralized identity architectures.

Duffy explained DIF’s role, mission, the leadership approach and how contributions to industry-wide alignment are essential in developing related standards. She also highlighted several important topics to consider in the creation of these standards, including empowering users with data control, ensuring verifiable, trust-based foundations, securing communication channels, supporting scalability for emerging needs and being designed for zero-trust environments, all of which need to be top of mind.

Rounding out the panel was Harrison Tang, CEO of Spokeo and co-chair of the W3C Credentials Community Group (CCG). Harrison explained that W3C CCG is an open community and invited webinar attendees interested in participating to join their weekly meetings, which occur every Tuesday at 9 a.m. Pacific Time; learn more here.

The primary activity the W3C CCG is working on is the incubation of open digital identity standards topics such as verifiable credentials, decentralized identifiers (DIDs), secure data storage and identity wallet protocols. Self-sovereign identity (SSI) was described as a three-party trust triangle, also mentioned previously by Champion. Use cases identified included, consent-based access, privacy considerations, decentralized control and Web3 identity. Tang also delved into DIDs, demonstrating their ability to enable transitive trust.

Current W3C CCG projects were also outlined, including:

• VC-API and a VC test suite
• Quantum-safe DID signature suite
• Education and traceability
• Rendering methods and barcode applications
• Verifiable issuers and verifiers

To conclude, there was a Q&A session where several attendees asked many technical questions which were addressed by the panelists. One question was asked by an attendee in a sales role asking for ways to use the information shared in a less high-level way and for strategies to help them highlight how security standards can demonstrate business value. Harrison Tang offered that since security is about compliance and cost efficiency, open standards demonstrate ways to streamline compliance, which can strengthen a sales pitch.

Kim Hamilton Duffy encouraged participants to join open events from W3C CCG and DIF, as well as other SDOs, to learn more and to grow more expansive industry connections, both offering opportunities to increase value.

Frederik Hamburg explained how open standards offer stronger security compared to private systems, which makes them compelling, as a selling point.

Pierre-Antoine Champin made the point that W3C specifications are built with interoperability in mind, as are all of the standards discussed throughout the industry. This fact provides sales teams with accessible reference implementation reports, which showcase the ways open standards function effectively across various systems.

Leo Levit reinforced that same point and added how open standards help future-proof investments, which provide access to a greater amount of compliant solutions. Leo added that SDOs offer opportunities to explore diverse implementations and invited industry professionals in attendance to contribute to open standards development, a sentiment shared by all, including SIA.

On behalf of SIA’s Standards Committee, Peter Boriskin invited other SDOs to participate in future sessions of this webinar series and encouraged attendees to provide feedback on additional standards topics they’d like to be covered.

To get involved with SIA Standards, we invite you to reach out directly to Cameron Walker-Miller, director of standards and technology, at cmiller@securityindustry.org or Adom Yusuf, senior manager of standards and technology, at ayusuf@securityindustry.org for information to be part of active committees or submit your own standards proposals.