The present document specifies trust models@ functions and protocols using attribute based encryption as a foundation of an attribute based access control scheme. It covers both the Ciphertext-Policy (CP-ABE) and Key-Policy (KP-ABE) variants of Attribute-Based Encryption. The specifications address the following aspects: ? Identification of an ABE scheme covering both the Ciphertext-Policy and Key-Policy variants ? Definition of interactions between the data sources@ the service providers and the authority releasing attributes and key material ? Mechanisms for keys@ policies@ and attributes distribution ? Mechanisms for secret key expiration and revocation ? Definition of semantics for a basic set of attributes to ensure interoperability ? Mapping to a standard Public Key Infrastructure X.509 ? Mapping to a standard assertion protocol (SAML) ? Definition of a policy schema for data access control ? Identification of limitations compared to traditional ABAC features ? Translation rules to XACML ? Definition of new protocol bindings when existing bindings do not cover the deployment scenario (e.g. a CoAP binding for the IoT case)