Committed to Connecting the World 1 February 2010 SG 17 input for a joint ITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010) Chairman: Arkadiy Kremer Counsellor: Georges Sebek Joint ITU-T/ISO IEC JTC 1 Leadership meeting
Mar 27, 2015
Committed to Connecting the World
1
February 2010
SG 17 input for a jointITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010)
Chairman: Arkadiy KremerCounsellor: Georges Sebek
Joint ITU-T/ISO IEC JTC 1 Leadership meeting
Committed to Connecting the World
2
February 2010
ITU-T SG 17 role and mandate
Responsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems
Lead study group on telecommunication security, identity management (IdM) and languages and description techniques
Committed to Connecting the World
3
February 2010
SG 17 structure
WP 1 WP 2 WP 3Netw
ork
an
d in
form
ati
on
se
curi
ty
Ap
plic
ati
on
se
curi
ty
Iden
tity
man
ag
em
en
t an
d
lan
gu
ag
es
Q10 IdM
Q11 Directory
Q12 ASN.1, OID
Q13 Languages
Q14 Testing
Q15 OSI
Q8 SOA
Q9 Telebiometrics
Q7 Applications
Q6Ubiquitousservices
SecurityprojectQ1
Q2 Architecture
Q3 ISM
Q4 Cybersecurity
Q5Counteringspam
February 2010
Committed to Connecting the World
4
Collaborationon ICT Security Standards Roadmap(Q.1/17 Telecommunications systems security project)
An important on-line security standards resource developed in collaboration with ISO/IEC, ENISA, ETSI, IETF and other SDOs
Comprises 5 parts: Part 1 contains information about organizations working on ICT
security standards Part 2 is a searchable database of existing security standards
from 9 SDOs and consortia Part 3 lists (or links to) current projects and standards in
development Part 4 identifies future needs and proposed new standards Part 5 lists security best practices
Publicly available under Special Projects and Issues at: www.itu.int/ITU-T/studygroups/com17/index
Need to establish a process for regular updating of the Roadmap
February 2010
Committed to Connecting the World
5
Collaborationon telecommunication information security
management(Q.3/17 Telecommunications information security management) Close collaboration and liaison with JTC 1/SC
27/WG1 - Information security management systems (ISMS)
Developing common Recommendations | International Standards ITU-T X.1051 | ISO/IEC 27011, Information
security management guidelines for telecommunications organizations based on ISO/IEC 27002 (Published 2008)
ITU-T X.isgf | ISO/IEC 27014, Information security governance framework (Currently under development as a joint project)
Enhancing ISMS related documents in Q.3/17 Information security management guidelines
for small and medium telecommunication organizations
Information asset maintenance guidelines
February 2010
Committed to Connecting the World
6
Collaborationon cybersecurity information exchange
(Q.4/17 Cybersecurity)
Q.4/17 cybersecurity information exchange (CYBEX) links ISO/IEC JTC 1 SC 27/WG1
Information security management system requirements (ISO/IEC 27001) Information security management code of practice (ISO/IEC 27002) Information security governance (ISO/IEC 27014) Information security management for inter-sector and inter-organizational
communication (ISO/IEC 27010) ISO/IEC JTC 1 SC 27/WG 3
Evaluation criteria for IT security, international common criteria project (ISO/IEC 15408, 18045)
Protection profile registration procedures (ISO/IEC 15292) Security assessment of operational systems (ISO/IEC 19791) Responsible vulnerability disclosure (ISO/IEC 27047)
ISO/IEC JTC 1 SC 27/WG 4 Cybersecurity (ISO/IEC 27032) Network security (ISO/IEC 27033) Application security (ISO/IEC 27034) Information security incident management (ISO/IEC 27035) Security of outsourcing (ISO/IEC 27036) Guidelines for digital evidence (ISO/IEC 27037)
ISO/IEC JTC 1 SC 27/WG 5 Entity authentication assurance (ITU-T X.eaa | ISO/IEC 29115)
February 2010
Committed to Connecting the World
7
Collaborationon ubiquitous sensor network security (Q.6/17
Security aspects of ubiquitous telecommunication services)
Close collaboration and liaison with JTC 1/SC 6/WG 7 - ubiquitous sensor network (USN) security
Developing common Recommendations | International Standards ITU-T X.usnsec-1 | ISO/IEC CD 29180, Security
framework for ubiquitous sensor network (Currently under development as a joint project)
Advance authorization for Final Committee Draft ballot on ITU-T X.usnsec-1 | ISO/IEC CD 29180 in January 2010 JTC 1/SC 6/WG 7 meeting
Further consideration for inclusion of joint works on Recommendations X.usnsec-2, Ubiquitous sensor network (USN)
middleware security guidelines X.usnsec-3 Secure routing mechanisms for wireless
sensor network
February 2010
Committed to Connecting the World
8
Collaboration on biometrics related technology
(Q.9/17 Telebiometrics)
ISO/IEC JTC 1/SC 37Biometrics
ISO/IEC JTC 1/SC 27IT Security Techniques
ITU-T/SG 17 WP 2/Q.9Telebiometrics
VocabularyBiometrics data formatApplication interfaces
Application profilesTesting scenario
Biometric sample protection
Biometric template protection
Private information protection
Threats & CountermeasuresData & System protectionAuthentication protocol forBiometrics applications in
Telecommunication
Biometric data used in e-health
applications
ISO TC 12 IEC TC 25Quantities and Units
February 2010
Committed to Connecting the World
9
ITU-T Recommendations Collaboration with ISO, IEC or ISO/IEC JTC1 Projects
X.1083 BioAPI Interworking Protocol Joint collaboration with ISO/IEC JTC1/SC37 (IS 24708 - BioAPI Interworking Protocol)
X.1086 Telebiometrics Protection Procedures - Part1: A Guideline to Technical and Managerial Countermeasures for Biometric Data Security
Collaboration with ISO/IEC JTC1/SC27 (IS 19792 - Security evaluation of biometrics)
X.1089 Telebiometrics Authentication Infrastructure
Collaboration with ISO/IEC JTC1/SC27 (IS 24761 - Authentication context for biometrics)
X.gep A guideline for evaluating telebiometric template protection techniques
Collaboration with ISO/IEC JTC1/SC27 (IS 24745 - Biometric template protection )
X.th1 Generic ASN.1 definitions for telebiometrics related to health communications.
X.th2 to X.th6 Telebiometrics related to physics, chemistry, biology, culturology and psychology
Collaboration with ISO TC 12 and IEC TC 25
Collaboration on biometrics related technology
(Q.9/17 Telebiometrics)
February 2010
Committed to Connecting the World
10
Collaborationon identity management
(Q.10/17 Identity management architecture and mechanisms) Collaboration with ITU-T SGs 2, 11, 13 and 16; ITU-D SG 1,
ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN; OASIS; Kantara Initiative; OMA; NIST; 3GPP; 3GPP2, Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc. Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc.
JCA-IdM designed to minimize duplication of coordinate IdM
Standardization work by exchanging information about on-going projects. 7 meetings held during the period 2008-2010
basic coordination tool is an IdM Roadmap that provides abstracts and relationships of IdM projects in major IdM SDO's, consortiums, and fora
Significant progress has been made in developing a set of baseline IdM terms and definitions that were initiated by ITU-T
SC 27 is a regular participant and contributor to the JCA-IdM
February 2010
Committed to Connecting the World
11
Collaboration on entity authentication assurance, X.eaa
with ISO/IEC JTC 1/SC 27/WG 5 (Q.10/17)
ITU-T X.eaa ISO/IEC 29115 5th WD sessions held in September (ITU-T) and November 2009 (ISO/IEC JTC 1/SC 27) ITU-T proposed change in scope a proposal to establish a Collaborative Team with Terms of Reference (ToR)
submitted to ISO/IEC JTC 1/SC 27/WG5 SC 27 accepted a 6th WD with a significantly changed format and new
material. ToR were reviewed, modified and sent to the ISO national bodies. ToR should be approved in April 2010
In January 2010 the 6th WD, representing major improvements was sent to the ISO Secretariat for distribution to national bodies
WG 5 requested a one year extension for ITU-T X.eaa ISO/IEC 29115 It is anticipated that with the establishment of the Collaborative Team,
progress should improve
February 2010
Committed to Connecting the World
12
Collaborationon the Directory
(Q.11/17 Directory services, Directory systems, and public-key/attribute certificates)
Two Directory projects: ITU-T X.500-series | ISO/IEC 9594–All Parts ITU-T E.115 - Computerized directory assistance
ITU-T X.500 | ISO/IEC 9594 in fruitful cooperation with ISO/IEC JTC 1/SC 6
X.500 is a specification for a highly secure, versatile and distributed directory
The specification is under continuous enhancement support for RFID an important new work item
ITU-T X.509 | ISO/IEC 9594-8, the most important standard: Basis for eGovernment, eBusiness, etc. all over the world Is the base specification for many other groups (IETF
PKIX, ETSI ESI, CA Browser Forum, etc.)
February 2010
Committed to Connecting the World
Five main projects: Abstract Syntax Notation 1 (ASN.1) ASN.1 encoding rules Object identifiers Registration of tag-based applications and services The Object Identifier Resolution System
ITU-T X.680-series | ISO/IEC 8824 in collaboration with ISO/IEC JTC 1/SC 6 (and earlier with SC 16) These are the base ASN.1 standards – a widely used
notation for abstract syntax definition ITU-T X.690-series | ISO/IEC 8825 in collaboration with
ISO/IEC JTC 1/SC 6 (and earlier with SC 16) Specification of encoding rules, including XML encodings
for ASN.1
Collaborationon ASN.1 and Object Identifiers
(Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration)
February 2010
Committed to Connecting the World
ITU-T X.660-series | ISO/IEC 9834 in collaboration with ISO/IEC JTC 1/SC 6 The Object Identifier Standards. OIDs form a major
part of world-wide unambiguous identification schemes for security and other purposes
ITU-T X.668 | ISO/IEC 9834-9 in collaboration with ISO/IEC JTC 1/SC 6 Registration of tag-based identification schemes
ITU-T X.oid-res | ISO/IEC CD2 29168 in collaboration with ISO/IEC JTC 1/SC 6 Provides for on-line access using DNS to multi-media
information associated with and International OID node
Collaborationon ASN.1 and Object Identifiers
(Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration)
February 2010
Committed to Connecting the World
15
Collaborationon formal languages
(Q.13/17 Formal languages and telecommunication software)
ODP Recommendations developed jointly with SC 7 are now in maintenance phase
To some extent SDL overlaps the domain of JTC 1/SC 7 LOTOS and E-LOTOS, however (at least for telecommunications) SDL is more widely used.
Work plan covers the UML profiles for SDL, MSC, URN and (possibly) Testing and Test Control Notation (TTCN). UML profiles integrate the ITU-T languages using UML as a
framework. Thus (like JTC 1/SC 7) Q.13/17 has interest in OMG UML, though Q.13/17 uses OMG UML 2.n (not UML 1.4.2 as in ISO/IEC 19501:2005).
Q.13/17 has in its scope (though no work is planned): the CHILL programming language – Z.200, quality issues – Z.400 and Z.450, architecture – Z.600 and Z.601.
February 2010
Committed to Connecting the World
ISO/IEC/ITU-TStrategic Advisory Group on Security
Terms of reference To oversee standardization activities in ISO, IEC and
ITU-T relevant to the field of security To provide advice and guidance to the ISO Technical
Management Board, the IEC Standardization Management Board and the ITU-T Telecommunication Standardization Advisory Group (TSAG) relative to the coordination of work relevant to security, and in particular to identify areas where new standardization initiatives may be warranted
To monitor the implementation of the recommendations of the SAG-S
Web site: http://www.iso.org/iso/iss_home ITU-T SG 17 provides representatives to SAG-S
16
Committed to Connecting the World
17
February 2010
Summary
ITU-T SG 17 has a long experience of collaboration with ISO, IEC TCs/SCs and JTC 1 SCs
ITU-T SG 17 hosts collaborative meetings with SC 6 on ASN.1 and OID, Directory, ubiquitous sensor networks (USN) security (new). Collaborative meetings are planned with SC 27 on Entity Authentication assurance
Details on collaboration are given at http://www.itu.int/ITU-T/studygroups/com17/refdocs/relationships.html
SG 17 is maintaining reference documents: Listing of common text and technically aligned Recommen
dations | International Standards Mapping between ISO/IEC Standards and ITU-T Recommend
ations