Motivation

The X.500-series of Recommendations has a significant impact in the industry. These Recommendations are major components of widely deployed technologies such as public-key infrastructure (PKI) and lightweight directory access protocol (LDAP), and is used in many areas, e.g., financial, medical, and legal. Where high security directory services are required, e.g., in the military area, X.500 is the only answer.

The X.500 work is the basis for much work within the IETF. LDAP is built on the X.500 Directory model. Likewise, the work of the IETF pkix Working Group has its foundation within X.509.

Directory solutions are an important part of identity management (IdM). Directory vendors are marketing the directory solutions as IdM systems. Several IdM and NGN requirements (e.g., for ID-based applications) can be met by use of directory service.

X.509 is a significant Recommendation. Public-key certificates are widely used. In every secure browser session using secure socket layer (SSL) a certificate is used to authenticate the web server and to agree on the encryption key that will be used to protect the information exchanged in the session. The certificate is also used to authenticate and protect e-mail and is the cornerstone of time-stamping services. Many countries now allow electronic documents to be considered equivalent to a paper document. An electronic document with a digital signature that is supported by an X.509 certificate is recognized in many countries as the most credible form of electronic document. Attribute certificates provide a secure method for conveying privileges.

The concern about the security of electronic documents and transmissions is one of the major obstacles to the deployment of systems dealing with sensitive private and commercial information. The current specifications for public-key and attribute certificates must be kept responsive to the increasing demand for stronger security.

The X.500-series of Recommendations needs to evolve to cope with future requirements as they appear within IdM, NGN, ubiquitous sensor network (USN) and other areas. Collaborative work is underway with ISO/IEC JTC 1/SC 6/WG 8 on password policy. X.509 needs to evolve in collaboration with IETF to support new areas.

Recommendation E.115 is a directory specification supporting the directory assistance service. It is widely implemented and used by directory assistance service providers as organized by The Association for the Directory Information Industry (EIDQ). E.115 has been extended several times, e.g., to support different languages and extended communications address support, and will in the future need to adapt to new directory assistance requirements.

Recommendations under responsibility of this Question as of 1 December 2008: E.104 (in conjunction with SG 2), E.115 (in conjunction with SG 2), F.500, F.510, F.515, X.500, X.501, X.509, X.511, X.518, X.519, X.520, X.521, X.525 and X.530.

Question

Directory services

Study items to be considered include, but are not limited to:

1. What new service definitions or modifications in the F-series are required to identify how current capabilities may be used and what new requirements there are on X.500?
2. What enhancements to the E-series of Recommendations are necessary to cope with new service requirements?

Directory systems

Study items to be considered include, but are not limited to:

1. What enhancements are required on the Directory to support new NGN and IdM requirements?
2. What new security and privacy requirements are there on directory information?
3. What requirements are there on alternative means to access a directory?
4. What further enhancements are required to the Directory to interoperate with services using the IETF’s LDAP specification, including possible use of XML for accessing directories?
5. What further enhancements are required to the Directory to allow its use in various environments, e.g., resource constrained environments?
6. What further enhancements are required to the Directory to improve its support of such areas as intelligent network, communication networks and public directory services?
7. What enhancements are required for supporting internationalization of directory information and associated matching rules?

This work will be done in collaboration with ISO/IEC JTC 1/SC 6 in their work on extending ISO/IEC 9594. Cooperation will be maintained with the IETF particularly in the areas of LDAP.

Public-key/attribute certificates

Study items to be considered include, but are not limited to:

1. What further enhancements are required to public-key and attribute certificates to allow their use in various environments, e.g., resource constrained environments?
2. What further enhancements are required to public-key and attribute certificates to increase their usefulness in areas such as biometrics, authentication, access control and electronic commerce?
3. What changes to X.509 are required to specify enhancements and to correct defects?

This work will be done in collaboration with ISO/IEC JTC 1/SC 6 in their work on extending ISO/IEC 9594-8. Cooperation will be maintained with the IETF particularly in the areas of PKI.

Tasks

Tasks include, but are not limited to:

1. Maintain the Directory by progressing Defect Reports and Technical Corrigenda.
2. Identify new directory requirements in support of new and current technologies.
3. Progress work on password policies for directories.
4. Develop the seventh edition of the X.500-series of Recommendations.
5. Develop new editions of E.115 to cope with future directory assistance service requirements.

Relationships

Recommendations: X.680, X.681, X.682, X.683, X.690 and H.350-series

Questions: ITU-T Qs 1, 2, 6, 8, 9, 10 and 12/17

Study groups: ITU-T SGs 2, 13 and 16

Standardization bodies: ISO/IEC JTC 1/SCs 6 and 27; IETF; OASIS