|
Background and justification
Users, operators, and vendors have always had expectations for the security
of telecommunications services and systems. Users have requirements for
confidentiality and integrity of their communications and may require
authentication of other parties in a session and non-repudiation of transactions
undertaken with those other parties. Operators require authentication of users
and authorization of their activities in order to carry out proper billing and
control of usage of resources. All parties have a stake in correct and reliable
operation, even in the face of malicious attacks on system or network integrity.
At the same time, security is subject to regulation in the various legal
jurisdictions, both to ensure that minimum standards are met and to support
enforcement of criminal and other laws.
Two factors make security an even more complex issue within the context of
Mediacom 2004 than it is elsewhere: the specific nature of multimedia
communications (diverse media, multiple streams within one communication), and
the use of multimedia communications in the course of e-commerce. While
e-commerce puts even greater emphasis on the objectives of confidentiality,
integrity, and non-repudiation of communications, it also raises new issues of
protection of intellectual property distributed over the telecommunications
network.
Traditionally, vendors (and the standards from which they work) provide
mechanisms for the provision of security. Operators and users are responsible
for the development and enforcement of policies which make use of these
mechanisms to achieve their respective security objectives. The IETF has a
well-developed process for ensuring that the foundations of this division of
effort are properly laid: every project within the IETF must consider and
explicitly document the security requirements associated with the end-product,
ensure that the necessary mechanisms are put into place, and provide advice on
the use of those mechanisms and other policy issues associated with the use of
the end-product. ITU-T can learn from this process, in order better to serve the
needs of the world community. This Question provides a focal point for the
introduction of improvements in work on security as reflected in the content of
Recommendations produced under Mediacom 2004.
At the same time, security is a specialized topic involving a considerable
body of specialized knowledge. Even more knowledge is required to ensure
security in multimedia communications. This Question serves as a central point
from which this special expertise may be applied as needed to individual
projects.
Study items
This Question shall have the following responsibilities:
- assisting in the threat analysis of existing and proposed multimedia
systems and services;
- maintaining Recommendation H.235 as a security framework providing
the mechanisms needed to protect multimedia systems and services from
identified threats;
- maintaining Recommendations H.233, H.234 and T.135;
- encouraging the development of documentation within Recommendations
on multimedia systems and services, providing guidance on potential threats
to security, the mechanisms provided to counter those threats, and the
policies which system operators should put in place to use those mechanisms
for their intended purpose;
- contributing to the work of the Question on Multimedia Architecture
to ensure that the architectural framework includes due consideration of
functions associated with security;
- providing advice on the application of the security framework in
specific cases of system design.
Specific work items
To be completed.
Relationships
- The team of experts working on this Question will cooperate with and
advise the other Questions of this Study Group and multimedia-related
Questions of other study groups. They will coordinate with experts working in
the area of security in other study groups, and the experts of the Security
Area of the IETF.
- ETSI TC SEC.
|
