Executive Summary
Study Group 17 meeting
(15 – 24 January 2014, Geneva/Switzerland)
Participation:
145 participants (14 more than at the previous SG17 meeting); 23 Member States, 9 Sector Members, 6 Associates, and 0 Academia participating. Several invited experts.
New leadership appointments:
- Ms. Seokung YOON, KISA/Korea, as new Q5/17 Associate Rapporteur;
- Mr. Junjie XIA, China Unicom/China, as new Q10/17 Associate Rapporteur;
- Mr. Abbie BARBIR, MBNA Canada, as new JCA-COP co-chairman.
Recommendations approved (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting approved all eight texts announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. They are five new Recommendations, two revised Recommendations, and one Corrigendum to a Recommendation as listed below:
| Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent
e.g., ISO/IEC | Start of work |
| 4/17 | X.1208
(X.csi) | A cybersecurity indicator of risk to enhance confidence and security in the use of telecommunication/ information and communication technologies | New | Heung Youl Youm | TD 0992 Rev.3 | | 2010-04 |
| 4/17 | X.1210
(X.trm) | Overview of source-based security troubleshooting mechanisms for Internet protocol-based networks | New | Youki Kadobayashi,
Huirong Tian,
Heung Youl Youm | TD 0932 Rev.3 | | 2009-09 |
| 4/17 | X.1520rev
(X.cve) | Common vulnerabilities and exposures | Revised | Robert A. Martin | COM 17 – R 14 | | 2013-06 |
| 4/17 | X.1526rev
(X.oval) | Language for the open definition of vulnerabilities and for the assessment of a system state | Revised | Robert A. Martin | TD 0931 | | 2013-06 |
| 4/17 | X.1546
(X.maec) | Malware attribute enumeration and characterization | New | Robert A. Martin | COM 17 – R 16 | | 2010-04 |
| 4/17 | X.1582
(X.cybex-tp) | Transport protocols supporting cybersecurity information exchange | New | Youki Kadobayashi,
Damir Rajnovic | COM 17 – R 17 | | 2009-09 |
| 5/17 | X.1243 Cor.1 | Corrigendum 1 to Recommendation ITU-T X.1243 | | Min Huang | COM 17 – R 13 | | 2013-09 |
| 8/17 | X.1601
(X.ccsec) | Security framework for cloud computing | New | Huirong Tian,
Zhaoji Lin | COM 17 – R 19 | | 2010-04 |
Amendment approved and Supplements agreed:
The SG17 plenary meeting approved one new Amendment, agreed two new Supplements and one revised Supplement to the X-series Recommendations.
| Q(1) | Acronym | Title | New / Revised | Editor(s) | Location of Text | Equivalent
e.g., ISO/IEC | Start of work |
| 4/17 | X.1500
Amd.5 | Overview of cybersecurity information exchange – Amendment 5 – Revised structured cybersecurity information exchange techniques | Note (2) | Youki Kadobayashi | TD 0964 | | 2013-09 |
| 4/17 | X.Suppl.10rev | Supplement 10 to ITU-T X-series Recommendations - ITU-T X.1205 – Supplement on usability of network traceback | Revised | Youki Kadobayashi,
Huirong Tian,
Heung Youl Youm | TD 0973 Rev.2 | | 2014-01 |
| 7/17 | X.Suppl.21
(X.websec-5) | Supplement 21 to ITU-T X-series Recommendations - ITU-T X.1143 – Supplement on Security framework for web mashup services | New | Jae Hoon Nah,
Heung-Ryong Oh | TD 0948 Rev.1 | | 2012-03 |
| 7/17, (10/17) | X.Suppl.22 | Supplement 22 to ITU-T X-series Recommendations - ITU-T X.1144 – Supplement on enhancements and new features in XACML 3.0 | New | Abbie Barbir,
Jae Hoon Nah | TD 0994 Rev.1 | | 2014-01 |
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Amendment 5 supersedes Amendment 4.
Recommendations determined (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting determined (TAP) the following draft new ITU-T Recommendation in accordance with WTSA-12 Resolution 1, Section 9.
| Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent
e.g., ISO/IEC | Start of work |
| 4/17 | X.1211
(X.eipwa) | Capability requirements for preventing web-based attacks | New | Xie Wei,
Heung Youl Youm | TD 0975 Rev.1 | | 2009-09 |
Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8):
The SG17 plenary meeting gave consent (AAP) to three draft new ITU-T Recommendations, two draft revised ITU-T Recommendations, and six Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:
| Q(1) | Acronym | Title | New / Revised | Editor(s) | Location of Text | Equivalent
e.g., ISO/IEC | Start of work |
| 4/17, (11/17) | X.1303bis
(X.cap)
Note (2) | Common alerting protocol (CAP 1.2) | New | Youki Kadobayashi,
Jean-Paul Lemaire | TD 0955 Rev.2
Note (3) | OASIS CAP 1.2 | 2011-04 |
| 11/17, (10/17) | F.511
(F.5xx) | Directory Service - Support of tag-based identification services | New | Erik Andersen | TD 1012
Note (4) | | 2012-12 |
| 11/17 | X.680 Cor.2 | Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation – Technical Corrigendum 2 | | Paul E. Thorpe | TD 0913 Rev.2 | ISO/IEC 8824-1:2008/Cor.2 | 2013-09 |
| 11/17 | X.682 Cor.1 | Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification – Technical Corrigendum 1 | | Paul E. Thorpe | TD 0914 Rev.2 | ISO/IEC 8824-3:2008/Cor.1 | 2013-09 |
| 11/17 | X.683 Cor.1 | Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications – Technical Corrigendum 1 | | Paul E. Thorpe | TD 0915 Rev.2 | ISO/IEC 8824-4:2008/Cor.1 | 2013-09 |
| 11/17 | X.690 Cor.2 | Information technology – ASN.1 encoding rules: specification of basic encoding rules (BER), canonical encoding rules (CER) and distinguished encoding rules (DER) – Technical Corrigendum 2 | | Paul E. Thorpe | TD 0916 Rev.2 | ISO/IEC 8825-1:2008/Cor.2 | 2013-09 |
| 11/17 | X.693 Cor.2 | Information technology – ASN.1 encoding rules: XML Encoding Rules (XER) – Technical Corrigendum 2 | | Paul E. Thorpe | TD 0918 Rev.2 | ISO/IEC 8825-4:2008/Cor.2 | 2013-09 |
| 11/17 | X.694 Cor.2 | Information technology – ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1 – Technical Corrigendum 2 | | Paul E. Thorpe | TD 0919 Rev.2 | ISO/IEC 8825-5:2008/Cor.2 | 2013-09 |
| 11/17 | X.696
(X.oer) | Information technology – ASN.1 encoding rules: Specification of Octet Encoding Rules (OER) | New | Paul E. Thorpe | TD 0852 Rev.2 | ISO/IEC 8825-7
Note (5) | 2013-09 |
| 11/17 | X.906 | Information technology – Open distributed processing – Use of UML for ODP system specification | Revised | Peter Linington | TD 0866 | ISO/IEC 19793 | 2012-03 |
| 11/17 | X.911 | Information technology – Open distributed processing – Reference model – Enterprise language | Revised | Peter Linington | TD 0865 | ISO/IEC 15414 | 2012-03 |
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Both X.1303 and X.1303bis shall be in force.
(3) TD 0905 contains the A.5 justification information for draft new Recommendation ITU-T X.1303bis.
(4) TD 1040 contains the A.5 justification information for draft new Recommendation ITU-T F.511.
(5) X.696 was submitted to ISO/IEC JTC1 for PAS/Fast Track.
New work items:
The following six new work items were agreed to be added to the SG17 work programme:
| Q(1) | Acronym | Title | New/ Revised | AAP/TAP/ Agreement | Editor(s) | Documents | Equi-valent e.g., ISO/IEC | Timing*** |
| 4/17 | X.sbb | Security capability requirements for countering smartphone-based botnets | New | TAP | Yichen Jia, China Unicom, Junjie Xia, China Unicom, Bo Yu, China Unicom | NWI template:
TD 0962 Rev.2 Base text:
TD 0903,
C-189 Rev.1 | | 2015-09 |
| 5/17 | X.cspim | Technical framework for countering mobile messaging spam (SPIM) | New | TAP | Huamin Jin, China Telecom, Zhaoji Lin, ZTE, Seokung Yoon, Korea Internet & Security Agency | NWI template:
TD 0997 Rev.3 Base text:
C-185 Rev.1 | | 2016 |
| 7/17, (10/17) | X.Suppl.22 | Supplement 22 to ITU-T X-series Recommendations - ITU-T X.1144 – Supplement on enhancements and new features in XACML 3.0 | New | Agreement | Abbie Barbir, MBNA Canada, Jae Hoon Nah, ETRI | Base text:
TD 0944 Rev.1 | | 2014-01 |
| 9/17 | X.th13 | Holosphere to biosphere secure data acquisition and telecommunication protocol | New | AAP | Olivier Vuillemin, IEC | NWI template:
TD 1031 Rev.1
Note (2) | | 2013-2016 |
| 11/17 | X.oid-iot | Supplement to ITU-T X-series – ITU-T X.660 - Guidelines for using object identifiers for the Internet of Things | New | AAP | Zhaoji Lin, ZTE Corporation, Dongya Wu, China (P.R) | NWI template:
TD 1017 Rev.1 Base text:
TD 0981 | | 2015-09 |
| 12/17 | Z.165.5 | Testing and Test Control Notation version 3: TTCN-3 Language Extensions: Performance and real time testing | New | AAP | Dieter Hogrefe, Germany | NWI template:
TD 1036 | ETSI ES 202 782 | 2014-09 |
Notes:
* Target date for consent or determination of Recommendations or for approval of appendices,
supplements or implementers' guides.
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Reservation statement made by USA, and concerns expressed by Orange, UK, and Canada.
All other proposed new works items (on SDN security, on security for the Intelligent Transportation Systems (ITS)/V2X, on virtualization security in cloud computing, on privacy protection in cloud computing, on security components for cloud computing, on security guidelines for Virtual Network Operator (VNO), on cryptographic protocol verification, and Reference monitor for analytics applications) require more studies until being ready for launching at the next SG17 meeting.
Work items discontinued:
The following five work items were agreed to be deleted from the work programme:
| Q(1) | Acronym | Title | Action |
| 3/17 | X.sup1056** | ITU-T X.1056 – Supplement on related Recommendations, International Standards and documents for security incident management | delete |
8/17,
(7/17) | X.fsspvn* | Framework for a secure service platform for virtual network | delete |
| 10/17 | X.atag* | Attribute aggregation framework | delete |
| 10/17 | X.idmts* | Framework for the interoperable exchange of trusted services | delete |
| 10/17 | X.oitf* | Open identity trust framework | delete |
Notes:
* Marked draft Recommendations were for determination.
** Marked text was for agreement
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
Deletion of Recs. ITU-T Z.400, Z.600, and Z.601 was postponed to WTSA-16.
Coordination and promotion activities:
- Two Joint Coordination Activity meetings under SG17 parent-ship were held, JCA-IdM and JCA-COP.
Mr. Abbie Barbir (MBNA Canada) was appointed as new co-chairman of JCA-IdM. IdM coordination took place with OpenID Foundation, and Kantara Initiative.
JCA-COP requested extension of its life time until 2015-09 and was confibmed by SG17; co-chairmen Ms. Ashley Heineman (USA) and Mr. Phil Rushton (UK) will continue. ISO/IEC JTC 1/SC27/WG5 informed on their current study period on age verification. - Four special sessions were held to off-load the plenaries from debates: on bridging the standardization gap (with live interpretation) for Developing Countries with a presentation from UNCTAD finding much interest; on non-normative publications; on planning the ITU Security Workshop; and on BDT Global Cybersecurity Index (GCI) where improved coordination between ITU-D, especially Q22/1, and SG17 was accomplished. All special sessions provided good discussions and better understanding. The meeting confirmed to continue organizing a BSG session at every SG17 meeting.
- SG17 re-iterated its strong desire and urgency to request ITU to stop charging for the Security Manual and the OID Handbook and to make them available free of charge. The special session on non-normative publication provided guidance to SG17.
- Updates were made to the Security Compendium, and to the ICT Security Roadmap.
- Planning continued of the ITU security workshop 15-16 September 2014 with special focus theme on ICT security standardization challenges for Developing Countries. A broad workshop steering team was compiled, with Mr. Mohamed Elhaj taking the lead of the workshop steering team.
Correspondence Groups:
The Correspondence Group informal guidance and reporting template, developed by SG17, was submitted to the next TSAG meeting.
Except CG-CYBEX, all six other Correspondence Groups were terminated.
Other highlights:
- SG17 agreed to the final draft questionnaire/survey on spam (in support of WTSA-12 Res.52 resolves 2 instructs TSB Director) and provides the material to TSB to take further action (e.g. to issue broadly as a Circular to our entire ITU-T membership).
- Some Member States submitted their TAP consultation replies "late". SG17 requested advisory from ITU legal unit until the next SG17 meeting how to handle such "late" submitted TAP consultation replies according to WTSA-12 Resolution 1.
- Reservation statement was given by Korea on selected traditional approval progress made for Q6/17 at the September 2013 SG17 meeting.
- SG17 noted that letters have been received from Andorra and Rwanda informing SG17 that they are now operating a country registration authority for object identifiers (OIDs) under {joint iso-itu-t(2) country(16) ad(20)} and {joint iso-itu-t(2) country(16) rw(646)}, respectively.
Associated events:
Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.
- A well-attended mini-workshop was organized between UPU and ITU during the SG17 meeting, exploring opportunities for cooperation in areas of joint interest. The mini workshop helped to achieve better mutual understanding of the interests and concluded with a couple of touch points for future collaboration.
- Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
- No reception and social networking event could be organized this time due to lack of sponsor(s). Sponsors are very welcome for a reception event during the ITU security workshop and/or the next SG17 meeting.
Tutorial presentations:
Three tutorial presentations were given at this Study Group 17 meeting.
· "SG17 orientation session for newcomers", Arkadiy Kremer, SG17 Chairman.
· "Multipurpose Smart ID Card with PKI (Bio Digital Signature with Smart Card + e-ID + Credit Card), Mr. Unho CHOI, UNHCR.
· "The Multistakeholder Preparatory Process for the WSIS+10 High Level Event", Ms. Gitanjali Sah, ITU SG/SPM.
Next SG17 meeting:
- 17-26 September 2014 in Geneva, preceded by 1½ -day co-located ITU Security Workshop for Developing Countries.
- Seven interim Rapporteur Group meetings, and some virtual e-meetings are planned until September 2014.
- 21 texts are scheduled for decision at the next SG17 meeting.
