>> Study Group 17
: Security, languages and telecommunication software
Question 2/17 - Directory Services, Directory Systems, and Public-key/Attribute Certificates
(Continuation of Question E/17)
The timely and appropriate specification, realization and improvement of new and existing Directory services and systems can be assisted by studying together Directory services and the systems needed for their support.
The concern about the security of electronic documents and transmissions is one of the major obstacles to the deployment of systems dealing with sensitive private and commercial information. The current specifications for public-key and attribute certificates must be kept responsive to the increasing demand for stronger security.
1.1 Directory services
There is a need to study directory services, offered either for public access or for the use of directory assistance operators, in order to define comprehensively aspects of access to remote directories for different services. The main requirement of the study is to facilitate international interoperability of directory services.
Existing Recommendations: E.104, E.115, F.500, F.510 and F.515.
1.2 Directory systems
The X.500-series of Recommendations were first published in 1988 and were extensively revised in 1993, 1997 and 2000/2001.
These standards are significant components of widely deployed technologies such as PKI and LDAP, and are used in many areas, e.g. financial, medical, and legal.
Maintenance of these Recommendations, the study of enhancements to, and new applications of, X.500, and continued collaboration with IETF and ISO/IEC JTC 1 are necessary.
Existing Recommendations: X.500, X.501, X.511, X.518, X.519, X.520, X.521, X.525, X.530, X.583, X.584, X.585 and X.586.
1.3 Public-key/attribute certificates
The X.509 Recommendation was first published in 1988 and was extensively revised in 1993, 1997 and 2000.
X.509 public-key certificates are widely used. In every secure browser session using SSL a certificate is used to authenticate the web server and to agree on the encryption key that will be used to protect the information exchanged in the session. The certificate is also used to authenticate and protect e-mail and is the cornerstone of time-stamping services. Many countries now allow electronic documents to be considered equivalent to a paper document. An electronic document with a digital signature that is supported by a X.509 certificate is recognized in many countries as the most credible form of electronic document. Attribute certificates provide a secure method for conveying privileges.
Maintenance of this Recommendation, the study of enhancements to, and new applications of, X.509, and continued collaboration with IETF and ISO/IEC JTC 1 are necessary.
Existing Recommendations: X.509.
2.1 Directory services
a) What new service definitions and profiles are required that can take advantage of widely supported Directory technologies, e.g. X.500 and
b) What changes to the E and F-series of Recommendations and/or what new Recommendations are required to specify enhancements to, and to correct defects in, existing Directory service definitions and profiles?
2.2 Directory systems
a) What enhancements are required to the Directory to better support current and potential users of the Directory, such as stronger consistency of Directory information across replicated sites, support operation on user specified associated aggregates of directory attributes, improve performance when retrieving large numbers of returned results, or resolution of confusion caused by multiple directory service providers holding different information under identical names?
b) What further enhancements are required to the Directory to interoperate with and to support services implemented using the IETF’s LDAP specification, including possible use of XML for accessing directories.
c) What further enhancements are required to the Directory to allow its use in various environments, e.g. resource constrained environments, such as wireless networks, and multimedia networks?
d) What further enhancements are required to the Directory to improve its support of such areas as Intelligent Network, communication networks and public directory services?
e) What changes to the X.500-series Recommendations and/or what new Recommendations are required to specify enhancements to, and to correct defects in, the Directory?
Directory systems work will be done in collaboration with ISO/IEC JTC 1 in their work on extending ISO/IEC 9594, which is common text with Recommendations X.500-X.530. Liaison and close cooperation will also be maintained with the IETF particularly in the areas of LDAP.
2.3 Public-key/attribute certificates
a) What further enhancements are required to public-key and attribute certificates to allow their use in various environments, e.g. resource constrained environments, such as wireless networks, and multimedia networks?
b) What further enhancements are required to public-key and attribute certificates to increase their usefulness in areas such as biometrics, authentication, access control and electronic commerce?
c) What changes to Recommendation X.509 are required to specify enhancements to, and to correct defects in, X.509?
Public-key/attribute certificates work will be done in collaboration with ISO/IEC JTC 1 in their work on extending ISO/IEC 9594-8, which is common text with Recommendations X.509. Liaison and close cooperation will also be maintained with the IETF particularly in the areas of PKI.
Text for fifth edition of the X.500-series of Recommendation by mid 2005.
Questions: 4/17, 5/17, 6/17, 7/17, 8/17, 9/17 and 10/17
Study Groups: ITU-T SGs 2, 11 and 16
Standardization bodies: ISO/IEC JTC 1/SC 6; IETF