(Continuation of part of Q.9/17)
Recommendations X.1141, X.1142, and X.1143 provide a set of Recommendations
that can be used for authentication/authorization and security architecture in
mobile Web Services. Recommendation X.1151 and draft Recommendation X.1152
specify a guideline on secure password-based authentication with key exchange
and various trusted third party (TTP) services, respectively. Recommendations
X.1161 and X.1162 specify a comprehensive framework and mechanisms for the
security of peer-to-peer (P2P) services. A continued effort to maintain and
enhance these security Recommendations to satisfy the needs of emerging
ubiquitous technologies and services is required.
The telecommunications industry has been experiencing an exponential growth
in the area of secure application services. Specifically, security of
telecommunication-based application services including P2P service, Web Services
and TTP is crucial for the further development of the industry. Standardization
of the best comprehensive security solutions is vital for the industry, network
operators and service providers that operate in a multi-vendor international
environment. It is also required to study and develop other types of secure
application services such as time stamping services, secure notary services, and
PKI-based application services, etc. Web Services security technologies such as
security assertion and access control assertion become very critical in
telecommunication networks. Question 7/17’s work may use the technologies
developed and/or identified by Question 8/17.
Recommendations under responsibility of this Question as of 1 December 2008:
X.1141, X.1142, X.1143, X.1151, X.1152, X.1161 and X.1162.
Study items to be considered include, but are not limited to:
- How should secure application services be identified, discovered, defined,
interconnected, and provisioned in various telecommunication services?
- How should threats behind secure application services be identified and
- What security techniques are needed for secure application services? For
example, what kind of practical security technologies should be provided for
telecommunication-based application services (i.e., Web Services) using
distributed technologies including Service Oriented Architecture (SOA)-based
- What practical security techniques are necessary to provide the convergence
services combining various heterogeneous services securely using web
technologies such as Web Services and mashups?
- What security techniques or protocols are needed for emerging secure
application services including SOA-based applications?
- What secure protocols should be applied for secure application services?
- What are the global solutions for secure application services and their
- What are the best practices or guidelines for secure application services?
- What enhancements to existing Recommendations under review or new
Recommendations under development should be adopted to reduce impact on climate
changes (e.g., energy savings, reduction of green house gas emissions,
implementation of monitoring systems, etc.) either directly or indirectly in
telecommunication/ICT or in other industries?
Tasks include, but are not limited to:
- In collaboration with other ITU-T study groups and standards development
organizations, especially with IETF, ISO/IEC JTC 1/SC 27, produce a
comprehensive set of Recommendations for providing comprehensive security
solutions for secure application services.
- Study and define secure application services in various telecommunication
- Identify and study security issues and threats in secure application
- Study and develop security mechanisms for secure application services (e.g.,
Service Oriented Architecture (SOA)-based technologies such as Web Services).
- Study and develop interconnectivity mechanisms for secure application
- Study and develop security mechanisms for securing converged services using
Web technologies such as Web Services and mashups.
- Study and develop guidelines for selecting and/or implementing secure
application protocols to be used in secure application services.
Recommendations: X.800-series and others related to security
Questions: ITU-T Qs 1, 2, 3, 4, 5, 6, 8, 9, 10/17 and 16/13
Study groups: ITU-T SGs 2, 13 and 16
Standardization bodies: ISO/IEC JTC 1/SC 27; IETF; OASIS; Liberty Alliance