Participants: The first Study Group 17 meeting in the 2013-2016 study period was attended by 28 Member States, 19 Sector Members, 6 Associates, and 1 Academia. In total 170 participants attended the SG17 meeting. Structure and leadership Study Group 17 established five Working Parties and appointed WP chairmen: | 1/17 | Fundamental security | Mr Koji NAKAO | 1, 2 and 3/17 |
|---|
| 2/17 | Network and information security | Mr Sacid SARIKAYA | 4 and 5/17 |
|---|
| 3/17 | Identity management and cloud computing security | Mr Heung Youl YOUM | 8 and 10/17 |
|---|
| 4/17 | Application security | Mr Antonio GUIMARAES | 6, 7 and 9/17 |
|---|
| 5/17 | Formal languages | Mr George LIN | 11 and 12/17 |
|---|
New SG17 leadership team with appointed Rapporteurs for all Questions including appointment of associate rapporteurs for many Questions, ensures smooth continuation of the work in the expert groups. SG17 also appointed candidates for the various other project leaders, liaison officers, representatives, contact points and other leadership positions; this enables for good coordination with other groups. Approved ITU-T Recommendations:
Three new ITU-T Recommendations (under TAP) were approved.
• X.1154 (X.sap-4), General framework of combined authentication on multiple identity service provider environments.
• X.1526 (X.oval), Open vulnerability and assessment language.
• X.1544 (X.capec), Common attack pattern enumeration and classification.
Agreed Supplements and Appendices:
Three new Supplements to the X-series Recommendations and one Amendment were agreed.
• X.1500 Amd.3, Overview of cybersecurity information exchange – Amendment 3 – Revised structured cybersecurity information exchange techniques.
• X.Suppl.18 (X.abnot), Supplement to ITU-T X.1205 – Supplement on guidelines for abnormal traffic detection and control on IP-based telecommunication networks.
• X.Suppl.19 (X.msec-6), Supplement to ITU-T X.1120 series – Supplement on security aspects of smartphones.
• X.Suppl.20 (X.sisnego), Supplement to ITU-T X.1205 – Supplement on framework of security information sharing negotiation.
Determined draft ITU-T Recommendations:
Two draft new ITU-T Recommendations were determined:
• X.1208 (X.csi), Guidelines for cybersecurity index;
• X.1255 (X.discovery), Framework for discovery of identity management information.
Consented draft ITU-T Recommendations:
Consent was reached on seven draft new ITU-T Recommendations, and eight revised draft ITU-T Recommendations:
• X.1037 (X.ipv6-secguide), Technical security guideline on deploying IPv6.
• X.1198 (X.iptvsec-8), Virtual machine-based security platform for renewable IPTV service and content protection.
• X.1156 (X.sap-6), Non-repudiation framework based on a one time password.
• X.1092 (X.tif), Integrated framework for telebiometric data protection in e-health and telemedicines.
• Z.161 (revised), Testing and Test Control Notation version 3: TTCN-3 core language.
• Z.161.2, Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support.
• Z.161.3, Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterization.
• Z.161.4, Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour types.
• Z.165 (revised), Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI).
• Z.165.1 (revised), Testing and Test Control Notation version 3: Extension Package: Extended TRI.
• Z.166 (revised), Testing and Test Control Notation version 3: TTCN-3 control interface (TCI).
• Z.167 (revised), Testing and Test Control Notation version 3: TTCN-3 mapping from ASN.1.
• Z.168 (revised), Testing and Test Control Notation version 3: TTCN-3 mapping from CORBA IDL.
• Z.169 (revised), Testing and Test Control Notation version 3: TTCN-3 mapping from XML data definition.
• Z.170 (revised), Testing and Test Control Notation version 3: TTCN-3 documentation comment specification.
Last call for the eleven TTCN-3 Recommendations is held pending TSAG decision on revised Questions 11/11 and 12/17.
New work items:
The following nine new work items were agreed to be added to the work programme:
• X.1051 (revised), Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (in Q3/13).
• X.tfcmm, Technical framework for countering mobile messaging spam (in Q5/17).
• X.cc-control, Information technology – Security techniques – Code of practice for information security controls for cloud computing services based on ISO/IEC 27002 (in Q8/17 assisted by Q3/17).
• X.idmts, Framework for the interoperable exchange of trusted services (in Q10/17).
• X.cmail, Certified mail transport and certified post office protocols (in Q11/17, assisted by Q7/17).
• X.orf, OID-based resolution framework for heterogeneous identifiers/locators (in Q11/17).
• Z.161.2, TTCN-3 Language Extensions: Configuration and Deployment Support (in Q12/17).
• Z.161.3, TTCN-3 Language Extensions: Advanced Parameterization (in Q12/17).
• Z.161.4, TTCN-3 Language Extensions: Behaviour Types (in Q12/17).
In addition, three work items were removed from the work programme.
Coordination and promotion activities:
• Two Joint Coordination Activity meetings (JCA-IdM and JCA-COP) were held.
• Two security coordination meetings were held plus several joint meetings of SG17 Questions with counterparts in ISO/IEC JTC 1/SC27.
• Updates made in ICT Security Roadmap and Security Compendium.
• Two projects were established to assist others in using ITU-T Recommendations:
- Abstract Syntax Notation One (ASN.1)
- Object identifiers (OIDs)
• Reports were sent to TSAG on each of the SG17 lead study group responsibilities:
- Security
- Identity Management (IdM)
- Languages and description techniques
Correspondence Groups:
Six new Correspondence Groups were established:
• Correspondence group (CG-pverify) on Verification process for cryptographic protocols (for Q1/17), Chairman: Yutaka Miyake.
• Correspondence group (CG-cybex) on Cybersecurity information exchange capabilities (for Q4/17), Chairmen: Youki Kadobayashi, and Robert A. Martin.
• Correspondence group (CG-wmsec) on Web mashup security activities (for 7/17), Chairman: Jae Hoon Nah.
• Correspondence group (CG-giim) on Generic IdM interoperability mechanisms activities (for Q10/17), Chairman: Jing Wu.
• Correspondence group (CG-idmcc) on IdM requirement in cloud computing activities, (for Q10/17, and assisted by Q8/17), Chairman: Jing Wu.
• Correspondence group (CG-oitf) on Open identity trust framework activities, (for Q10/17), Chairman: David Turner.
Two existing Correspondence Groups were continued:
• Correspondence group (CG-XACML) on XACML (eXtensible Access Control Markup Language) activities (for Q7/17, assisted by Q10/17), Co-chairmen: Abbie Barbir, and Jae Hoon Nah.
• Correspondence group (CG-Xccsec) on High-level security framework for cloud computing and cloud computing security collaboration (for Q8/17), chairman: Huirong Tian.
Other highlights:
• Cloud computing security:
SG17 agreed to high-level principles for separation of cloud computing security work between SG13 and SG17, and agreed to collaboration on cloud computing tasks between two the Study Groups. SG17 further agreed to a change in the current Question 8/17 text. Those three agreements were sent to TSAG asking for endorsement.
• Testing:
SG17 agreed a proposal made by the SG11 and SG17 Chairmen on alignment of testing work between SG11 and SG17. Revisions to the texts of Questions 11/11 and 12/17 were sent to TSAG asking for endorsement.
• SG17 agreed to assign default approval processes to all Questions.
• Continued reporting by SG17 is taking place on the WTSA-12, WTDC-10 and PP-10 Resolutions.
Associated events:
Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts in the ITU-T and SG17 community.
• Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all well attended with interest.
• Two tutorial presentations were given:
o SG17 Orientation session for newcomers, Arkadiy Kremer, SG17 Chairman.
o Counterfeiting – A growing problem, Keith Mainwaring/TSB
• A SG17 welcome reception and social networking event was sponsored by RANS.
Next SG17 meeting:
• 26 August –4 September 2013, Geneva. |
