ITU

Committed to connecting the world

Executive Summary

​Executive Summary

Study Group 17 meeting

(15 – 24 January 2014, Geneva/Switzerland)

Participation:

145 participants (14 more than at the previous SG17 meeting); 23 Member States, 9 Sector Members, 6 Associates, and 0 Academia participating. Several invited experts.

New leadership appointments:

    • Ms. Seokung YOON, KISA/Korea, as new Q5/17 Associate Rapporteur;
    • Mr. Junjie XIA, China Unicom/China, as new Q10/17 Associate Rapporteur;
    • Mr. Abbie BARBIR, MBNA Canada, as new JCA-COP co-chairman.

Recommendations approved (TAP – WTSA-12 Resolution 1):

The SG17 plenary meeting approved all eight texts announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. They are five new Recommendations, two revised Recommendations, and one Corrigendum to a Recommendation as listed below:

QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of work
4/17X.1208
(X.csi)
A cybersecurity indicator of risk to enhance confidence and security in the use of telecommunication/ information and communication technologiesNewHeung Youl YoumTD 0992 Rev.32010-04
4/17X.1210
(X.trm)
Overview of source-based security troubleshooting mechanisms for Internet protocol-based networksNewYouki Kadobayashi,
Huirong Tian,
Heung Youl Youm
TD 0932 Rev.32009-09
4/17X.1520rev
(X.cve)
Common vulnerabilities and exposuresRevisedRobert A. MartinCOM 17 – R 142013-06
4/17X.1526rev
(X.oval)
Language for the open definition of vulnerabilities and for the assessment of a system stateRevisedRobert A. MartinTD 09312013-06
4/17X.1546
(X.maec)
Malware attribute enumeration and characterizationNewRobert A. MartinCOM 17 – R 162010-04
4/17X.1582
(X.cybex-tp)
Transport protocols supporting cybersecurity information exchangeNewYouki Kadobayashi,
Damir Rajnovic
COM 17 – R 172009-09
5/17X.1243 Cor.1Corrigendum 1 to Recommendation ITU-T X.1243Min HuangCOM 17 – R 132013-09
8/17X.1601
(X.ccsec)
Security framework for cloud computingNewHuirong Tian,
Zhaoji Lin
COM 17 – R 192010-04

Amendment approved and Supplements agreed:

The SG17 plenary meeting approved one new Amendment, agreed two new Supplements and one revised Supplement to the X-series Recommendations.

Q(1)AcronymTitleNew / RevisedEditor(s)Location of TextEquivalent
e.g., ISO/IEC
Start of work
4/17X.1500
Amd.5
Overview of cybersecurity information exchange – Amendment 5 – Revised structured cybersecurity information exchange techniquesNote (2)Youki KadobayashiTD 09642013-09
4/17X.Suppl.10revSupplement 10 to ITU-T X-series Recommendations - ITU-T X.1205 – Supplement on usability of network tracebackRevisedYouki Kadobayashi,
Huirong Tian,
Heung Youl Youm
TD 0973 Rev.22014-01
7/17X.Suppl.21
(X.websec-5)
Supplement 21 to ITU-T X-series Recommendations - ITU-T X.1143 – Supplement on Security framework for web mashup servicesNewJae Hoon Nah,
Heung-Ryong Oh
TD 0948 Rev.12012-03
7/17, (10/17)X.Suppl.22Supplement 22 to ITU-T X-series Recommendations - ITU-T X.1144 – Supplement on enhancements and new features in XACML 3.0NewAbbie Barbir,
Jae Hoon Nah
TD 0994 Rev.12014-01

Notes:

(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2) Amendment 5 supersedes Amendment 4.

Recommendations determined (TAP – WTSA-12 Resolution 1):

The SG17 plenary meeting determined (TAP) the following draft new ITU-T Recommendation in accordance with WTSA-12 Resolution 1, Section 9.

QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of work
4/17X.1211
(X.eipwa)
Capability requirements for preventing web-based attacksNewXie Wei,
Heung Youl Youm
TD 0975 Rev.12009-09

Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to three draft new ITU-T Recommendations, two draft revised ITU-T Recommendations, and six Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

Q(1)AcronymTitleNew / RevisedEditor(s)Location of TextEquivalent
e.g., ISO/IEC
Start of work
4/17, (11/17)X.1303bis
(X.cap)
Note (2)
Common alerting protocol (CAP 1.2)NewYouki Kadobayashi,
Jean-Paul Lemaire
TD 0955 Rev.2
Note (3)
OASIS CAP 1.22011-04
11/17, (10/17)F.511
(F.5xx)
Directory Service - Support of tag-based identification servicesNewErik AndersenTD 1012
Note (4)
2012-12
11/17X.680 Cor.2Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation – Technical Corrigendum 2Paul E. ThorpeTD 0913 Rev.2ISO/IEC 8824-1:2008/Cor.22013-09
11/17X.682 Cor.1Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification – Technical Corrigendum 1Paul E. ThorpeTD 0914 Rev.2ISO/IEC 8824-3:2008/Cor.12013-09
11/17X.683 Cor.1Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications – Technical Corrigendum 1Paul E. ThorpeTD 0915 Rev.2ISO/IEC 8824-4:2008/Cor.12013-09
11/17X.690 Cor.2Information technology – ASN.1 encoding rules: specification of basic encoding rules (BER), canonical encoding rules (CER) and distinguished encoding rules (DER) – Technical Corrigendum 2Paul E. ThorpeTD 0916 Rev.2ISO/IEC 8825-1:2008/Cor.22013-09
11/17X.693 Cor.2Information technology – ASN.1 encoding rules: XML Encoding Rules (XER) – Technical Corrigendum 2Paul E. ThorpeTD 0918 Rev.2ISO/IEC 8825-4:2008/Cor.22013-09
11/17X.694 Cor.2Information technology – ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1 – Technical Corrigendum 2Paul E. ThorpeTD 0919 Rev.2ISO/IEC 8825-5:2008/Cor.22013-09
11/17X.696
(X.oer)
Information technology – ASN.1 encoding rules: Specification of Octet Encoding Rules (OER)NewPaul E. ThorpeTD 0852 Rev.2ISO/IEC 8825-7
Note (5)
2013-09
11/17X.906Information technology – Open distributed processing – Use of UML for ODP system specificationRevisedPeter LiningtonTD 0866ISO/IEC 197932012-03
11/17X.911Information technology – Open distributed processing – Reference model – Enterprise languageRevisedPeter LiningtonTD 0865ISO/IEC 154142012-03

Notes:

(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2) Both X.1303 and X.1303bis shall be in force.

(3) TD 0905 contains the A.5 justification information for draft new Recommendation ITU-T X.1303bis.

(4) TD 1040 contains the A.5 justification information for draft new Recommendation ITU-T F.511.

(5) X.696 was submitted to ISO/IEC JTC1 for PAS/Fast Track.

New work items:

The following six new work items were agreed to be added to the SG17 work programme:

Q(1)AcronymTitleNew/ RevisedAAP/TAP/ AgreementEditor(s)Documents

Equi-valent

e.g., ISO/IEC

Timing***
4/17X.sbbSecurity capability requirements for countering smartphone-based botnetsNewTAP

Yichen Jia, China Unicom,

Junjie Xia, China Unicom,

Bo Yu, China Unicom

NWI template:
TD 0962 Rev.2

Base text:
TD 0903,
C-189 Rev.1

2015-09
5/17X.cspimTechnical framework for countering mobile messaging spam (SPIM)NewTAP

Huamin Jin, China Telecom,

Zhaoji Lin, ZTE,

Seokung Yoon, Korea Internet & Security Agency

NWI template:
TD 0997 Rev.3

Base text:
C-185 Rev.1

2016
7/17, (10/17)X.Suppl.22Supplement 22 to ITU-T X-series Recommendations - ITU-T X.1144 – Supplement on enhancements and new features in XACML 3.0NewAgreement

Abbie Barbir, MBNA Canada,

Jae Hoon Nah, ETRI

Base text:
TD 0944 Rev.1
2014-01
9/17X.th13Holosphere to biosphere secure data acquisition and telecommunication protocolNewAAPOlivier Vuillemin, IECNWI template:
TD 1031 Rev.1
Note (2)
2013-2016
11/17X.oid-iotSupplement to ITU-T X-series – ITU-T X.660 - Guidelines for using object identifiers for the Internet of ThingsNewAAP

Zhaoji Lin, ZTE Corporation,

Dongya Wu, China (P.R)

NWI template:
TD 1017 Rev.1

Base text:
TD 0981

2015-09
12/17Z.161.5Testing and Test Control Notation version 3: TTCN-3 Language Extensions: Performance and real time testingNewAAPDieter Hogrefe, GermanyNWI template:
TD 1036
ETSI ES 202 7822014-09

Notes:

* Target date for consent or determination of Recommendations or for approval of appendices,
supplements or implementers' guides.

(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2) Reservation statement made by USA, and concerns expressed by Orange, UK, and Canada.

All other proposed new works items (on SDN security, on security for the Intelligent Transportation Systems (ITS)/V2X, on virtualization security in cloud computing, on privacy protection in cloud computing, on security components for cloud computing, on security guidelines for Virtual Network Operator (VNO), on cryptographic protocol verification, and Reference monitor for analytics applications) require more studies until being ready for launching at the next SG17 meeting.

Work items discontinued:

The following five work items were agreed to be deleted from the work programme:

Q(1)AcronymTitleAction
3/17X.sup1056**ITU-T X.1056 – Supplement on related Recommendations, International Standards and documents for security incident managementdelete
8/17,
(7/17)
X.fsspvn*Framework for a secure service platform for virtual networkdelete
10/17X.atag*Attribute aggregation frameworkdelete
10/17X.idmts*Framework for the interoperable exchange of trusted servicesdelete
10/17X.oitf*Open identity trust frameworkdelete

Notes:

* Marked draft Recommendations were for determination.

** Marked text was for agreement

(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

Deletion of Recs. ITU-T Z.400, Z.600, and Z.601 was postponed to WTSA-16.

Coordination and promotion activities:

  • Two Joint Coordination Activity meetings under SG17 parent-ship were held, JCA-IdM and JCA-COP.
    Mr. Abbie Barbir (MBNA Canada) was appointed as new co-chairman of JCA-IdM. IdM coordination took place with OpenID Foundation, and Kantara Initiative.
    JCA-COP requested extension of its life time until 2015-09 and was confibmed by SG17; co-chairmen Ms. Ashley Heineman (USA) and Mr. Phil Rushton (UK) will continue. ISO/IEC JTC 1/SC27/WG5 informed on their current study period on age verification.
  • Four special sessions were held to off-load the plenaries from debates: on bridging the standardization gap (with live interpretation) for Developing Countries with a presentation from UNCTAD finding much interest; on non-normative publications; on planning the ITU Security Workshop; and on BDT Global Cybersecurity Index (GCI) where improved coordination between ITU-D, especially Q22/1, and SG17 was accomplished. All special sessions provided good discussions and better understanding. The meeting confirmed to continue organizing a BSG session at every SG17 meeting.
  • SG17 re-iterated its strong desire and urgency to request ITU to stop charging for the Security Manual and the OID Handbook and to make them available free of charge. The special session on non-normative publication provided guidance to SG17.
  • Updates were made to the Security Compendium, and to the ICT Security Roadmap.
  • Planning continued of the ITU security workshop 15-16 September 2014 with special focus theme on ICT security standardization challenges for Developing Countries. A broad workshop steering team was compiled, with Mr. Mohamed Elhaj taking the lead of the workshop steering team.

Correspondence Groups:

The Correspondence Group informal guidance and reporting template, developed by SG17, was submitted to the next TSAG meeting.
Except CG-CYBEX, all six other Correspondence Groups were terminated.

Other highlights:

  • SG17 agreed to the final draft questionnaire/survey on spam (in support of WTSA-12 Res.52 resolves 2 instructs TSB Director) and provides the material to TSB to take further action (e.g. to issue broadly as a Circular to our entire ITU-T membership).
  • Some Member States submitted their TAP consultation replies "late". SG17 requested advisory from ITU legal unit until the next SG17 meeting how to handle such "late" submitted TAP consultation replies according to WTSA-12 Resolution 1.
  • Reservation statement was given by Korea on selected traditional approval process made for Q6/17 at the September 2013 SG17 meeting.
  • SG17 noted that letters have been received from Andorra and Rwanda informing SG17 that they are now operating a country registration authority for object identifiers (OIDs) under {joint iso-itu-t(2) country(16) ad(20)} and {joint iso-itu-t(2) country(16) rw(646)}, respectively.

Associated events:

Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.

  • A well-attended mini-workshop was organized between UPU and ITU during the SG17 meeting, exploring opportunities for cooperation in areas of joint interest. The mini workshop helped to achieve better mutual understanding of the interests and concluded with a couple of touch points for future collaboration.
  • Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
  • No reception and social networking event could be organized this time due to lack of sponsor(s). Sponsors are very welcome for a reception event during the ITU security workshop and/or the next SG17 meeting.

Tutorial presentations:

Three tutorial presentations were given at this Study Group 17 meeting.

· "SG17 orientation session for newcomers", Arkadiy Kremer, SG17 Chairman.

· "Multipurpose Smart ID Card with PKI (Bio Digital Signature with Smart Card + e-ID + Credit Card), Mr. Unho CHOI, UNHCR.

· "The Multistakeholder Preparatory Process for the WSIS+10 High Level Event", Ms. Gitanjali Sah, ITU SG/SPM.

Next SG17 meeting:

  • 17-26 September 2014 in Geneva, preceded by 1½ -day co-located ITU Security Workshop for Developing Countries.
  • Seven interim Rapporteur Group meetings, and some virtual e-meetings are planned until September 2014.
  • 21 texts are scheduled for decision at the next SG17 meeting.
 
​ ​