ITU Home Page International Telecommunication Union Français | Español 
Print Version 
ITU Home Page
Home : Office of the Secretary-General : CSD : New Initiatives Prog. : ESCA
Summary of Discussion including Recommendations Concerning the ITU’s future Consideration of the Area of Authentication
INTERNATIONAL TELECOMMUNICATION UNION

EXPERTS MEETING ON ELECTRONIC SIGNATURES AND CERTIFICATION AUTHORITIES:  ISSUES FOR TELECOMMUNICATIONS

Document No. 4(Final)

10 December 1999  

English only  

 

Geneva, 9-10 December 1999  


SUMMARY OF DISCUSSION  
including  
RECOMMENDATIONS  
CONCERNING THE ITU’S FUTURE CONSIDERATION OF THE AREA OF AUTHENTICATION

 

             At the invitation of the Secretary-General of the International Telecommunication Union (ITU), a High-Level Experts Meeting on Electronic Signatures and Certification Authorities: Issues for Telecommunications was held in Geneva, December 9-10, 1999. The Secretary-General invited the experts, who attended in their individual capacities, “to develop suggestions and provide guidance for the ITU in its consideration of the appropriate means to address the needs of the telecommunications and Internet communities concerning electronic signatures, and to consider international approaches for facilitating cross-border recognition of signatures and certificates.” At the conclusion of their meeting, the experts adopted this report summarizing their discussion and providing recommendations.

             Since its founding in 1865, the ITU has developed extensive expertise establishing global standards, ensuring interoperability, and facilitating development throughout the world. Its accomplishments reflect not only its long history, but also its experience working closely with industry, including nearly 600 Sector Members, as well as national governments and regional and international organizations, and its large and diverse membership, which today, with 189 Member States, outnumbers the membership of the United Nations.  During its 134-year history, the ITU has demonstrated particular expertise in assisting and training national telecommunication authorities, including its recent experience helping to prepare 80 new national telecommunications regulators, in distance education, and in facilitating continued development of the telecommunication infrastructure—an essential conduit for access to the Internet and the World Wide Web—within developing countries. Long a central part of the ITU’s mission, the development of telecommunication infrastructure takes on new importance in the face of the Internet, the World Wide Web, electronic commerce, and other electronic and digital services.

             The Experts gathered believe that the ITU—with its unique expertise, experience working closely with industry, and inclusive membership—has a role in providing guidance concerning electronic authentication and fostering an inclusive global dialogue about authentication measures and issues. (We use the term “authentication” to refer to the broad range of authentication measures¾whether currently in existence or yet to be developed¾of which electronic signatures and certification authorities are examples.) In addition, we note that the telecommunication industry was among the first to develop and implement authentication measures, and that the telecommunication industry today provides the primary conduit and access to the Internet and electronic information services. The telecommunication industry is the special responsibility of the ITU and has long built relationships of trust with both individuals and institutions that have evolved in part under a global structure and treaty framework administered by the ITU and that are important to the development and availability of authentication methods.

             The Experts see this meeting as an important step in the process of utilizing the ITU’s expertise in regard to authentication. We note that it is not the only step: ITU-T Recommendation X.509 and recent initiatives amending that Recommendation to address trusted third parties are examples of other on-going ITU activities in this area. In our capacity as individual experts, we outline below three recommendations concerning the ITU’s future consideration of this area.

 Recommendations

 1.      Prior to undertaking further consideration of activities related to authentication, the ITU should identify, inventory, and take into account the principles and activities concerning authentication that have been agreed upon or are currently under consideration by other international and regional, intergovernmental and industry organizations and initiatives.

 

2.      The ITU’s further consideration of any authentication issues, having taken into account the principles and activities identified through Recommendation 1 above, should:

 

a.        Enable and facilitate reasonable and appropriate authentication measures.

 

b.        Encourage voluntary, rather than mandatory approaches, and promote effective competition.

 

c.        Where international dialogue is needed and where appropriate, it should be closely coordinated and conducted in coordination with, the activities of other institutions, including international and regional organizations, industry, national governments, and the private sector.

 

d.        Avoid duplicating the efforts of other organizations.

 

e.        Not engage in activities that constrain the development and implementation of market-based initiatives and standards or of private arrangements for authentication.

 

f.          Be technology-neutral, so as not to constrain the development of new technologies, applications, services, and products for authentication.

 

g.        Be sensitive to the unique features and technologies of the Internet, the World Wide Web, and related systems, including their rapid pace of evolution, inherently global character, and lack of centralized authority.

 

h.        Be particularly attentive to the needs of developing countries and cultural differences among individuals and groups.

 

i.          Facilitate authentication across borders.

 

3.      The ITU should include the following as part of its consideration of possible future steps concerning authentication:

 

a.        Provide education about authentication to, and opportunities for information-sharing about authentication among, the public, national regulators, business leaders, and others, including, in conjunction with other relevant organizations, facilitating an online discussion forum for experts to exchange information about this rapidly developing topic.

 

b.        Facilitate the development and implementation of authentication in, and in connection with, developing countries through training, the participation of government officials and telecommunication industry leaders from developing countries in ITU activities concerning authentication, and other appropriate activities.

 

c.        In close cooperation and consultation with other organizations that have embarked on initiatives in this area, continue and expedite its standard-setting activities relevant to authentication, recognizing in its standard-setting activities in other areas the potential impact of those standards on authentication, and opportunities, where appropriate, for further facilitating authentication through those standards.

 

d.        Consistent with the principles identified in Recommendations 1 and 2 and in close cooperation and consultation with other organizations that have embarked on initiatives in this area, investigate and evaluate models for facilitating authentication across borders.

 

e.        Focus its attention on the needs and responsibilities of the telecommunication industry and the Member States and Sector Members of the ITU. The ITU’s activities in this regard could include facilitating the exchange of information within the telecommunication industry and between this sector and other industries about their experience with authentication; special attention to electronic authentication issues in the development of telecommunication recommendations; and initiatives relating to the telecommunication industry’s use of authentication measures.

 

f.          Expand and enhance its cooperative and coordinating activities relating to authentication measures. These activities could take many different forms—virtually all of them in cooperation with other international and regional governmental, industry, and consumer organizations (Examples might include maintaining a glossary of key terms and their accepted meanings or of common provisions and formats for evaluating the fitness of authentication measures for their intended purpose).

This list is not exhaustive; rather it reflects some of the key activities identified by the Experts Meeting concerning authentication measures that we believe the ITU should include in its future consideration of authentication issues.

             We have instructed the Chairman to forward this report, together with a list of participants and copies of the presentations made at the meeting, to the ITU Secretary-General, and to convey to the Secretary-General our appreciation for having convened this High-Level Experts Meeting and for his participation in and hospitality during the meeting.

Done at Geneva, on 10 December 1999

 

Top -  Feedback -  Contact Us -  Copyright © ITU 2011 All Rights Reserved
Contact for this page : spumail@itu.int
Updated : 2011-04-04