Summary

Recommendation ITU-T X.1080.0 provides specifications on how to protect telebiometrics information against unauthorized access. A service-oriented view is taken, where only information necessary for a particular purpose is provided, i.e., access is given not only on a right-to-know basis, but also on a need-to-know basis.

The core of this Recommendation is an attribute specification included in an attribute certificate or public-key certificate that specifies in detail what privileges a particular entity has for one or more service types.

Security is provided by using a profile of the cryptographic message syntax (CMS). The CMS profile provides authentication, integrity and, when required, confidentiality (encryption).

This profile is intended to provide security support for telebiometrics specifications in general. The profile assumes, and is dependent upon, the correct deployment of a public-key infrastructure (PKI).

This Recommendation is also dependent on the deployment of a privilege management infrastructure (PMI).

Corrigendum 1 corrects minor editorial issues in Annex A as well as some errors in the object identifier allocations in Annex A. The corrections to Annex A are  also applied in Annex C and Appendix I.