Committed to connecting the world

ai-for-good

Question 11/17

​​
Question 11/17 – Generic technologies to support secure applications
(Continuation of Q11/17, Q12/17, Q15/17 and the ODP part of Q13/17)

Motivation

This Question supports the continued development of a variety of generic technologies that are in wide-spread use in support of secure applications. These include:

  • Directory services (X.500 series);
  • Public Key Infrastructures (PKI – X.509);
  • Privilege Management Infrastructure (PMI – X.509);
  • ASN.1 (X.680 and X.690 series), Object Identifiers and their Registration Authorities (X.660 and X.670 series);
  • Fast Web Services and Fast Infoset (X.890 series);
  • OSI and ODP maintenance.

Motivation for the work on directories, PKI and PMI

The X.500-series of Recommendations has a significant impact in the industry. These Recommendations are major components of widely deployed technologies such as Public-Key Infrastructure (PKI) and lightweight directory access protocol (LDAP), and is used in many areas, e.g., financial, medical, and legal. Where high security directory services are required, e.g., in the military area, X.500 is the only answer.

X.500 provides elaborate access control and data privacy protection. It is an open-ended specification adaptable to many different applications. It is extendable to allow future requirements to be met. The widely used LDAP is built on the X.500 Directory model. X.500 has included capabilities for interworking with LDAP. X.500 and LDAP directory solutions are an important part of identity management (IdM). Directory vendors are marketing the directory solutions as IdM systems. Several IdM and NGN requirements (e.g., for tag-based applications) can be met by use of directory service.

X.509 is a significant Recommendation. Public-key certificates are widely used. In every secure browser session using Transport Layer Security (TLS) a certificate is used to authenticate the web server and to agree on the encryption key that will be used to protect the information exchanged in the session. The public-key certificate is also used to authenticate and protect e-mail. The works of the IETF PKIX Working Group, CA Browser Forum, ETSI Electronic Signatures and Infrastructure (ESI), etc. have their foundation within X.509.

Attribute certificates provide a secure method for conveying privileges especially in federated identity management systems. The OASIS SAML specifications are based on X.509 attribute certificates. Attribute certificates are in particular useful when privileges are assigned by other authorities than those issuing public-key certificates and when long lived and revocable privileges are required e.g. group memberships.

The X.500-series of Recommendations needs to evolve to cope with future requirements for IdM, NGN, Near Field Communication and PKI, e.g., for secure and encrypted communication among intelligent systems. This requires elaborate encryption key management, procedures distributing and securing trust anchor information, etc.

In collaboration with other groups X.509 needs to evolve and to be maintained to reflect and benefit from the experiences obtained within the Public-Key Infrastructure (PKI) area and in The Privilege Management Infrastructure (PMI) area.

The draft Recommendation ITU‑T F.5xx, "Directory Service - Support of tag-based identification services" needs to be expanded taking more Radio Frequency Identification (RFID) applications into account (NATO, Department of Defence, Library Systems, etc.) and to extend the support to other types of Automatic Identification and Data Capture (AIDC) media, such as bar codes and smart cards.

Recommendation ITU‑T E.115 is a directory specification supporting the directory assistance service. It is widely implemented and used by directory assistance service providers as organized by The Association for the Directory Information Industry (EIDQ). E.115 has been extended several times, e.g., to support different languages and extended communications address support.

Recommendations under responsibility of this Question as of 1 December 2012: E.104 (in conjunction with SG2), E.115 (in conjunction with SG2), F.500, F.510, F.515, X.500, X.501, X.509, X.511, X.518, X.519, X.520, X.521, X.525, X.530, and e-X.imp500.

Recommendations under development: F.5xx, X.pki-em, and X.pki-prof.

Motivation for the work on ASN.1, object identifiers and their Registration Authorities

Additional Recommendations, where needed, will be developed to accommodate advances in technology and additional requirements from users of the ASN.1 notation, its encoding rules, and additional requirements from users and providers of registration authorities for international object identifiers.

ASN.1 has proved to be the notation-of-choice for many ITU‑T standardization groups, many of which continue to produce requests for additional functionality in the ASN.1 Recommendations and for correction of residual ambiguities and lack of clarity in the more recent additions and amendments to those Recommendations.

Object identifiers (OIDs) have proved a very popular namespace based primarily on a tree-structure of hierarchical registration authorities identified by integer value. Its recent extension to International OIDs allowing arcs to be identified by Unicode labels is also in demand for various applications, and is likely to produce requirements for further development and extension, and allocations.

There is a continuing requirement to provide advice and assistance to other study groups, external standards development organizations (SDOs) and countries on both ASN.1 notational matters but increasingly on the management of the OID namespace. It is expected that the need for help and advice will increase with the introduction of international OIDs and the increasing use of Country Registration Authorities by developing countries. There is therefore a continued need for an ITU‑T "OID Project" with an appointed project leader to provide such advice and assistance.

Any innovative use of object identifiers is to be developed in conjunction with ITU-T Study Group 2.

Recommendations under responsibility of this Question as of 1 December 2012: X.660, X.662, X.665, X.666, X.667, X.668, X.669, X.670, X.671, X.672, X.674, X.680, X.681, X.682, X.683, X.690, X.691, X.692, X.693, X.694, X.695, X.891, X.892, and X.893.

Recommendations under development: None.

Motivation for the work on OSI maintenance

Systems based on OSI Recommendations may be implemented over a relatively long period of time. Operational experience with implemented systems based on these Recommendations may lead to the discovery of technical errors or desirable enhancements to these Recommendations. Therefore there is a need for on-going maintenance of X-series OSI Recommendations.

The work on the base Recommendations for Open Systems Interconnection (OSI) has been completed. This includes work on OSI reference model; upper layer (Application, Presentation and Session) structure, services and protocols; and lower layer (Transport, Network, Data Link and Physical) structure, services and protocols. Also mature is the work on Message Handling; Reliable Transfer; Remote Operations; Commitment, Concurrency and Recovery (CCR); and Transaction Processing.

The Recommendations under responsibility of this Question as of 1 December 2012:

  1.  OSI Architecture – X.200, X.210, X.220, X.630, X.650
  2. OSI Message Handling – F.400, F.401, F.410, F.415, F.420, F.421, F.423, F.435, F.440, F.471, F.472, X.400, X.402, X.404, X.408, X.411, X.412, X.413, X.419, X.420, X.421, X.435, X.440, X.445, X.446, X.460, X.462, X.467, X.481, X.482, X.483, X.484, X.485, X.486, X.487, X.488
  3. OSI Transaction Processing – X.860, X.861, X.862, X.863
  4. OSI Commitment, Concurrency and Recovery (CCR) – X.851, X.852, X.853
  5. OSI Remote Operations – X.219, X.229, X.249, X.880, X.881, X.882
  6. OSI Reliable Transfer – X.218, X.228, X.248
  7. OSI Upper Layers – X.287, X.637, X.638, X.639
  8. OSI Application Layer – X.207, X.217, X.217bis, X.227, X.227bis, X.237, X.237bis, X.247, X.257
  9. OSI Presentation Layer – X.216, X.226, X.236, X.246, X.256
  10. OSI Session Layer – X.215, X.225, X.235, X.245, X.255
  11. OSI Lower Layers – X.260
  12. OSI Transport Layer – X.214, X.224, X.234, X.264, X.274, X.284, X.634
  13. OSI Network Layer – X.213, X.223, X.233, X.263, X.273, X.283, X.610, X.612, X.613, X.614, X.622, X.623, X.625, X.633
  14. OSI Data link Layer – X.212, X.222, X.282
  15. OSI Physical Layer – X.211, X.281
  16. OSI Quality of service – X.641, X.642

Motivation for the work on ODP maintenance

A key aspect of telecommunications systems development is the availability of software to support Open Distributed Processing (ODP). Provision of ODP requires standardization of reference models, architectures, functions, interfaces and languages (X.900-series).

ODP includes work on the Reference model Overview, Foundations, Architecture, Architectural Semantics, Use of UML for ODP system specification, Enterprise language; Naming framework; Interface Definition Language; Interface references and binding; Protocol support for computational interactions; Trading Function Specification, Provision of trading function using OSI Directory service; Type repository function.

Recommendations under responsibility of this Question as of 1 December 2012: X.901, X.902, X.903, X.904, X.906, X.910, X.911, X.920, X.930, X.931, X.950, X.952, and X.960.

Question

Study items to be considered include, but are not limited to:

 Study items related to the work on directories, PKI and PMI

In relation to directory services:

  1. What new service definitions or modifications in the F-series are required to identify how current capabilities may be used and what new requirements there are on X.500?
  2. What enhancements to the E-series of Recommendations are necessary to cope with new service requirements?
  3. What enhancements are required on the Directory to support new PKI requirements?
  4. What new security and privacy requirements are there on directory information?
  5. What requirements are there on alternative means to access a directory?
  6. What other encoding rules for X.500, such as XML, may be required to further improve the usefulness of X.500?
  7. What further enhancements are required to the Directory to allow its use in various environments, e.g., resource constrained environments?
  8. What further enhancements are required to the Directory to improve its support of new areas?
  9. What further enhancements are required to public-key and attribute certificates to allow their use in various environments, e.g., resource constrained environments?
  10. What further enhancements are required to public-key and attribute certificates to increase their usefulness in areas such as biometrics, authentication, access control and electronic commerce?
  11. What changes to X.509 are required to specify enhancements and to correct defects?

This work will be done in collaboration with ISO/IEC JTC 1/SC 6 in their work on extending ISO/IEC 9594. Cooperation will be maintained with the IETF particularly in the areas of LDAP, PKIX and PKI.

Study items related to the work on ASN.1, Object Identifiers and Registration Authorities

  1. What enhancements are required to the Abstract Syntax Notation One (ASN.1) and its associated encoding rules to meet the needs of future applications?
  2. What additional encoding rule support is needed to provide for the requirements of the many applications using ASN.1?
  3. What tutorial activity is needed to support the use of OIDs in a variety of environments?
  4. What support and tutorial activity is needed to support the use of OIDs for Country Registration Authorities?
  5. What additional registration authorities or their procedures are needed to support the work of this and other Questions?
  6. What collaboration, beyond current agreements, is required with other bodies producing de jure or de facto standards to ensure that ITU‑T work on ASN.1 and OIDs remains a leader in the area of provision of notations for protocol definition and for unambiguous naming?
  7. What new editions are needed to consolidate Technical Corrigenda into base text?

Study items related to the work on OSI maintenance

  1. Continue maintenance of OSI architecture and individual layer Recommendations to provide any needed enhancements and to resolve any reported defects; and
  2. Continue maintenance of OSI Message Handling Service and Systems, Reliable Transfer, Remote Operations, CCR, and Transaction Processing to provide any needed enhancements and to resolve any reported defects.

Close collaboration and liaison with other study groups and other international groups implementing OSI is highly desirable to ensure the widest applicability of resulting Recommendations.

This work is to be carried out in collaboration with ISO/IEC JTC 1 and its sub-committees.

http://www.itu.int/ITU-T/workprog/wp_search.aspx?isn_sp=1749&isn_sg=1759&isn_qu=2049&isn_status=-1,1,3,7&details=0&field=aebcgfkjl

Study items related to the work on ODP maintenance

  1.  Continue maintenance of ODP Recommendations in particular considering any additional models, architectures, functions, interfaces and languages are necessary to extend and complement the Reference Model ODP (RM-ODP) for the construction of secure, real-time, and dependable open distributed systems, other enhancements needed, or corrections to the family of ODP Recommendations as a result of reported defects.

Close collaboration and liaison with other study groups and other international groups implementing ODP is highly desirable to ensure the widest applicability of resulting Recommendations.

This work is to be carried out in collaboration with ISO/IEC JTC 1/SC 7/WG 19.

Tasks

Tasks include, but are not limited to:

Tasks related to the work on directories, PKI and PMI

  1. Maintain the Directory by progressing Defect Reports and Technical Corrigenda.
  2. Identify new directory requirements in support of new and current technologies.
  3. Develop the eighth edition of the X.500-series of Recommendations.
  4. Develop new editions of E.115 to cope with future directory assistance service requirements.

Tasks related to the work on ASN.1, object identifiers and their Registration Authorities

  1. Monitor and progress publication of all work in hand at the end of the last study period.
  2. Collaborate with ISO/IEC JTC 1 SC 6 on areas of joint interest.
  3. Provide updated Recommendations for X.660-, X.670-, X.680- X.690- and X.890-series throughout the study period in response to user needs, producing new editions when appropriate.
  4. When there is a need to improve data transfer, assist other Questions in all study groups in the provision of ASN.1 modules equivalent to XML schemas defined in ITU‑T Recommendations (existing or under development), particularly in low bandwidth situations.
  5. Monitor and assist with the publication process of approved Recommendations | International Standards and Technical Corrigenda.
  6. Resolve all Defect Reports present at the start of the Study Period (and any new ones arising during the Study Period), and progress Technical Corrigenda as necessary.
  7. Ensure that all liaisons related to ASN.1 & OID work are handled in a timely and appropriate manner.
  8. Develop any additional tutorials or web pages that are likely to assist users of ASN.1 or OIDs.
  9. Obtain agreement in ISO/IEC JTC 1/SC 6 and SG17 on any additional OID allocations that are considered necessary.
  10. Under the responsibility of the OID Project Leader:
  • Provide general advice to users of OIDs;
  • Promote the use of ASN.1 and international OIDs within other study groups and external standards development organizations (SDOs);
  • Help countries with the establishment and maintenance of national registration authorities for OIDs (including international OIDs).

Tasks related to the work on OSI maintenance

  1. Develop corrections or enhancements to OSI Recommendations, as needed, based on received contributions and to resolve any reported defects;
  2.  Maintain the OSI Implementers’ Guide.

Tasks related to the work on ODP maintenance

  1. Develop corrections or enhancements to ODP Recommendations, as needed, based on received contributions and to resolve any reported defects;
  2. Revision of X.911 on Enterprise Language.

Relationships

Recommendations:

  • H.200-series, H.323, H.350-series, T.120, X.600-X.609 series, X.700-series, X.800-X.849 series, Z-series

Questions:

  • All ITU‑T Questions related to the above Recommendations

Study groups:

  • ITU‑T SGs 2, 4, 11, 13, 16 and all study groups that use ASN.1 or OIDs, or that have need for them

Standardization bodies:

  • ISO/IEC JTC 1 SCs 6, 7, 27 and 31, IETF, OASIS, OMG, W3C.

 

 

 

 

​​​