Committed to connecting the world

ai-for-good

Question 7/17

​​
Question 7/17 – Secure application services
(Continuation of Q7/17)

Motivation

Recommendations ITUT X.1141, X.1142, X.1143 and draft Recommendations Amd.1 of ITUT X.1141, Amd.1 of ITUT X.1142 and X.xcaml3 provide a set of Recommendations on security tokens for authentication/authorization and security architectures for message of network services. Recommendations ITUT X.1151, X.1152, X.1153 and draft Recommendations ITUT X.sap-4, X.sap-5, X.sap-6 specify guidelines on secure password-based authentication with key exchange and various Trusted Third Party (TTP) services. Recommendations ITUT X.1161, X.1162 and draft Recommendations ITU-U X.p2p-3, X.p2p-4, X.hsn specify a comprehensive framework and mechanisms for the security of P2P services. A continued effort to maintain and enhance these security Recommendations to satisfy the needs of emerging ubiquitous technologies and services is required.

The telecommunications industry has been experiencing an exponential growth in TTP (Trusted Third Party) services. Security of telecommunication-based application service including social network service, P2P and TTP service is crucial for the further development of the industry. Secure application protocols play a very critical role for providing secure application service. Standardization of the best comprehensive security solutions is vital for the industry and network operators that operate in a multi-vendor international environment. It is also required to study and develop other types of secure application services such as time stamping services, secure notary services and malware detection/response services including analyzing the behaviour of malware in controlled environments; use of security assertions as a replacement to the use of certificates in PKI based protocols and PKI application services, etc. Security technologies such as security assertion and access control assertion become very critical in communication networks.

Recommendations and Supplements under responsibility of this Question as of 1 December 2012: X.1141, X.1142, X.1143, X.1151, X.1152, X.1153, X.1161, X.1162, X.1164, and X.Suppl.17.

Texts under development: X.1154 (X.sap-4), X.p2p-3, X.sap-5, X.sap-6, X.sap-7, X.sap-8, X.sap-9, X.websec-5, and X.xacml3.

 Question

Study items to be considered include, but are not limited to:
  1. How should threats behind secure application services be identified and handled?
  2.  What are the security technologies for providing secure application services?
  3.  How should secure interconnectivity between application services be kept and maintained?
  4.  What security techniques or protocols are needed for secure application services?
  5.  What security techniques or protocols are needed for emerging secure application services?
  6.  What are the global security solutions for secure application services and their applications?

Tasks

Tasks include, but are not limited to:

  1. In collaboration with other ITUT Study Groups and Standards Development Organizations, especially with ISO/IEC JTC 1/SC 27, produce a comprehensive set of Recommendations for providing comprehensive security solutions for application communication services.
  2.  Review existing Recommendations/Standards of ITUT and ISO/IEC in the area of secure application services.
  3.  Study further to define security aspects of secure application services and for emerging new services.
  4.  Study and develop security issues and threats in secure application services.
  5.  Study and develop security mechanisms for secure application services.

Relationships

Recommendations:

  • X.800 series and others related to security

Questions:

  •  ITUT Questions 1/17, 2/17, 3/17, 4/17, 5/17, 6/17, 8/17, 9/17, 10/17, 11/17, 7/13 and 13/16

Study Groups:

  • ITUT SGs 2, 9, 11, 13 and 16

Standardization bodies:

  • ISO/IEC JTC 1/SC 27; IETF; ATIS; ETSI; OASIS; W3C; OMA (Open Mobile Alliance); Kantara Initiative; IMPACT, ENISA, GCA; GSMA; COE.

 

​​​