Executive Summary
Study Group 17 meeting
(8 - 17 April 2015, Geneva/Switzerland)
Participation:
147 participants (19 less than at the previous SG17 meeting, 192 pre-registered); 28 Member States, 15 Sector Members, 3 Associates, and 5 Academia participating. Several invited experts. Increased participation of Member States from of developing countries.
Organization of the meeting:
Busy and productive 5th meeting of this study period having 8 working days.
- Many parallel meetings per quarter each day. Many sessions were equipped with AdobeConnect teleconferencing to allow participation from remote. The JCA-IdM meeting had to be stopped due to the ITU network outage on WED 15 April 2015, communication with the remote participants was not possible anymore; a follow-up JCA-IdM e-meeting will be organized.
- Two SG17 open, extended management team meetings were held (one late afternoon prior to the opening plenary and the other during the weekend), complemented by the SG17 security coordination meeting.
- Contributions: 74 (80 last time, stable), one contribution withdrawn
Contributions from Africa: 3, Americas: 1, Asia/Pacific: 61, Arab: 1, LAM: 0, CIS: 4, Europe: 4. Some contributions from Korea did not have change marks as claimed by the submitters; TDs with the changed marked contributions were posted. - TDs: 378 (19 less than in the previous meeting). This includes 60 incoming liaison statements, and 42 outgoing liaison statements.
Absent SG17 vice chairmen:
- Mr Khalid Belhoul, UAE, SG17 vice chairman, had left TRA; UAE Administration is seeking for a replacement.
- No response from Mr Mario German Fromow Rangel (Mexico), SG17 vice chairman. TSB needs to contact the Administration of Mexico to clarify the situation.
Newly appointed Associate Rapporteurs:
- Mr Younghwa Kim (Korea) in Question 1/17;
- Mr Chen Cai (China) in Question 1/17;
- Ms Zhiyuan Hu (Alcatel-Lucent Shanghai Bell Co. Ltd) in Question 2/17;
- Mr Michael Katundu (Kenya) in Question 4/17.
Recommendation approved (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting approved the text announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. There is one new Recommendation as listed below:
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of text |
Equivalent e.g., ISO/IEC |
Start of work |
Timing |
4/17 | X.1525 (X.cwss) | Common weakness scoring system | New | Robert A. Martin | TD 1738 | | 2009-09 | 2015-04 |
Approval of the above Recommendation is reflected in TSB Circular 149 of 23 April 2015.
Amendment and Implementer Guide approved, Supplement agreed:
The SG17 plenary meeting approved one new Amendment and one Implementer's Guide, and agreed one new Supplement to the ITU-T Z-series Recommendations.
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of Text |
Equivalent e.g., ISO/IEC |
Start of work |
Timing |
4/17 | X.1500 Amd.7 Note (1) | Overview of cybersecurity information exchange – Amendment 7 – Revised structured cybersecurity information exchange techniques | Note (1) | Youki Kadobayashi | TD 1763 Rev.1 | | 2013-09 | 2015-04 |
12/17 | Z.Imp100 | Specification and Description Language implementer's guide – Version 2.0.2 | Revised | Rick Reed | TD 1691 Rev.1 |
| 2014-09 | 2015-04 |
12/17 | Z.Sup1 | Supplement 1 to Z-series Recommendations –
ITU-T Z.100-series – Supplement on methodology on the use of description techniques | Revised | Rick Reed | TD 1598 Rev.1 | | 2010-12 | 2015-04 |
Note:
(1) Amendment 7 supersedes Amendment 6.
Recommendations determined (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting determined (TAP) three new ITU-T Recommendations in accordance with WTSA-12 Resolution 1, Section 9.
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of text |
Equivalent e.g., ISO/IEC |
Start of work |
Timing |
5/17 | X.1246* (X.ticvs) | Technologies involved in countering voice spam in telecommunication organizations | New | Xuetao Du, Tao Lou | COM 17 – R 40(TD 1718 Rev.1) | | 2011-09 | 2015-04 |
7/17 | X.1157* (X.sap-7) Note (1) | Technical capabilities of fraud detection and response for services with high assurance level requirements | New | Tae Kyun Kim, Hyung-Jin Lim | COM 17 – R 43 (TD 1638) | | 2011-09 | 2015-04 |
11/17 | X.1341* (X.cmail) Note (1) | Certified mail transport and certified post office protocols | New | David Keller, Laura Prin | COM 17 – R 45 (TD 1634 Rev.1) | | 2013-04 | 2015-04 |
Notes:
(1) X.1157 and X.1341 were deferred from previous AAP Last Call to SG17 for consideration. SG17 changed the approval process from AAP to TAP according to Rec. ITU-T A.8 clause 5.2 upon request by Germany recognising regulatory and policy implications.
Information on the Member States consultation is available in TSB Circular 150 issued 30 April 2015.
Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8):
The SG17 plenary meeting gave consent (AAP) to three draft new ITU-T Recommendations, eleven draft revised ITU-T Recommendations, and three Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:
Q(1) |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of text |
Equivalent e.g., ISO/IEC |
Start of work |
Timing |
7/17 | X.1163 (X.p2p-3) | Security requirements and mechanisms of peer-to-peer-based telecommunication networks | New | Lijin Liu, Jaehoon Nah | TD 1717 Rev.4 Note (4) |
| 2009-09 | 2015-04 |
8/17, (3/17) | X.1631 (X.cc-control) Notes (2), (3) | Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services | New | Kojo Nakao, Huirong Tian | TD 1810 | ISO/IEC 27017 | 2013-04 | 2015-04 |
11/17 | X.226 Cor.1 Note (3) | Information Technology – Open Systems Interconnection – Connection-Oriented Presentation Protocol: Protocol Specification | | Jean-Paul Lemaire | TD 1713 | ISO/IEC 8823-1 | 2015-04 | 2015-04 |
11/17 | X.227bis Cor.1 Note (3) | Information technology – Open Systems Interconnection – Connection-mode protocol for the Application Service Object Association Control Service Element | | Jean-Paul Lemaire | TD 1714 | ISO/IEC 15954 | 2015-04 | 2015-04 |
11/17 | X.509 Cor.1 | Information technology – Open Systems Interconnection – The Directory – Public-key and attribute certificate frameworks – Technical Corrigendum 1 |
| Erik Andersen | TD 1731 Rev.1 Note (5) | ISO/IEC 9594-1 Cor.1 | 2014-09 | 2015-04 |
11/17 | X.675 (X.orf) | OID-based resolution framework for heterogeneous identifiers and locators | New | Younghwan Choi | TD 1799 Rev.2 | | 2013-04 | 2015-04 |
11/17 | X.680 Rev Note (3) | Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8824-1 | 2015-04 | 2015-04 |
11/17 | X.681 Rev Note (3) | Information technology – Abstract Syntax Notation One (ASN.1): Information object specification | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8824-2 | 2015-04 | 2015-04 |
11/17 | X.682 Rev Note (3) | Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8824-3 | 2015-04 | 2015-04 |
11/17 | X.683 Rev Note (3) | Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8824-4 | 2015-04 | 2015-04 |
11/17 | X.690 Rev Note (3) | Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-1 | 2015-04 | 2015-04 |
11/17 | X.691 Rev Note (3) | Information technology – ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-2 | 2015-04 | 2015-04 |
11/17 | X.692 Rev Note (3) | Information technology – ASN.1 encoding rules: Specification of Encoding Control Notation (ECN) | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-3 | 2015-04 | 2015-04 |
11/17 | X.693 Rev Note (3) | Information technology – ASN.1 encoding rules: XML Encoding Rules (XER) | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-4 | 2015-04 | 2015-04 |
11/17 | X.694 Rev Note (3) | Information technology – ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1 | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-5 | 2015-04 | 2015-04 |
11/17 | X.695 Rev Note (3) | Information technology – ASN.1 encoding rules: Registration and application of PER encoding instructions | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-6 | 2015-04 | 2015-04 |
11/17 | X.696 Rev Note (3) | Information technology – ASN.1 encoding rules: Specification of Octet Encoding Rules (OER) | Revised | Paul Thorpe | TD 1588 Rev.1 | ISO/IEC 8825-7 | 2015-04 | 2015-04 |
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Approval process was changed from TAP to AAP according to WSTA-12 Resolution 1 section 8.3 (ref TD 1753).
(3) AAP Last Call delayed to allow synchronization with ISO/IEC JTC 1
(4) WP4/17 Report (COM 17 – R 42 Annex B Attachment 2) contains the A.5 justification information for draft Recommendation ITU-T X.1163 (X.p2p-3).
(5) WP5/17 Report (COM 17 – R 44 Annex A Attachment 1) contains the A.5 justification information for draft technical corrigendum 1 to X.509.
New work items:
The following eight new work items were agreed by SG17 to be added to the SG17 work programme
Q(1) |
Acronym |
Title |
New/ Revised |
AAP/TAP/ Agreement |
Editor(s) |
Document |
Timing* |
1/17 | X.TRsuss | Technical Report on the successful use of security standards | New | Agreement | Mohamed M. K. Elhaj (Provisional appointment) SG17 Vice-chairman
mohamed.elhaj@ntc.org.sd | NWI template: TD 1806 Rev.1 Base text: COM17-TD 0115 Rev.1 (2009-2012 study period) | 2016-09 |
2/17 | X.sdnsec-2 | Security requirements and reference architecture for Software-Defined Networking | New | AAP | Zhiyuan HU, Alcatel-Lucent Shanghai Bell,
Zhiyuan.hu@alcatel-sbell.com.cn; Zhaoji Lin, ZTE Corporation,
lin.zhaoji@zte.com.cn | NWI template: TD 1766 Rev.1 Base text: TD 1766 Rev.1 Annex 1 | 2017-09 |
4/17 | X.nessa | Access control models for incidents exchange networks | New | TAP | Alexey Koshka, Ministry of Telecom and Mass Communications, Russian Federation,
biocheshire@yandex.ru | NWI template: TD 1792 Rev.2 Base text: TD 1792 Rev.2 Annex 2 | 2016 |
4/17 | X.samtn | Security assessment techniques in telecommunication/ICT networks | New | TAP | Vibha Tomar, India,
dirngn.tec@gov.in,
dirsw.tec@gmail.com; Byung-Moon Chin | NWI template: TD 1755 Rev.3 Base text: C 0316 | 2016 |
5/17 | X.gcsfmpd | Supplement to Rec. ITU-T X.1231 on guidance of countering spam for mobile phone developers | New | Agreement | Tae-Jin Lee, KISA, Korea (Republic of),
tjlee@kisa.or.kr; Jeong-Jun Suh, KISA, Korea (Republic of),
jjun2@kisa.or.kr | NWI template: TD 1737 Rev.3 Base text: TD 1737 Rev.3 Annex 2 | 2016-03 |
6/17 | X.iotsec-2 | Security framework for Internet of Things | New | TAP | Xia Junjie, China Unicom,
xiajj2@chinaunicom.cn; Heung Youl Youm, Korea (Republic of),
hyyoum@sch.ac.kr | NWI template: TD 1743 Rev.1 Base text: TD 1743 Rev.1 Annex 2 | 2018-02 |
8/17 | X.1601rev | Security framework for cloud computing | Revised | TAP | Nan Meng, China,
mengnan@caict.ac.cn | NWI template: TD 1780 Rev.2 Base text: C 0345 | 2015-09 |
9/17 | X.pbact | Privacy-based access control in Telebiometrics | New | TAP | Erik Andersen, Denmark,
era@tdcadsl.dk; Michele Peiry Meier, ISO TC 12 Liaison Officer,
michele.peiry@hotmail.com | NWI template: TD 1778 Rev.1 Base text: C 0374 | 2018-04 |
Notes:
* Target date for consent or determination of Recommendations or for approval of Appendices or Implementers' Guides, agreement of Supplements
(1) SG17 Question. In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
Work items discontinued:
The following ten work items were agreed to be deleted from the work programme, an OLS on clean-up of stale work items will be sent to RevCom:
Q(1) |
Acronym |
Title |
Action |
4/17 | X.cee* | Common event expression | delete |
4/17 | X.cee.1* | CEE overview | delete |
4/17 | X.cee.2* | CEE profile | delete |
4/17 | X.cee.3* | CEE common log syntax (CLS) | delete |
4/17 | X.cee.4* | CEE common log transport (CLT) requirements | delete |
4/17 | X.csmc* | An iterative model for cybersecurity operation using CYBEX techniques | delete |
7/17, (10/17) | X.1141 Amd.1 | Security Assertion Markup Language (SAML) 2.0 – Amendment 1: Errata | delete |
7/17, (10/17) | X.1142 Amd.1 | eXtensible Access Control Markup Language (XACML 2.0) – Amendment 1: Errata | delete |
10/17, (8/17) | X.idmcc* | Requirements of IdM in cloud computing | delete |
10/17 Note (2) | X.scim-use* | Application of system for cross identity management (SCIM) in telecommunication environments | delete |
Notes:
(1) SG17 Question. In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Joint with Q8/13, with Q10/17 having the lead.
* Marked draft Recommendations were for determination; all non-marked were for consent.
Coordination and promotion activities:
- Two Joint Coordination Activity meetings under the SG17 parent-ship were held, JCA-IdM (interrupted due to network outage), and JCA-COP.
- Updates were made to the Security Compendium, and to the ICT Security Roadmap.
- SG17 willingness conveyed to ITU-D SG2 Q3/2 to join in their planned ITU security workshop in September 2015. Details and timing are yet to be figured out.
Correspondence Groups:
Three Correspondence Group continued, one new established, and one terminated.
- CG-CYBEX: Continued Correspondence Group on cybersecurity information exchange capabilities.
- CG-investigate: Continued Correspondence Group on investigation for new topics for SG17 standardization, with amended ToR;
The CG will investigate any considerable topics from the results of the September 2014 ITU security workshop, and to collect and analyze the further information related to the new topics, including those proposed NWIs that failed adoption at this meeting, for the purpose of identifying a set of new work items for SG17 near future. - CG-coll-strengthening: Continued Correspondence Group on strengthening collaboration between ITU-T SG17 and ITU-D SG2 Q3/2 on security. This (still not established) ITU intersectoral CG between the ITU-T- and the D- Sectors will identify areas for collaboration. Exact details of the technical implementation and convernership of this CG are subject for further coordination between TSB and BDT.
- New CG-response on Response to ITU-D Q3/2 is an internal SG17 CG, which is to prepare a response to ITU-D Q3/2 in a timely manner within ITU-T SG17.
- Terminated CG-rapp-guidelines as work was completed.
- SG17 agreed that the Correspondence Group conveners for all current and future CGs shall establish a work plan for their correspondence group, including specific timeframes, and seek correspondence group agreement within one month from the closing SG17 plenary. This should help to bring more transparency and activity to the CGs; which were fairly inactive in the past.
Other highlights
- New African Regional Group under SG17 was established with ToR; chairman: Michael Katundu (Kenya); vice chairmen: Mr Mohamed Elhaj (Sudan) and Mr Patrick Mwesigwa (Uganda) and Mr Mohamed Toure (Guinea).
- Four special sessions were held to off-load the plenaries from debates:
- on bridging the standardization gap (with live interpretation), where the meeting confirmed to continue organizing a BSG session at every SG17 meeting;
- on new topics for SG17 standardization, where interest was confirmed for SG17 to continue working on IoT security and ITS security, and to continue CG-investigate with amended ToR;
- on collaboration with ITU-D SG2 Q3/2 (which exceptional French-English live interpretation re-using available interpreters from the pool, for the sake of French speaking delegates from developing countries). Result was to establish CG-response, and liaison statements sent to the forthcoming ITU-D SG2 Rapporteur Groups meetings;
- and on collaboration with ISO/IEC JTC 1/SC 27, for the coordination and preparation of liaison statements to SC27.
- Two (plenary) special sessions were organized on establishment of a new Focus Group on Critical Infrastructure Protection and ICT Security (FG-CIPIS). Two further proposals (one on industrial control systems, and one on providing confidence and security in the use of ICT for Critical Telecommunication Infrastructures Protection) for ToR of a FG were developed during the meeting, but all failed to find interest, and necessary support, due to various expressed concerns, too vague scope, lack of focus, and lack of need. Agreement was reached to continue discussion of ToR of a new FG on CG-investigate.
- The SG17 plenary agreed the amended and customized TSB slide set on "presentation of contributions to ITU-T SG17: Guidelines". The slide set should be linked from Collective letter 6/17.
- SG17 allocated a new OID arc for ITS.
- The ICT Security Standards Roadmap and the Security Compendia were updated.
- The editor of the 6th edition of the Security Manual met with several Counsellors and organized inputs.
- Developed a template for unifying the agendas of meetings of Questions held during working party or study group meetings of SG17, in particular unifying the time table for taking up agendas items.
Associated events:
Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.
- Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
Tutorial presentations:
Six tutorial presentations were given at this Study Group 17 meeting and found quite some positive interest, addressing SG17 overview for newcomers, tiny IoT device authentication, cybersecurity data protection and cyber resilience in smart sustainable cities, ETSI security update, and a training for Rapporteurs & Editors.
Next SG17 meeting (shifted):
- TUE 8 – THU 17 September 2015, Geneva, Switzerland; shifted 8 days earlier to allow partially overlapping with ITU-D SG2, and ITU-D SG1 meetings.
- Several interim Rapporteur Group meetings, and some virtual e-meetings are planned until September 2015, but no interim meetings in Singapore.