temporary document
advertisement
Draft new and revised Recommendations and related texts under development in SG 17 (as of 09 June 2011) New/ Revised Equivalent e.g., ISO/IEC Q(1) Acronym Title 2 X.gsiiso Guidelines on security of the individual information service for operators New Yuanfei Huang, Lijun Liu, Ziqin Sang, Huirong Tian TD 1676 2012-09 2, (7), (10) X.hsn* Heterarchic architecture for secure distributed service networks New Yuri Pankratov TD 1873 2012-09 2 X.ipv6-secguide Technical guideline on deploying IPv6 New Koji Nakao, Jungsuk Song C 454, TD 1804 2012-09 2 X.ncns-1* National IP-based public network security center for developing countries New Dmitry Kostrov TD 1887 Rev.1 2012-09 2 X.rev* Architectural systems for security controls for preventing fraudulent activities in public carrier networks New Roman Khokhlov TD 1809 Rev.1 2011-09 3 X.1052 (X.ismf) Information security management framework New Minshi Chen, Lijun Liu, Zhi Zhou AAP text (TD 1513 Rev.3) 2011-04 3 X.1057 (X.amg) Asset management guidelines in telecommunication organizations New Taein Jung, Jintae Lee AAP text (TD 1688 Rev.4) 2011-04 3 X.isgf* Information technology – Security techniques - Information security governance framework New Jungduk Kim C 442 3 X.mgv6 Security management guideline for implementation of IPv6 environment in telecommunications organizations New Koji Nakao, Jungsuk Song TD 1803 Editor(s) Location of Text ISO/IEC 27014 Timing*** 2012-03 2012-09 -2- New/ Revised Q(1) Acronym Title 3 X.rmsm Information security management reference model for small and mediumsized telecommunication organizations 3 X.sgsm 4 X.1211 (X.tb-ucc)* 4 X.1303 4, (12) X.1570 (X.cybex-disc)* Discovery mechanisms in the exchange of cybersecurity information New 4 X.abnot* Abnormal traffic detection and control guideline for telecommunication network 4 X.arf* 4 X.bots* 4 Equivalent e.g., ISO/IEC Editor(s) Location of Text New Chung Yun Chung, Hang Bae Jang, Sang Soo Jang COM 17 – R 24 Annex C Attachment 1 TBD Information security management guidelines for small and medium telecommunication organizations New Hangbae Chang, Chungyun Chung, Sangsoo Jang, Wataru Senga TD 1727 2012-03 Usability of network traceback New Takeshi Takahashi, Huirong Tian, Heung Youl Youm COM 17 – R 33 2011-04 TD 1629 2011-09 Youki Kadobayashi, Takeshi Takahashi COM 17 – R 35 2011-04 New Lijun Liu TD 1187 Rev.1 2012-09 Assessment result format New Robert A. Martin TD 0943 Rev.1 2012-09 Centralized framework for botnet detection and response New Chaetae Im, Hyun Cheol Jeong, Mi Joo Kim, Joo Hyung Oh, Yoo Jae Won TD 1362 2012-09 X.capec* Common attack pattern enumeration and classification New Robert A. Martin TD 1168 Rev.1 2012-03 4 X.cce* Common configuration enumeration New Robert A. Martin TD 1554 2012-03 4 X.cee* Common event expression New Robert A. Martin TD 0943 Rev.1 2012-09 4 X.cpe* Common platform enumeration New Robert A. Martin TD 1190 Rev.1 2012-09 4 X.csi* Guidelines for cybersecurity index New Damir Rajnovic, Heung Youl Youm TD 1775 2012-09 Common alerting protocol (CAP 1.2) Revised Anthony Rutkowski, Olivier Dubuisson Timing*** -3- Q(1) Acronym 4 X.csmc* Continuous security monitoring using CYBEX techniques 4 X.cwe* 4, (12) X.cybex.1* 4 X.cwss* 4 X.cybex-beep* 4 X.cybex-tp* 4 Title New/ Revised Equivalent e.g., ISO/IEC Editor(s) Location of Text Timing*** New Inette Furey, Bob Martin, Kathleen Moriarty, Youki Kadobayashi, Takeshi Takahashi TD 1732 Rev.2 2012-09 Common weakness enumeration New Robert A. Martin TD 1169 Rev.1 2012-03 Procedures for the registration of arcs under the object identifier (OID) arc for cybersecurity information exchange New Olivier Dubuisson, Anthony Rutkowski TD 1602 2011-09 Common weakness scoring system New Robert A. Martin TD 1166 Rev.1 2012-09 A BEEP profile for cybersecurity information exchange techniques New Youki Kadobayashi TD 1335 Rev.1 2012-09 Transport protocols supporting cybersecurity information exchange New Youki Kadobayashi, Damir Rajnovic TD 0818 2012-09 X.cyiql* Cybersecurity information query language New Youki Kadobayashi TD 0714 2012-09 4 X.dexf* Digital forensics exchange format New Youn-Hee Gil, Dowon Hong, Sung Kyong Un, Anthony Rutkowski C 452 2012-09 4 X.eipwa* Guideline on techniques for preventing web-based attacks New Xie Wei, Heung Youl Youm TD 1776 2012-09 4 X.gopw** Draft supplement to Recommendation ITU-T X.1205 - Supplement on guidelines for reducing malware in ICT networks New Hyun Cheol Jung, Mi Joo Kim, Heung Youl Youm TD 1791 Rev.1 2011-09 4 X.gpn* Mechanism and procedure for distributing policies for network security New Shuyi Chen, Hui Dong, Lijun Liu TD 1359 2012-09 4 X.iodef* Incident object description exchange format New Anthony Rutkowski TD 1233 Rev.1 2012-03 -4- New/ Revised Equivalent e.g., ISO/IEC Q(1) Acronym 4 X.maec* Malware attribute enumeration and classification New Robert A. Martin TD 1191 Rev.1 2012-09 4 X.oval* Open vulnerability and assessment language New Robert A. Martin TD 1167 Rev.1 2011-09 4 X.pfam* Misuse enumeration and characterization New Igor Polyakov, Anthony Rutkowski, Yuri Ryazantsev TD 1545 2012-09 4 X.rid* Real-time inter-network defense New Kathleen Moriarty, Tom Millar TD 1594 Rev.1 2011-09 4 X.ridt* Transport of real-time inter-network defense (RID) messages New Kathleen Moriarty, Tom Millar TD 1597 Rev.1 2011-09 4 X.sip-cyber* Security guidelines for countering cyber attacks in SIP-based services New Hyun Cheol Jeong, Hyung-Woo Lee, Anthony Rutkowski TD 1735 2012-09 4 X.sips* Framework for countering cyber attacks in SIP-based services New Hwan Kuk Kim, Kyoung Hee Ko TD 1305 2012-09 4 X.sisnego* Framework of security information sharing negotiation New Gae-il An TD 1689 2012-09 4, (12) X.ssaf* Security standards availability framework New Anthony Rutkowski TD 1593 2012-09 4 X.trm* Overview of traceback mechanisms New Youki Kadobayashi, Anthony Rutkowski, Huirong Tian, Heung Youl Youm TD 1780 Rev.1 2012-09 4 X.xccdf* Extensible configuration checklist description format New Robert A. Martin TD 1192 Rev.1 2012-09 5 X.1246 (X.tcs-2)* Real-time blocking list (RBL)-based framework for countering VoIP spam New Seokung Yoon COM 17 – R 34 Notes (2), (3) 2011-04 5 X.ics* Functions and interfaces for countering email spam using botnet information New Chaetae Im, Joo Hyung Oh TD 1280 2011-09 Title Editor(s) Location of Text Timing*** -5- Q(1) Acronym 5 X.oacms* 6 Title New/ Revised Editor(s) Location of Text Equivalent e.g., ISO/IEC Timing*** Overall aspects of countering messaging spam in mobile networks New Min Huang, Linlin Zhang TD 1770 Rev.1 2012-03 X.1192 (X.iptvsec-2) Functional requirements and mechanisms for the secure transcodable scheme of IPTV New Jae Hoon Nah AAP text (TD 1772 Rev.3) 2011-04 6 X.iptvsec-3 Key management framework for secure IPTV services New Heung Youl Youm TD 1777 2011-09 6 X.iptvsec-4 Algorithm selection scheme for service and content protection (SCP) descrambling New Nhut Nguyen, Jongyoul Park TD 1712 2011-09 6 X.iptvsec-6 Framework for the downloadable service and content protection (SCP) system in the mobile IPTV environment New Heung Youl Youm TD 1778 2012-03 6 X.iptvsec-7 Guidelines on criteria for selecting cryptographic algorithms for the IPTV service and content protection (SCP) New Seokung Yoon, HeungYoul Youm TD 1779 2012-03 6 X.iptvsec-8 Virtual machine-based security platform for renewable IPTV service and content protection (SCP) New Yong Ho Hwang, Jongyoul Park TD 1721 Rev.1 2012-09 6 X.msec-5 Security requirements and mechanism for reconfiguration of mobile device with multiple communication interfaces New Gaeil Ahn, Guntae Bae, Kiyoung Kim TD 0470 Rev.2 2012-03 6 X.msec-6 Security aspects of mobile phones New Hongwei Luo, Yutaka Miyake TD 1798 2012-03 6 X.unsec-1 Security requirements and framework of ubiquitous networking New Xia Junjie, Lijun Liu, Wang Shitong TD 1796 Rev.1 2012-03 6 X.usnsec-3 Secure routing mechanisms for wireless sensor network New Eunyoung Choi TD 1000 Rev.1 2012-03 -6- Q(1) Acronym 7, (10) X.1141 Amd.1 7, (10) Title New/ Revised Editor(s) Location of Text Equivalent e.g., ISO/IEC Security Assertion Markup Language (SAML) 2.0-Amendment 1 New Abbie Barbir TDs 1571, 1572, OASIS SAML 2.0 1573, 1574, 1575, 1577, 1578, 1579, 1580, 1581, 1582, 1583, 1584, 1585, 1586, 1587, 1588 X.1142 Amd. 1 eXtensible Access Control Markup Language (XACML 2.0)-Amendment 1 New Abbie Barbir TDs 1556, 1557, 1569 7 X.p2p-3 Security requirements and mechanisms of peer-to-peer based telecommunication network New Lijin Liu 7 X.p2p-4 Use of service providers' user authentication infrastructure to implement PKI for peer-to-peer networks New Ayumu Kubota, Yutaka Miyake 7, (10) X.sap-4* The general framework of combined authentication on multiple identity service provider environment New 7 X.sap-5 Guideline on anonymous authentication for e-commerce service 7 X.sap-6 7, (8) X.websec-4 OASIS XACML 2.0 Timing*** 2011-09 2012-09 TD 1418 2012-09 TD 1722 Rev.2 2012-09 Tadashi Kaji, H.J. Lim TD 1328 2012-09 New Sok Joon Lee TD 1094 2012-09 One time password based nonrepudiation framework New Keun-ok Kim, Hee-won Shim TD 1808 Rev.2 1Q 2013 Security framework for enhanced web based telecommunication services New Jaehoon Nah, DaeHee Seo TD 1673 2011-09 -7- Q(1) Acronym 7, (10) X.xacml3 8 Title New/ Revised Editor(s) Location of Text Equivalent e.g., ISO/IEC Timing*** eXtensible Access Control Markup Language (XACML) 3.0 New Abbie Barbir X.ccsec Security guideline for cloud computing in telecommunication area New Shitong Wang, Huirong Tian, Liang Wei TD 1704 2012-03 8, (7) X.fsspvn Framework of the secure service platform for virtual network New Min Huang, Jun Shen, Huirong Tian, Yuchen Wang TD 1724 2012-09 8 X.sfcsc Security functional requirements for SaaS application environment New Peng Zhao, Zhaoji Lin,Xiaoming TD 1710 Rev.3 2013-Q4 TD 1767 2012-03 TDs 1570, 1568, 1567, 1566, 1565, 1564, 1563, 1562, 1561, 1560, 1559, 1558 OASIS XACML 3.0 2012-09 Guang 8 X.srfctse Security requirements and framework of cloud based telecommunication service environment New Huirong Tian, Shitong Wang 9 X.1090 (X.ott) Authentication framework with onetime telebiometric template New Hyung-Woo Lee, Yongjin Lee AAP text (TD 1820 Rev.1) 2011-04 9 X.1081 Amd.3 New Jean-Paul Lemaire TD 1810 2011-09 The telebiometric multimodal model – A framework for the specification of security and safety aspects of telebiometrics - Amendment 3: Enhancement to support a new modality “ELECTRO” and define new object identifiers -8- New/ Revised Equivalent e.g., ISO/IEC Q(1) Acronym Title 9 X.1086 Amd. 1 Telebiometric protection procedures – A guideline to technical and managerial countermeasures for biometric data security – Amendment 1: Multibiometric protection procedures New Inja Jun, Hakil Kim TD 1816 2011-09 9 X.bhsm Telebiometric authentication framework using biometric hardware security module New Myung Geun Chun, Yong Nyuo Shin TD 1807 2012-09 9 X.gep A guideline for evaluating telebiometric template protection techniques New Yoshiaki Isobe, Tetsushi Ohki TD 1826 2012-03 9 X.th1 e-Health and world-wide telemedicines – Generic telecommunication protocol New Jean-Paul Lemaire TD 1814 2011-09 9 X.th2* Telebiometrics related to physics New Jean-Paul Lemaire TD 0800 ISO 80003-2 2012-03 9 X.th3* Telebiometrics related to chemistry Jean-Paul Lemaire TD 1672 ISO 80003-3 2011-09 9 X.th4* Telebiometrics related to biology New New Jean-Paul Lemaire TD 0090 IEC 80003-4 2012-03 9 X.th5* Telebiometrics related to culturology New Jean-Paul Lemaire TD 0091 IEC 80003-5 2012-03 9 X.th6* Telebiometrics related to psychology New Jean-Paul Lemaire TD 0092 IEC 80003-6 2012-03 9 X.tif Integrated framework for telebiometric data protection in e-health and worldwide telemedicines New Hong Sun Jung, Hakil Kim, Yong Nyuo Shin TD 1818 2012-09 10 X.1253 (X.idmsg)* Security guidelines for identity management systems New Sangrae Cho COM 17 – R 38 2010-04 10 X.1261 (X.EVcert)* Extended validation certificate framework (EVcert) New Anthony Rutkowski COM 17 – R 30 10 X.atag* Attribute aggregation framework New David W Chadwick, Ryu Watanabe TD 1734 Rev.1 2012 10 X.authi* Guideline to implement the authentication integration of the network layer and the service layer New Lijun Liu TD 0918 2012 Editor(s) Location of Text CA/Browser Forum Evcert specification Timing*** 2011-09 -9- New/ Revised Q(1) Acronym 10 X.discovery* Discovery of identity management information New Robert Kahn TD 1547 Rev.4 10 X.eaa* Information technology – Security techniques – Entity authentication assurance framework New Richard Brackney TD 1452 Rev.1 10 X.giim* Mechanisms to support interoperability across different IdM services New Jing Wu 10, (8) X.idmcc* Requirement of IdM in cloud computing New 10 X.idmgen* Generic identity management framework 10 X.idm-ifa* 10 X.mob-id* 10 X.oitf* 10 Title Editor(s) Location of Text Equivalent e.g., ISO/IEC Timing*** 2012 ISO/IEC 29115 2012 TD 1360 2012 Xiao Ming Guang, Jing Wu TD 1675 Rev.2 2012 New Richard Brackney, Zhaoji Lin TD 1042 2012 Framework architecture for interoperable identity management systems New Marcin Dąbrowski, Piotr Pacyna TD 0631 Rev.2 2012 Baseline capabilities and mechanisms of identity management for mobile applications and environment New Sangrae Cho TD 1731 2012 Open identity trust framework New ZhaoJi Lin, Mary Rundle TD 1553 Rev.2 2012 X.priva* Criteria for assessing the level of protection for personally identifiable information in identity management New Hyangjin Lee TD 0640 2012 11, (10) F.5xx Directory Service - Support of Tagbased Identification Services New Erik Andersen TD 1691 Rev.1 2012 11 X.500 Information technology – Open Systems Interconnection –The Directory: Overview of concepts, models and services Revised Erik Andersen ISO/IEC 95941 2012 11 X.501 Information technology – Open Systems Interconnection –The Directory – Models Revised Erik Andersen ISO/IEC 95942 2012 - 10 - New/ Revised Equivalent e.g., ISO/IEC Q(1) Acronym 11 X.509 Information technology – Open Systems Interconnection –The Directory – Public-key and attribute certificate frameworks Revised Hoyt Kesterson ISO/IEC 95948 2012 11 X.511 Information technology – Open Systems Interconnection –The Directory – Abstract Service Definition Revised Erik Andersen ISO/IEC 95943 2012 11 X.518 Information technology – Open Systems Interconnection –The Directory – Procedures for Distributed Operations Revised Erik Andersen ISO/IEC 95944 2012 11 X.519 Information technology – Open Systems Interconnection –The Directory – Protocols Revised Erik Andersen ISO/IEC 95945 2012 11 X.520 Information technology – Open Systems Interconnection –The Directory – Selected Attribute Types Revised Erik Andersen ISO/IEC 95946 2012 11 X.521 Information technology – Open Systems Interconnection –The Directory – Selected object classes Revised Erik Andersen ISO/IEC 95947 2012 11 X.525 Information technology – Open Systems Interconnection –The Directory – Replication Revised Erik Andersen ISO/IEC 95949 2012 12 X.660 Information technology – Procedures for the operation of Object Identifier Registration Authorities: General procedures and top arcs of the International Object Identifier tree Revised Olivier Dubuisson 13 Z.100 Specification and description language: Overview of SDL-2010 Revised Rick Reed 13 Z.101 Specification and description language: Basic SDL-2010 Title New Editor(s) Rick Reed Location of Text AAP text ISO/IEC 9834(TD 1484 Rev.1) 1 Timing*** 2011-04 TD 1610 Rev.1 2011-09 TD 1611 Rev.1 2011-09 - 11 - New/ Revised Equivalent e.g., ISO/IEC Q(1) Acronym Title 13 Z.102 Specification and description language: Comprehensive SDL-2010 New Rick Reed TD 1612 Rev.1 2011-09 13 Z.103 Specification and description language: Shorthand notation and annotation in SDL-2010 New Rick Reed TD 1613 Rev.1 2011-09 13 Z.104 Specification and description language: Data and action language in SDL-2010 Revised Rick Reed TD 1614 Rev.1 2011-09 13 Z.105 Specification and description language: SDL-2010 combined with ASN.1 modules Revised Rick Reed TD 1615 Rev.1 2011-09 13 Z.109 Specification and description language: SDL-2010 combined with UML Revised Alexander Kraas TD 1627 2012 13 Z.120 Message sequence chart (MSC) Revised Rick Reed TBD 13 Z.151 User requirements notation (URN) – Language definition Revised Daniel Amyot TBD 13 Z.151 Cor.1 User requirements notation (URN) – Language definition New Daniel Amyot 13 Z.uml-msc Unified modeling language (UML) profile for MSC New Thomas Weigert 13 Z.uml-urn-grl Unified modeling language (UML) profile for URN GRL New Daniel Amyot 13 Z.uml-urn-ucm Unified modeling language (UML) profile for URN UCM New Thomas Weigert 13 13 Editor(s) Z.Imp100** Specification and description language Implementers' Guide – Version 2.0.0 Z.Suppl.1** Revised Thomas Weigert Supplement 1 to Z-series Recommendations – ITU-T Z.100series – Supplement on methodology on the use of description techniques Revised Rick Reed Location of Text Timing*** 2011-09 TD 0444, TD 3308 [2005-2008] TBD 2011-09 TBD TD 0462 Rev.1 2011-09 2012-02 - 12 - New/ Revised Equivalent e.g., ISO/IEC Q(1) Acronym 14 Z.161 Testing and Test Control Notation version 3: TTCN-3 core language Revised Dieter Hogrefe ETSI ES 201 873-1 2012-03 14 Z.162 Testing and Test Control Notation version 3: TTCN-3 tabular presentation format (TFT) Revised Dieter Hogrefe ETSI ES 201 873-2 2012-03 14 Z.163 Testing and Test Control Notation version 3: TTCN-3 graphical presentation format (GFT) Revised Dieter Hogrefe ETSI ES 201 873-3 2012-03 14 Z.164 Testing and Test Control Notation version 3: TTCN-3 operational semantics Revised Dieter Hogrefe ETSI ES 201 873-4 2012-03 14 Z.165 Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI) Revised Dieter Hogrefe ETSI ES 201 873-5 2012-03 14 Z.166 Testing and Test Control Notation version 3: TTCN-3 control interface (TCI) Revised Dieter Hogrefe ETSI ES 201 873-6 2012-03 14 Z.167 Testing and Test Control Notation version 3: TTCN-3 mapping from ASN.1 Revised Dieter Hogrefe ETSI ES 201 873-7 2012-03 14 Z.168 Testing and Test Control Notation version 3: TTCN-3 mapping from CORBA IDL Revised Dieter Hogrefe ETSI ES 201 873-8 2012-03 14 Z.169 Revised Dieter Hogrefe Testing and Test Control Notation version 3: TTCN-3 mapping from XML data definition ETSI ES 201 873-9 2012-03 14 Z.170 Testing and Test Control Notation version 3: TTCN-3 documentation comment specification Revised Dieter Hogrefe ETSI ES 201 873-10 2012-03 Title Notes: * Marked draft Recommendations are for determination; others are for consent. Editor(s) Location of Text Timing*** - 13 - ** Texts for approval (AAP/TAP not applicable) *** Target date for consent or determination of Recommendations or for approval of Appendices, Supplements or Implementers' Guides (1) SG 17 Question. In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question. The following items were deleted from the work program: X.1086 Amd. 2, Telebiometric protection procedures – A guideline to technical and managerial countermeasures for biometric data security – Amendment 2: protection procedure for telebiometrics information from video surveillance system. o Z.urn-ma, User requirements notation (URN) - Methodological approach. o - 14 - Summaries for Recommendations and associated texts under development in Study Group 17 WORKING PARTY 1/17 - NETWORK AND INFORMATION SECURITY Question 2/17 – Security architecture and framework X.gsiiso, Guidelines on security of the individual information service for operators This Recommendation addresses the aspects of security of the information service provided by the telecommunication operators. In the transforming from traditional basic network operator to comprehensive information service provider, the operators expand their services to content service and ICT. The new services not only change the operational models, and they also bring new security issues to be resolved. This Recommendation provides the guideline on security of the individual information service for operators. The scope covers the classification of individual information service, the security requirement, the mechanism, and the coordination. X.hsn, Heterarchic architecture for secure distributed service networks This Recommendation describes heterarchic security architecture for distributed service networks (defined in Recommendation ITU-T Y.2206). The security architecture is based on the use of a system of network entity identifiers (or identity certificates) and a distributed system of storage and retrieval of information associated with these identifiers. Another aspect of the security architecture is a distributed trust management system and the security functions based on it. The security architecture is based on the use of an overlaying logical network and does not interfere with the basic service functionality. X.ipv6-secguide, Technical security guideline on deploying IPv6 IPv6 is intended to provide many built-in benefits such as large address space, mobility, and quality of service (QoS). Because it is a new protocol and operates in some different ways than IPv4, both foreseeable and unforeseeable security issues are likely to arise. Many new functions or requirements of IPv6, i.e., automatic configuration of interfaces, mandatory IPsec, mandatory multicast, multiple IP addresses and many new rules for routing, can be abused for compromising computer systems or networks. Considering the above circumstance, this Recommendation provides a set of technical security guides for telecommunications organizations to implement and deploy IPv6 environment. This Recommendation focuses on how to securely deploy network facilities for telecommunications organizations and how to ensure security operations for IPv6 environment. X.ncns-1, National IP-based public network security center for developing countries This Recommendation addresses creation of a secure, stable and resilient national IP-based network infrastructure. The necessity for technical coordination in creating a secured, stable and resilient infrastructure arises in the event of disruption (severe impairment of the quality of service performance) of a significant segment of a telecom operator’s network, which constitutes part of the public network (public networks). These incidents may occur due to technical problems, attacks like DDoS, attacks aimed at destructing network infrastructure, natural and anthropogenic disasters and other problems related to maintaining stability (accessibility of services and features) and security. Technical coordination in such circumstances implies gathering, analysis and management of information (including control information) regarding the detected alterations (in the national ICT) in order to elaborate proposals for national ICT restoration. - 15 - This Recommendation opens a new dimension in security standardization – collaboration security (alongside such dimensions as security management, exchange of security incident and event information, application security, identification management, etc.). X.rev, Architectural systems for security controls for preventing fraudulent activities in public carrier networks This Recommendation describes a methodology of evaluation systems for security controls for preventing fraudulent activities, criteria for selection of these systems, regarding architectural characteristics of communications service provider (CSP) networks according to CSPs present-day level of development. The Recommendation includes technical methods to address security controls and estimate losses due to fraudulent activities, and also provides guidelines for information exchange related to fraudulent activities. Question 3/17 – Telecommunications information security management X.1052 (X.ismf), Information security management framework The Recommendation describes and recommends the framework of information security management for telecommunications to support Recommendation ITU-T X.1051 and other Recommendations such as ITU-T X.1055 etc. Information security management framework (ISMF) is based on a process approach to describe a set of security management areas which gives guidelines to telecommunications to fulfill the control object defined in Recommendation ITU-T X.1051 and other Recommendations such as ITU-T X.1055 etc. The management areas include asset management, incident management, risk management, policy management and so on, which map the controls defined by Recommendation ITU-T X.1051 to the implementation methodologies, so ISMF relates the Recommendation ITU-T X.1051 which gives the baselines for the telecommunications and other Recommendations, such as ITU-T X.1055 and ITU-T X.1056, which gives the practical methodologies focusing on a specific area of information security management. X.1057 (X.amg), Asset management guidelines in telecommunication organizations This Recommendation provides guidelines for securely managing various assets including electronic information, paper, and IT system in telecommunication organizations. This Recommendation also contains main activities and methods for implementing asset management on the basis of PDCA (Plan – Do – Check – Act) process model. X.isgf, Information technology – Security techniques – Governance of information security This Recommendation | International Standard provides a framework of information security governance (ISG). Corporate governance requirements place increasing demands on organizations to demonstrate that they have effective internal control arrangements in place. One significant development is the inclusion of information security as part of operational risk in the wider corporate governance definition. Therefore, boards and executive management are increasingly looking for an ISG framework, which will help to achieve the objectives of the organization and meet corporate governance requirements. The purpose of this Recommendation | International Standard is to promote effective, efficient, and acceptable use of information security activities in organizations by: assuring stakeholders that, if the Recommendation | International Standard is followed, they can have confidence in the organization’s corporate governance of information security informing and guiding directors in governing the use of information security activities in their organization, and providing a basis for objective evaluation of the corporate governance of information security. - 16 - The use of this Recommendation | International Standard will provide board of directors and management with the methodology to monitor and control (govern) the information security management system (ISMS) activities in order to meet the internal and external security requirements. Since many organizations need to establish and demonstrate the appropriate information security readiness to the various stakeholders, the governance concepts and implementation models proposed in this Recommendation | International Standard can support the process of directing and controlling the existing ISMS processes and controls. The framework consists of objectives, principles, focus areas of ISG and it shows how the ISG is related with ISMS. The framework needs to be supported by successful ISMS. X.mgv6, Security management guideline for implementation of IPv6 environment in telecommunications organizations This Recommendation provides a set of information security management guides for telecommunications organizations to develop and implement IPv6 telecommunication environment. The Recommendation focuses on network facilities for telecommunications organizations, the necessary security controls and implementation guidance for IPv6 implementation as an extension of Recommendation ITU-T X.1051. X.rmsm, Information security management reference model for small and medium telecommunication organizations This Recommendation provides the information security management reference model for small and medium-sized telecommunication organizations (SMTOs). The reference model is developed by analyzing and classifying IT services, identifying IT service types and recommending security controls for each IT service type in the SMTOs perspective. The reference model in this Recommendation will be beneficially applied to SMTOs in their development of information security management. This Recommendation will allow SMTOs to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property based on the reference model. X.sgsm, Information security management guidelines for small and medium-sized telecommunication organizations This Recommendation provides guidelines for establishing and operating information security management for small and medium-sized telecommunication organizations (SMTOs) in the telecommunication industry. It covers some of necessary security controls from ITU-T X.1051 | ISO/IEC 27011 for information security management in the considering context of small and medium telecommunication organizations without huge cost and human resources to implement its information security management system. Question 4/17 – Cybersecurity X.1211 (X.tb-ucc), Usability of network traceback This Recommendation provides an overview of traceback for responsive measures to certain network issues within a single or a more complex array of service providers. Traceback may assist in discovering ingress points, paths, partial paths or sources of problematic network events. This information may aid service providers in mitigating such events. - 17 - X.1570 (X.cybex-disc), Discovery mechanisms in the exchange of cybersecurity information This Recommendation provides a framework for discovering cybersecurity information and the mechanism that enables this. Discovery can be seen as a stage of cybersecurity information lifecycle adjacent to information publishing and acquisition, which are integral and necessary stages for discovery. Thus the framework covers how to publish cybersecurity information, obtain the candidate list, and acquire the needed information. A discovery scheme may be implemented with arbitrary mechanisms so long as it complies with the framework, and among these mechanisms are object identifier (OID)-based and Resource Description Framework (RDF)-based discovery, which are also elaborated in this Recommendation. X.abnot, Abnormal traffic detection and control guideline for telecommunication network This Recommendation defines the abnormal traffic protection scenarios, detection technologies, controlling measures and products deployment solutions for a telecommunication network. The aim is to provide a comprehensive guideline to monitor and control the abnormal traffic for telecommunication operators. X.arf, Assessment result format This Recommendation is a standardized IT asset assessment result format (ARF) that facilitates the exchange of assessment results among systems to increase tool interoperability and allow for the aggregation of those results across large enterprises that utilize diverse technologies to detect patch levels, policy compliance, vulnerability, asset inventory, and other tasks. ARF leverages existing standardization efforts for common names and naming schemes to report the findings for assets. X.bots, Centralized framework for Botnet detection and response This Recommendation provides frameworks for botnet detection and response. The Recommendation provides a definition, composition characteristics and behavior models of botnet. Also, it specifies various types of attack threat caused by botnet. And, the Recommendation provides considerations required for botnet detection and response, defines functions and interfaces used in framework for botnet detection and response. X.capec, Common attack pattern enumeration and classification This Recommendation on common attack pattern enumeration and classification (CAPEC) is an XML/XSD based specification for the identification, description, and enumeration of attack patterns. Attack patterns are a powerful mechanism to capture and communicate the attacker’s perspective. They are descriptions of common methods for exploiting software. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples. The objective of CAPEC is to provide a publicly available catalog of attack patterns along with a comprehensive schema and classification taxonomy. X.cce, Common configuration enumeration This Recommendation on common configuration enumeration (CCE) is a specification of configuration guidance statements and configuration controls to facilitate fast and accurate correlation of configuration statements present in disparate domains. A "configuration guidance statement" specifies a preferred or required setting or policy for a computer system. Configuration statements can be found in a variety of repositories such as security guides, benchmarks, vendor guidance and documentation, configuration assessment and management tools, and consolidated reporting systems. The objective of CCE is to provide a means for improving configuration management work processes by allowing people to quickly and accurately correlate configuration data across multiple information sources and tools. - 18 - X.cee, Common event expression This Recommendation on common event expression (CEE) standardizes the way computer events are described, logged, and exchanged. By using CEE’s common language and syntax, enterprisewide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into four (4) components: the event taxonomy, log syntax, log transport, and logging recommendations. X.cpe, Common platform enumeration One of the core platforms included as part of CYBEX’s event/incident/heuristics exchange cluster, is an XML/XSD based specification for structured naming for ICT platforms (hardware, operating systems, and applications). It is based on the generic syntax for Uniform Resource Identifiers. This Recommendation on common platform enumeration (CPE) includes the naming syntax and conventions for constructing CPE names from product information, a dictionary (and associated XML schema) that holds a collection of all known CPE names as well as a binding of descriptive and diagnostic information, a language for creating complex platform descriptions, and a matching algorithm. Using a clear and uniform naming specification, community members will be able to generate names for new ICT platforms in a consistent and predictable way. As many sources and examples as possible are leveraged from the CPE community and other interested parties, to develop the specific and succinct definitions of the CPE dictionary elements and classification tree structures. X.csi, Guidelines for cybersecurity index This Recommendation provides a guideline to assist in the development, selection, and implementation of the measures or indicators that are basis to compute the cybersecurity index (CSI). To meet this objective, this Recommendation provides a list of potential indicators and describes a methodology used in computing the CSI from indicators on its different steps. X.csmc, Continuous security monitoring using CYBEX techniques This Recommendation describes CYBEX techniques for continuous security monitoring capability. Continuous monitoring is ongoing observance with intent to provide warning. A continuous monitoring capability is the ongoing observance, analysis and management to provide decision support regarding situational awareness and deviations from expectations. X.cwe, Common weakness enumeration This Recommendation on common weakness enumeration (CWE) provides a structured means to exchange information security weaknesses that are publicly known. CWE provides for a structured list of these information security weaknesses together with associated names. The goal of CWE is to enable more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design. X.cwss, Common weakness scoring system This Recommendation on common weakness scoring system (CWSS) provides an open framework for communicating the characteristics and impacts of IT weaknesses. The goal of CWSS is to enable IT managers, weakness bulletin providers, security vendors, application vendors and researchers to speak from a common language of scoring IT weaknesses. - 19 - Without CWSS, IT management must identify and assess weaknesses across many disparate hardware and software platforms. They then need to prioritize these weaknesses and remediate those that pose the greatest risk. When there are so many to fix, with each being scored using different scales, IT managers are left to their own methodologies to find some way of comparing disparate weaknesses and translating them into actionable information. Because CWSS standardizes the approach for characterizing weaknesses, users of CWSS can invoke temporal and environmental metrics to apply contextual information that more accurately reflects the risk to their unique environment. This allows them to make more informed decisions when trying to mitigate risks posed by vendor agnostic weaknesses within their unique environment. X.cybex.1, Procedures for the registration of arcs under the object identifier (OID) arc for cybersecurity information exchange This Recommendation provides for the registration of OID arcs which enable coherent, unique and global identification of cybersecurity information as well as of organizations exchanging that information and associated policies. This Recommendation specifies the information and justification to be provided when requesting an OID for cybersecurity information exchange purposes, and the procedures for the operation of the Registration Authority. X.cybex-beep, A BEEP profile for cybersecurity information exchange framework This Recommendation specifies a BEEP profile for use within cybersecurity information exchange techniques (CYBEX). It utilizes BEEP, a generic application protocol kernel for connectionoriented, asynchronous interactions described in IETF RFC 3080. At BEEP's core is a framing mechanism that permits simultaneous and independent exchanges of messages between peers. All exchanges occur in the context of a channel - a binding to a well-defined aspect of the application, such as transport security, user authentication, or data exchange. Each channel has an associated "profile" that defines the syntax and semantics of the messages exchanged. X.cybex-tp, Transport protocols supporting cybersecurity information exchange This Recommendation provides an overview of exchange protocols which have been adopted and/ or adapted for use within the cybersecurity information exchange techniques. X.cyiql, Cybersecurity information query language This Recommendation on cybersecurity information query Language (CYIQL) defines a flexible data representation that provides a framework for requesting information commonly exchanged by computer incident response teams (CIRTs) about computer security incidents. This specification describes the information model for CYIQL and provides an associated data model specified with XML schema. X.dexf, Digital forensics exchange format The digital forensics exchange format (DEXF) is a structured means to exchange digital forensics data between agencies, companies, or countries. The main purpose of digital forensics exchange format is interoperability of digital forensics data. X.eipwa, Exchange of information for preventing web-based attacks This Recommendation describes the guideline on techniques for preventing the web-based attacks. It describes the use scenarios for distributing malwares through the web, the functional capabilities, functional architecture for preventing web-based attacks. - 20 - X.gpn, Mechanism and procedure for distributing policies for network security Based on the network security information policy model and network security policy framework defined in ITU-T Recommendation X.1036, this Recommendation further defines the detailed distribution mechanism and distribution procedure of security policy, so that the security policies can be negotiated and distributed between different devices and between the device and the policy center. X.iodef, Incident object description exchange format Organizations require help from other parties to mitigate malicious activity targeting their network and to gain insight into potential threats. This coordination might entail working with an ISP to filter attack traffic, contacting a remote site to take down a bot- network, or sharing watch-lists of known malicious IP addresses in a consortium. The incident object description exchange format (IODEF) is a format for representing computer security information commonly exchanged between computer security incident response teams (CSIRTs). It provides an XML representation for conveying incident information across administrative domains between parties that have an operational responsibility of remediation or a watch-and-warning over a defined constituency. The data model encodes information about hosts, networks, and the services running on these systems; attack methodology and associated forensic evidence; impact of the activity; and limited approaches for documenting workflow. The overriding purpose of the IODEF is to enhance the operational capabilities of CSIRTs. Community adoption of the IODEF provides an improved ability to resolve incidents and convey situational awareness by simplifying collaboration and data sharing. This structured format provided by the IODEF allows for: • increased automation in processing of incident data, since the resources of security analysts to parse free-form textual documents will be reduced; • decreased effort in normalizing similar data (even when highly structured) from different sources; and • a common format on which to build interoperable tools for incident handling and subsequent analysis, specifically when data comes from multiple constituencies. X.maec, Malware attribute enumeration and classification This Recommendation on malware attribute enumeration and classification (MAEC) is an XML/XSD based specification for characterizing malware based on its behaviors, artifacts, and attack patterns. This will allow for the description and identification of malware based on distinct patterns of attributes rather than a single metadata entity (which is the method commonly employed in signature-based detection). MAEC’s focus on structured, attribute-based characterization provides several capabilities that the aforementioned methods do not possess. These capabilities stem from MAEC’s existence as a domain-specific language, with an encompassing and unambiguous vocabulary and grammar. MAEC aims to: 1) improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware, 2) reduce potential duplication of malware analysis efforts by researchers, and 3) allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances. Threat analysis, intrusion detection, and incident management are processes that deal with all manners of cyber threats. MAEC, through its uniform encoding of malware attributes, provides a standardized format for the incorporation of actionable information regarding malware in these processes. - 21 - MAEC is part of and interoperable with other capabilities of the cybersecurity information exchange framework (CYBEX) described in Recommendation ITU-T X.1500. The MAEC language includes enumerations of malware attributes and behavior that provide a common vocabulary. These enumerations are at different levels of abstraction: low-level observables, mid-level behaviors and high-level taxonomies. The initial version of MAEC focuses on the creation of the enumeration of low-level malware attributes, and leverages the few instances of similar work already done in this area, such as the common malware enumeration (CME) profile and other information. See http://cme.mitre.org/. Thus it will initially be capable of characterizing the most common malware types, including Trojans, worms, and rootkits, but will ultimately be applicable to more esoteric malware types. X.oval, Open vulnerability and assessment language This Recommendation on open vulnerability and assessment language (OVAL) promotes open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language. X.pfam, Misuse enumeration and characterization This Recommendation extends the incident object description exchange format (IODEF) defined in IETF RFC 5070 to support the reporting of misuse incidents. These extensions are flexible enough to support information gleaned from activities throughout the entire intrusion detection cycle where authorized users of the systems attempt to gain additional privileges for which they are not authorized, and authorized users who misuse the privileges given them. See USA NIST SP800-94. Both simple reporting and complete forensic reporting are possible, as is consolidating multiple incidents. This Recommendation does not impose obligations for information exchange nor does it contain a means of classification and analysis of information exchanged. X.rid, Real-time inter-network defense This Recommendation on real-time inter-network defense (RID) outlines a proactive inter-network communication method to facilitate sharing incident handling data while integrating existing detection, tracing, source identification, and mitigation mechanisms for a complete incident handling solution. RID provides a secure method to communicate incident information, enabling the exchange of incident object description and exchange format (IODEF) extensible markup language (XML) documents. RID considers security, policy, and privacy issues related to the exchange of potentially sensitive information, enabling service providers or organizations the options to make appropriate decisions according to their policies. X.ridt, Transport of real-time inter-network defense (RID) messages The incident object description exchange format (IODEF) defines a common XML format for document exchange, and real-time inter-network defense (RID) defines extensions to IODEF intended for the cooperative handling of security incidents within consortia of network operators and enterprises. This Recommendation specifies a transport protocol for RID based upon the passing of RID messages over HTTP/TLS (transport layer security). - 22 - X.sip-cyber, Security guideline for countering cyber attacks on SIP-based services This Recommendation provides a guideline to specify the SIP-based services, its vulnerability and countermeasures that are basis to enhancing secure SIP-based services. To meet this objective, this Recommendation describes a list of potential wired and wireless SIP-based services and its vulnerability. On each services, security guideline for countering cyber attack on SIP-based services are specified to providing security on those services and provides security requirements more details on each services. X.sips, Framework for countering cyber attacks in SIP-based services This Recommendation provides a framework for countering cyber attacks in SIP-based services. The Recommendation provides analysis of SIP-based attacks and characteristics of detection and response in SIP-based services. Also, it provides requirements for information sharing between service providers. X.sisnego, Framework of security information sharing negotiation This Recommendation provides a framework of security information sharing negotiation for cybersecurity information exchange contract between cybersecurity entities. Scope of the negotiation framework is as follows: Functional requirements and reference model for security information sharing negotiation, Conceptual data modelling of Security information Sharing Agreement (SSA) and Security information Sharing Policy (SSP), SSA negotiation process. X.ssaf, Security standards availability framework Trusted availability of standards and their derivative objects is essential in bringing about substantial improvements in global cyber/ICT security. This requirement can be met using a common framework for security standards and objects that is described in this Recommendation. This global generic framework, which is modeled after the ITU’s current “best of breed” security standards availability, is described for implementation by other standards bodies worldwide. This framework includes: 1) Persistent, discoverable URLs for all versions of a standard 2) Open public availability using a simple, well-defined query-response interface supporting http for immediately obtaining a. the standard and its versions in commonly-used formats b. schema or modules associated with the standard c. identifiers and associated information registered as a result of the standard, unless privileged by law or industry custom precludes public availability 3) Host assurance and SSL/TLS access using extended validation certificates. X.trm, Overview of traceback mechanisms This Recommendation describes various types of traceback mechanisms. This Recommendation also derives the evaluation criteria for comparing the traceback mechanisms. - 23 - X.xccdf, Extensible configuration checklist description format This Recommendation specifies the data model and Extensible Markup Language (XML) representation for the extensible configuration checklist description format (XCCDF). An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specification is designed to support information interchange, document generation, organizational and situational tailoring, automated compliance testing, and compliance scoring. The specification also defines a data model and format for storing results of security guidance or checklist compliance testing. The intent of XCCDF is to provide a uniform foundation for expression of security checklists and other configuration guidance, and thereby foster more widespread application of good security practices. Supplement to Recommendation ITU-T X.1205 (X.gopw), Supplement on guidelines for reducing malware in ICT networks This supplement provides guidelines for reducing malware in ICT networks. These guidelines can be utilized by end users for reducing malware in ICT networks. Question 5/17 – Countering spam by technical means X.1246 (X.tcs-2), Real-time blocking list (RBL)-based framework for countering VoIP spam This Recommendation provides an RBL-based technical framework for countering VoIP spam, which consists of four functional entities: VoIP spam prevention system (VSPS), VoIP spam prevention policy server (VSPPS), RBL central system for VoIP spam prevention (VSP-RBL), and user reputation system (URS). This Recommendation also specifies the functionalities, procedures, and interfaces of each functional entity for countering VoIP spam. X.ics, Functions & interfaces for countering email spam using botnet information This Recommendation specifies the general architecture for countering email spam sent by botnet, then gives functions and interfaces in this architecture. Moreover, this Recommendation keeps accordance with the interactive gateway for countering spam defined in Recommendation ITU-T X.1243. X.oacms, Overall aspects of countering mobile messaging spam This Recommendation provides the overview of mobile messaging spam, including types, characteristics, delivery method and approaches. This Recommendation also introduces current technologies and mechanism, relative works and activities in different organizations on countering mobile message spam. However, this Recommendation only focuses on mobile messaging spam including short message service (SMS) spam and multimedia messaging service (MMS) spam. WORKING PARTY 2/17 - APPLICATION SECURITY Question 6/17 - Security aspects of ubiquitous telecommunication services X.iptvsec-2, Functional requirements and mechanisms for secure transcodable scheme of IPTV This Recommendation addresses functional requirements, architecture, and mechanisms that pertain to security of transcoding protected IPTV content. Generic security of IPTV content is not discussed in this Recommendation. X.iptvsec-3, Key management framework for secure IPTV services This Recommendation describes requirements and architecture for the key management including a key hierarchy for unicast and multicast IPTV services in the IPTV context. This Recommendation also specifies a key management for downloadable SCP, if a downloadable SCP is deployed. - 24 - X.iptvsec-4, Algorithm selection scheme for service and content protection (SCP) descrambling This Recommendation develops a set of algorithm selection functions from existing descrambling algorithms to share terminal devices between service providers and security providers. This includes algorithm selection scheme, signalling for the selection and interoperability issues. X.iptvsec-6, Framework for the downloadable service and content protection (SCP) system in the mobile IPTV environment The Recommendation provides a framework for the downloadable service and content protection (SCP) scheme in the mobile IPTV environment. It also describes functional architecture and requirement for the downloadable SCP scheme for roaming in the mobile IPTV environment. X.iptvsec-7, Guideline for selecting cryptographic algorithms for IPTV service and content protection (SCP) The Recommendation provides a guideline on criteria for selecting cryptographic algorithms for IPTV service and content protection (SCP). In addition, it provides a list of cryptographic algorithms including encryption, message authentication and integrity, and key derivation for IPTV SCP service. X.iptvsec-8, Virtual machine-based security platform for renewable IPTV service and content protection (SCP) This Recommendation develops a set of renewability functions for virtual machine-based SCP security platform. This includes virtual machine architecture and how to organized virtual machine related components such as SCP client, terminal client (embedded SCP) and media client. It does not deal with the service and content protection system itself. X.msec-5, Security requirements and mechanism for reconfiguration of mobile device with multiple communication interfaces This Recommendation describes security requirements and mechanism for reconfiguration of mobile device with multiple communication interfaces. The security aspects for mobile users, terminal devices, and communication services with multiple communication interfaces should be investigated. The Recommendation specifies security threats, followed by the description of security requirements. And it provides appropriate countermeasures including security reconfiguration mechanism. X.msec-6, Security aspects of mobile phones This Recommendation indicates the main security threats to mobile phones, specifies the security requirements for mobile phones and proposes the security technologies and mechanisms for mobile phones. In addition, it provides a general security evaluation framework for mobile phones. X.unsec-1, Security requirements and framework of ubiquitous networking This Recommendation describes an overview of ubiquitous networking. It also describes the security threats and security requirements of ubiquitous networking. Security framework and functions that pertain to security of ubiquitous networking are provides in this Recommendation. X.usnsec-3, Secure routing mechanisms for wireless sensor network This Recommendation provides secure routing mechanisms for wireless sensor network in ubiquitous sensor network. It introduces general network topologies and routing protocols in ubiquitous sensor network. It describes security threats of wireless sensor network and provides countermeasures for secure routing in wireless sensor network. - 25 - Question 7/17 - Secure application services X.1141, Amd.1, Security Assertion Markup Language (SAML 2.0) - Amendment 1: Errata This Amendment amends ITU-T X.1141 to reflect the official errata that have been approved by OASIS regarding the OASIS SAML 2.0 version. X.1142, Amd.1, eXtensible Access Control Markup Language (XACML 2.0) – Amendment 1: Errata This Amendment amends ITU-T X.1142 to reflect the official errata that have been approved by OASIS regarding the OASIS XACML 2.0 version. X.p2p-3, Security requirements and mechanisms of peer-to-peer-based telecommunication network This Recommendation analyzes the special security requirements in the peer-to-peer (P2P)-based telecommunication environment, designs the security technical framework for the new P2P-based telecom network architecture and service scenarios, and defines the security solutions and detailed mechanisms to assure the network and services security. X.p2p-4, Use of service providers’ user authentication infrastructure to implement PKI for peerto-peer networks This Recommendation describes the mechanisms for utilizing service providers’ user authentication infrastructure to implement Public Key Infrastructure (PKI) used for securing peer-to-peer (P2P) networks. The described mechanisms allow a peer in P2P networks to verify a public key certificates of a corresponding peer that are issued by its owner (user), not by a well-known certificate authority. X.sap-4, The general framework of combined authentication on multiple identity service provider environment This Recommendation provides the general framework of combined authentication on multiple identity service provider environment for service provider to achieve combined authentication like multi-factor authentication. The framework in this Recommendation describes models, basic operations and security requirements against each model components and each messages between model components to keep the total assurance of authentication in case of the combination of multiple service providers. In addition, the framework also describes models, basic operations and security requirements to support the authentication service that manages combination of multiple service providers. X.sap-5, Guideline on anonymous authentication for e-commerce service This Recommendation develops an anonymous authentication guideline and reference model for ecommerce because anonymous authentication can be used for providing privacy-preserving technology. This Recommendation describes privacy threats and security requirements for privacy enhanced e-commerce service. It also describes security functions that satisfy the security requirements and anonymous authentication reference models for e-commerce. - 26 - X.sap-6, One time password based non-repudiation framework This Recommendation provides a non-repudiation framework based on one time password (OTP) to provide trust mechanisms between transaction entities. Also, this Recommendation describes the security requirements of OTP-based non-repudiation service as well as mechanisms for generating non-repudiation token. The sender may request TTP to generate the non-repudiation token of origin for the sender and also the recipient may request to verify the token of delivery for the recipient. Also, the TTP may generate the non-repudiation token of delivery for the recipient and verifies the token for the sender. X.websec-4, Security framework for enhanced web based telecommunication services This Recommendation provides a security framework for enhanced web based telecommunication services. This Recommendation describes security threats and security requirements of the enhanced web based telecommunication services, and it also describes security functions and technologies that satisfy the security requirements. X.xacml3, eXtensible Access Control Markup Language (XACML) 3.0 This Recommendation defines core XACML including syntax of the language, models, context with policy language model, syntax and processing rules. This Recommendation specifies XACML core and hierarchical role based access control profile. A multiple resource profile of XACML and a SAML 2.0 profile of XACML are specified. To improve on the security of exchanging XACML based policies, this Recommendation also specifies an XACML XML digital signature profile for securing data. A privacy profile is specified in order to provide guidelines for implementers. This Recommendation is technically equivalent and compatible with the OASIS XACML 3.0 standard. Question 8/17 – Service oriented architecture security X.ccsec, Security guideline for cloud computing in telecommunication area This Recommendation analyzes security challenges for cloud computing in telecommunication area, and describes some security considerations for cloud computing service providers and consumers as a guidance to help them deploy cloud computing services as well as choose cloud computing services. X.fsspvn, Framework of the secure service platform for virtual network This Recommendation defines the framework of service platform for virtual network (SPVN), which aims to establishing and managing virtual network. The service platform provides the functions of network connectivity (e.g. NAT transversal), security service (e.g. identity management in virtual network) and network management (e.g. security policy distribution, group management in virtual network). This Recommendation also describes the key technologies used in the service platform and the interfaces between the service platform and applications. X.sfcse, Security functional requirements for Software as a Service (SaaS) application environment This Recommendation provides a generic functional description for secure service oriented Software as a Service (SaaS) application environment that is independent of network types, operating system, middleware, vendor specific products or solutions. In addition, this Recommendation is independent of any service or scenarios specific model (e.g., web services, Parlay X or REST), assumptions or solutions. This Recommendation aims to describe a structured approach for defining, designing, and implementing secure and manageable service oriented SaaS application environment capabilities in telecommunication cloud computing environment. - 27 - X.srfcts, Security requirements and framework of cloud based telecommunication service environment This Recommendation describes both general and specific security requirements of cloud based telecommunication services that include service creation, service integration, service delivery, data storage and key management etc. This Recommendation also aims to describe the security framework with integration of various security functions that can provide differentiated security levels for various cloud based services. Question 9/17 - Telebiometrics X.1081 Amendment 3, The telebiometric multimodal model – A framework for the specification of security and safety aspects of telebiometrics - Amendment 3: Enhancement to support a new modality “ELECTRO” and define new object identifiers This Amendment adds a seventh modality, "ELECTRO", which is used in the future Recommendation X.th2 (Telebiometrics related to physics). It also assigns new object identifiers for quantities which will be defined in parts 2 to 6 of the X.th series. X.1086, Amd. 1, Telebiometric protection procedures - A guideline to technical and managerial countermeasures for biometric data security - Amendment 1: Multibiometric protection procedures This Amendment updates ITU-T Recommendation X.1086 to incorporate multiple biometrics information in telebiometric protection procedures by modifying Summary, Keywords, Scope, References, Definitions, Abbreviations and Acronyms, and Bibliography. The Amendment defines new vulnerabilities and protection guidelines in four different fusion levels, sample-level, feature-level, score-level, and decision-level, for multibiometric systems. The Amendment adds Appendix V to describe applicable techniques for multibiometris data protection. X.1090 (X.ott), Authentication framework with one-time telebiometric template This Recommendation describes a user authentication framework with a one-time telebiometric template. The framework provides secure user authentication and protection mechanisms for a biometric template transmitted over open networks. It prevents a replay attack and protects an original biometric template by generating a new template upon each completion of authentication. This Recommendation also addresses the security requirements associated with the framework for a one-time telebiometric template. X.bhsm, Telebiometric authentication framework using biometric hardware security module This Recommendation describes a framework and specifies requirements for a telebiometric authentication using biometric hardware security module (HSM). The Recommendation provides a definition of the biometric HSM and describes how it should be operated for secure telebiometric authentication using biometric HSM. The framework focuses on official guidance of how to employ various security mechanisms to prevent various attacks and assure telebiometric authentication with biometric HSM. It further provides proper application models required when telebiometric authentication and X.509 certificate based PKI are combined to prove the owner of a private key associated to an X.509 certificate. X.gep, A guideline for evaluating telebiometric template protection techniques This Recommendation describes a general guideline for testing and reporting the performance of biometric template protection techniques based on biometric cryptosystem and cancelable biometrics, as the targets of evaluation. This guideline specifies two reference models for evaluation - 28 - which uses biometric template protection techniques in telebiometrics system. Then, it defines the metrics, procedures, and requirements for testing and evaluating the performance of the biometric template protection techniques. X.th1, e-Health and world-wide telemedicines – Generic telecommunication protocol This Recommendation is designed to provide wide-area communication in support of health-related activities, where the communication can usefully be undertaken as structured messages. It aims to remove the need for medical staff and patients to be co-located, and supports both multi-party (for audit and training purposes) as well as one-to-one interactions. It recognizes that in many cases interactions between medical staff and patients need to be supplemented by unstructured voice and/or video communication, which may need synchronization with the structured message flows. There are many standards development groups involved in health-care, including standardization of various aspects of medical and dental and DNA records. This Recommendation recognizes and identifies their defined data formats and interactions using ASN.1 object identifiers (OIDs). It aims to support "world-wide medicines". This is intended to include not only Western medicine and drugs, but also alternative therapies, including herbal remedies and interventions such as acupuncture. This Recommendation specifies complete protocols (including a service discovery protocol) using TCP/IP and SOAP/HTTP, with bindings similar to those specified in ITU-T X.1083 | ISO/IEC 24708. Security features are provided using ITU-T X.509 | ISO/IEC 9594-8 and its derivatives. The communications require the identification of a variety of objects ranging from medical practitioners, medical and dental record formats, to drugs and surgical intervention procedures. It also requires identification of physiological quantities and units. This Recommendation specifies ASN.1 Information Object Classes for the identification of these objects, and other parts of this series of Recommendations provide the Internationalized Object Identifiers to identify objects in these classes. The other five parts (covering the fields of physics, chemistry, biology, culturology and psychology) provide the associated Information Object definitions and assign OIDs for both quantities and units and other objects associated with the fields of study. X.th2, Telebiometrics related to physics This Recommendation specifies two aspects of telebiometrics related to safety, security, privacy and anonymity. One is the set of messages, with authentication and integrity and privacy (specified using ASN.1) that provide the telebiometric communications between an operator and a remote telemedicine device. The other is the tables of physiological quantities and units and their thresholds that define the thresholds for safety of a human being when various sensors or actions are being applied to the human body. This Recommendation uses the framework defined in ITU-T X.1081 for optimal safety and security in telebiometrics. It is applicable to both physics and biometrics (the measurement of physiological, biological, and behavioral characteristics limited to the field of physics). A taxonomy of wetware and hardware/software interactions is defined. Thresholds are specified using the set of International System of Quantities (ISQ) and the related International System of Units (SI). X.th3, Telebiometrics related to chemistry This Recommendation specifies two aspects of telebiometrics related to safety, security, privacy and anonymity. One is the set of messages, with authentication and integrity and privacy (specified using ASN.1) that provide the telebiometric communications between an operator and a remote telemedicine device. The other is the tables of physiological quantities and units and their thresholds that define the thresholds for safety of a human being when various sensors or actions are - 29 - being applied to the human body. This Recommendation uses the framework defined in ITU-T X.1081 for optimal safety and security in telebiometrics. It is applicable to both chemistry and biometrics (the measurement of physiological, biological, and behavioral characteristics to the field of chemistry). A taxonomy of wetware and hardware/software interactions is defined. Thresholds are specified using the set of International System of Quantities (ISQ) and the related International System of Units (SI). X.th4, Telebiometrics related to biology This Recommendation specifies two aspects of telebiometrics related to safety, security, privacy and anonymity. One is the set of messages, with authentication and integrity and privacy (specified using ASN.1) that provide the telebiometric communications between an operator and a remote telemedicine device. The other is the tables of physiological quantities and units and their thresholds that define the thresholds for safety of a human being when various sensors or actions are being applied to the human body. This Recommendation uses the framework defined in ITU-T X.1081 for optimal safety and security in telebiometrics. It is applicable to both biology and biometrics (the measurement of physiological, biological, and behavioral characteristics to the field of biology). A taxonomy of wetware and hardware/software interactions is defined. Thresholds are specified using the set of International System of Quantities (ISQ) and the related International System of Units (SI). X.th5, Telebiometrics related to culturology This Recommendation specifies two aspects of telebiometrics related to safety, security, privacy and anonymity. One is the set of messages, with authentication and integrity and privacy (specified using ASN.1) that provide the telebiometric communications between an operator and a remote telemedicine device. The other is the tables of physiological quantities and units and their thresholds that define the thresholds for safety of a human being when various sensors or actions are being applied to the human body. This Recommendation uses the framework defined in ITU-T X.1081 for optimal safety and security in telebiometrics. It is applicable to both culturology and biometrics (the measurement of physiological, biological, and behavioral characteristics to the field of culturology). A taxonomy of wetware and hardware/software interactions is defined. Thresholds are specified using the set of International System of Quantities (ISQ) and the related International System of Units (SI). X.th6, Telebiometrics related to psychology This Recommendation specifies two aspects of telebiometrics related to safety, security, privacy and anonymity. One is the set of messages, with authentication and integrity and privacy (specified using ASN.1) that provide the telebiometric communications between an operator and a remote telemedicine device. The other is the tables of physiological quantities and units and their thresholds that define the thresholds for safety of a human being when various sensors or actions are being applied to the human body. This Recommendation uses the framework defined in ITU-T X.1081 for optimal safety and security in telebiometrics. It is applicable to both psychology and biometrics (the measurement of physiological, biological, and behavioral characteristics to the field of psychology). A taxonomy of wetware and hardware/software interactions is defined. Thresholds are specified using the set of International System of Quantities (ISQ) and the related International System of Units (SI). - 30 - X.tif, Integrated framework for telebiometric data protection in e-health and worldwide telemedicines This Recommendation provides an integrated framework for protecting biometric data and private information protection in e-health and worldwide telemedicines. It defines a model of health services using telebiometrics for user identification and authentication. It identifies the threats in transmitting various sensory data related to human health and provides their countermeasures for secure transmission. WORKING PARTY 3/17 - IDENTITY MANAGEMENT AND LANGUAGES Question 10/17 - Identity management architecture and mechanisms X.1253 (X.idmsg), Security guidelines for identity management systems This Recommendation proposes security guidelines for identity management (IdM) systems. The security guidelines provide how an IdM system should be deployed and operated for secure identity services in NGN (Next Generation Network) or cyberspace environment. The security guidelines focus on providing official advice how to employ various security mechanisms to protect a general IdM system and it also provides proper security procedures required when two IdM systems are interoperated. X.1261 (X.EVcert), Extended validation certificate framework (EVcert) This Recommendation covers the extended validation certificate framework and is an integrated combination of technologies, protocols, identity proofing, lifecycle management, and auditing practices that describe the minimum requirements that must be met in order to issue and maintain extended validation certificates (“EV certificates”) concerning an organization. Subject organization information from valid EV certificates can then be displayed in a special manner by certain relyingparty software applications (e.g., browser software) in order to provide users with a trustworthy confirmation of the identity of the entity that controls the website or other services they are accessing. Although initially intended for use in establishing web-based data communication conduits via transport layer security – or secure socket layer (TLS/SSL) protocols, extensions are envisioned for secure / multipurpose Internet mail extensions (S/MIME), time-stamping, voiceover-Internet (VoIP), instant messaging (IM), web services, etc. The primary purposes of this Recommendation are to: 1) identify the legal entity that controls a web or service site, and 2) enable encrypted communications with that site. The secondary purposes include significantly enhancing cybersecurity by helping establish the legitimacy of an organization claiming to operate a website, and providing a vehicle that can be used to assist in addressing problems related to distributing malware, phishing, identity theft, and diverse forms of online fraud. X.authi, Authentication integration in identity management This Recommendation provides a guideline for the telecom operators to implement the authentication integration of the network layer and the service layer, so that a user need not to be reauthenticated again in the service layer if (s)he has been strictly authenticated when accessing the operator's network. This Recommendation analyzes the scenarios in which the authentication integration can be implemented well. It also provides the technical frameworks and solutions for the authentication integration in these scenarios. X.atag, Attribute aggregation framework This Recommendation develops a framework for aggregating identity attributes from different identity providers, while identifying the resulting assurance level. The Recommendation also treats a secure attribute exchange under user control. - 31 - X.discovery, Discovery of identity management information This Recommendation enables discovery: • for relevant information about identifiers, including those utilizing e-mail address syntax and those that are URLs as well as persistent identifiers; • of attributes about identity providers and relying parties, including, but not limited to visual logos and human-readable site names; • supporting a spectrum of clients, ranging from passive clients to active clients with bootstrapping functionality; • of authenticable attributes and add-on functionality of non-browser applications; • of trust frameworks, policies and references. X.eaa, Information technology – Security techniques – Entity authentication assurance framework This Recommendation | International Standard defines four levels of entity authentication assurance (i.e., LoA 1 – LoA 4); and the criteria and threats for each of the four levels of entity authentication assurance. Additionally it: • specifies a framework for managing the assurance levels; • based on a risk assessment, provides guidance concerning control technologies that to be used to mitigate authentication threats to authentication; • provides guidance for mapping the four levels of assurance to other authentication assurance schemas; and • provides guidance for exchanging the results of authentication that are based on the four levels of assurance. X.giim, Generic identity management interoperability mechanisms This Recommendation provides a generic framework for identity management (IdM) that is independent of network types, technology or vendor specific products used to provide solutions, and operating environment taking into consideration the need for large scale flexible and dynamic authentication systems. X.idmcc, Requirement of IdM in cloud computing The Recommendation focuses on the harmonization of the telecommunication services in the cloud computing environment. This Recommendation starts from the use-case and requirements analysis in consideration of the existing industry efforts and it concentrates on how to harmonize the telecommunication services and the Internet services based on a common identity management infrastructure in the cloud computing environment. X.idmgen, Generic identity management framework This Recommendation provides a generic framework for identity management (IdM) that is independent of network types, technology or vendor specific products used to provide solutions, and operating environment. In addition, this Recommendation is independent of any service or scenarios specific model (e.g., web services, third party or federated models), assumptions or solution specifications. The primary purpose of this framework is to describe a structured approach for designing, defining, and implementing IdM solutions and facilitate interoperability in heterogeneous environments. - 32 - This framework is intended to be used as a foundation to develop and specify specific aspects of IdM such as detailed requirements, mechanisms and procedures as needed to facilitate interoperability between different federations, service providers or enterprises (e.g., government or private corporations) using different IdM systems and solutions based on different specifications or technology, and operating under different regulatory rules, policies and conditions. There are no restrictions imposed on the applicability of this Recommendation. Since the described framework is generic it could be applied or used as appropriate to any specific IdM solution or networking environment such as private or public enterprises (e.g., government or private corporations), next generation network (NGN), managed IP networks. X.idm-ifa, Framework architecture for interoperable identity management systems This Recommendation proposes a blueprint for a modular framework architecture for identity management systems. The architecture is expected to serve as a reference while discussing, designing and developing future interoperable identity management (IdM) systems. The architecture is intended to be generic in order to satisfy versatile requirements of user-centric, network-centric and service-centric IdM systems. In addition, an informative mapping of the architecture on to next generation networks is included. X.mob-id, Baseline capabilities and mechanisms of identity management (IdM) for mobile applications and environment This Recommendation specifies baseline capabilities and mechanisms of identity management (IdM) for mobile applications and environment. The capabilities can include user requirements to meet user’s needs and functional aspects for IdM in mobile context. In addition, it specifies mechanisms for IdM in mobile context to be satisfied when an application in mobile environment is developed. It provides a reference framework that can incorporate specified baseline capabilities of IdM to be used in mobile applications and environment. The mechanisms specify mobile identity management and security to provide core mobile identity lifecycle management and security mechanisms. It also provides mobile identity operations that can provide functions required to build up secure and personalized mash-up applications in mobile environment. X.oitf, Open identity trust framework This Recommendation addresses identity management technologies that reduce the friction of using the Web, much like credit cards reduce the friction of paying for goods and services. However, they also introduce a new problem: who do you trust? In other words, how does a relying party know it can trust credentials from an identity service provider without knowing if that provider’s security, privacy, and operational policies are strong enough to protect the relying party’s interests? A trust framework enables a party who accepts a digital identity credential (called the relying party) to trust the identity, security, and privacy policies of the party who issues the credential (called the identity service provider). X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management This Recommendation defines the criteria for assessing the level of protection for personally identifiable information (PII) of the identity provider and the relying party concerned in identity service, depending on the protection for personally identifiable information requested by them to the requesting/asserting party, and the type and use purpose of PII and maintain period of PII, as well as the technical and administrative measures for protection for PII. - 33 - Question 11/17 – Directory services, Directory systems, and public-key/attribute certificates F.5xx, Directory Service - Support of tag-based identification services This Recommendation provides guidance for providing directory services for tag-based identification applications by reference to the directory capabilities as specified in the ITU-T X.500 Series of Recommendations | ISO/IEC 9594-All Parts and in the Lightweight Directory Access Protocol (LDAP) specifications as developed within Internet Engineering Task Force (IETF). A tag, also called an Automatic Identification and Data Capture (AIDC) media. It holds an identifier that identifies the item to which the AIDC media is affixed or associated. The directory may be used to store information associated with the AIDC media to be accessed using the identifier as the argument in a directory retrieval request. This Recommendation identifies two cases, one case where the identifier is used as a whole to access a centralized directory, and another case where the structure of the identifier is explored to access distributed directory systems, when it is not feasible for a specific environment to hold all relevant information in a single directory. In this latter situation the top-level information could be held by some type of independent service provider, while the company and/or item related information may held by the information owner. The primary focus is on radio frequency identification (RFID) tags as specified within the GS1 EPCglobal specifications and within ISO and ISO/IEC International Standards. Question 12/17 - Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration X.660, Information technology – Open Systems Interconnection – Procedures for the operation of OSI Object Identifier Registration Authorities: General procedures and top arcs of the International Object Identifier tree Recommendation ITU-T X.660 | ISO/IEC 9834-1 defines a tree structure that supports international object identifiers (OIDs). It includes registration of the top-level arcs of the OID tree. It also specifies procedures for the operation of an International Registration Authority for use, when needed, by other ITU-T Recommendations and/or International Standards. For easy reference, and to emphasize that this tree is an extended form of the original OID tree (defined in earlier versions of this Recommendation | International Standard), this specific tree can be referred to as "the International Object Identifier tree", or more commonly as just "the OID tree". The original OID tree required all arcs to be unambiguously identified by a primary integer value, with the use for human readability of (not necessarily unambiguous) secondary identifiers (restricted to the Latin alphabet). Secondary identifiers were not normally carried in protocols or used for machine identification. The International Object Identifier tree extends this by allowing an arc to also be unambiguously identified by a Unicode label (a string of Unicode characters) that can be carried in protocols and can be used for machine identification. The primary integers and secondary identifiers of the International Object Identifier tree continue to be used in encodings (primary integer values only) and value notation (primary integer values and secondary identifiers) of the ASN.1 OBJECT IDENTIFIER type, which is unchanged. The Unicode labels can only be used in encodings and value notation of the ASN.1 OID-IRI type. It also provides recommendations on an appropriate fee structure for registration of lower level arcs. - 34 - Question 13/17 - Formal languages and telecommunication software Z.100 (revised), Specification and description language: Overview of SDL-2010 This Recommendation is a part of the set of Specification and description language Recommendations for SDL-2010. It provides an overview and common material (such as conventions and tool compliance). It gives concepts for behavior, data description and (particularly for larger systems) structuring. The basis of behavior description is extended finite state machines communicating by messages. Data description is based on data types for values. The basis for structuring is hierarchical decomposition and type hierarchies. A distinctive feature is the graphical representation. SDL-2010 is backwards compatible with previous versions of SDL while adding significant new features. This Recommendation is revised as part of the restructuring of the ITU-T Z.100 series for SDL2010. Z.101, Specification and description language: Basic SDL-2010 This Recommendation is part of the set of Specification and description language Recommendations for SDL-2010. It covers core features such as agent (block, process) type diagrams, agent diagrams for structures with channels, diagrams for extended finite state machines and the associated semantics for these basic features. The language defined by Z.101 includes is called "Basic SDL-2010". Z.102, Specification and description language: Comprehensive SDL-2010 This Recommendation is part of the set of Specification and description language Recommendations for SDL-2010. It extends the semantics and syntax of the Basic language to cover full abstract grammar and the corresponding canonical concrete notation. This includes features such as continuous signals, enabling conditions, type inheritance, and aggregate states. The language defined by Z.103 includes features defined in Z.101 and is called "Comprehensive SDL2010". Z.103, Specification and description language: Shorthand notation and annotation in SDL-2010 This Recommendation is part of the set of Specification and description language Recommendations for SDL-2010. It adds notation shorthand (such as asterisk state) that make the language easier to use and more concise, and various annotations that make models easier to understand (such as comments or create lines), but does not add to the formal semantics of the models. The shorthand notations are transformed from the concrete syntax of ITU-T Z.103 to concrete syntax that is allowed by ITU-T Z.102 or ITU-T Z.101. The language defined by Z.103 includes features defined in Z.101 and Z.102 and is called "Shorthand SDL-2010". Z.104 (revised), Specification and description language: Data and action language in SDL-2010 This Recommendation is part of the set of specification and description language Recommendations for SDL-2010. It defines the detail of the data and action language used to define data types and expressions. In SDL-2010 it is allowed to use different concrete data notations, such as the SDL2000 data notation or C with bindings to the abstract grammar and the predefined data package. This Recommendation is revised to be consistent with the rest of the Z.100 series for SDL-2010. It replaces the data part of ITU-T Z.100 for SDL-2000 and previous ITU-T Z.104 on encoding of data. - 35 - Z.105 (revised), Specification and description language: SDL-2010 combined with ASN.1 modules This Recommendation is part of the set of Specification and description language Recommendations for SDL-2010. It defines how Abstract Syntax Notation One (ASN.1) modules can be used in combination with SDL-2010. The combined use of SDL and ASN.1 permits a coherent way to specify the structure and behavior of telecommunication systems, together with data, messages and encoding of messages that these systems use. This Recommendation is revised to be consistent with the rest of the ITU-T Z.100 series for SDL2010, because it references the syntax and semantics of the language in other Recommendations in the series. There are some refinements of this Recommendation based on its use and usefulness, and changes to ASN.1. Z.106 (revised), Specification and description language: Common interchange format (CIF) for SDL-2010 This Recommendation is part of the set of Specification and description language Recommendations for SDL-2010. The common interchange format (CIF) is intended for the interchange of graphical SDL specifications (SDL-GR) made on different tools that do not use the same storage format. This Recommendation is revised to be consistent with the rest of the ITU-T Z.100 series for SDL2010. Z.109 (revised), Specification and description language: Unified Modeling Language (UML) profile for SDL 2010 This Recommendation is part of the set of Specification and description language Recommendations for SDL-2010. It defines a unified modeling language (UML) profile that maps to SDL-2010 semantics so that UML can be used in combination with SDL. The combined use of SDL-2010 and UML permits a coherent way to specify the structure and behaviour of telecommunication systems, together with data. This Recommendation is revised to be consistent with the rest of the ITU-T Z.100 series for SDL2010, because it references the abstract grammar of the language and paragraphs for transformation models in other Recommendations in the series. Z.120 (revised – 2012), Message sequence chart (MSC) The purpose of recommending the message sequence chart (MSC) notation is to provide a trace language for the specification and description of the communication behavior of system components and their environment by means of message interchange. Since in MSC diagrams the communication behavior is presented in a very intuitive and transparent manner, particularly in the graphical representation, the MSC language is easy to learn, use and interpret. In connection with other languages it can be used to support methodologies for system specification, design, simulation, testing, and documentation. This Recommendation is revised to reflect the experience and changes in use of the language since the last major revision of the language (to MSC-2000) in 1999 and the last update in 2004 and maintenance revision in 2010. Z.151 (revised), User requirements notation (URN) – Language definition This Recommendation defines the user requirements notation (URN) intended for the elicitation, analysis, specification, and validation of requirements. URN combines modeling concepts and notations for goals (mainly for non-functional requirements and quality attributes) and scenarios (mainly for operational requirements, functional requirements, and performance and architectural - 36 - reasoning). The goal sub-notation is called goal-oriented requirements language (GRL) and the scenario sub notation is called use case map (UCM). This Recommendation is revised to consider new language concepts and to reflect the experience and use of the notation since the initial release of the standard for the notation in 2008 (ITU-T Z.151). Z.uml-msc, Unified modeling language (UML) profile for MSC This Recommendation defines a unified modeling language (UML) profile that maps UML2 to message sequence chart (ITU-T Z.120) semantics so that UML can be used in combination with MSC. This combined use permits a coherent way to describe message-oriented scenarios for telecommunication systems. This work enables one to use UML2 tools and construct models (e.g., interaction diagrams) that will have the semantics of MSC. Z.uml-urn-grl, Unified modeling language (UML) profile for URN GRL This Recommendation defines a unified modeling language (UML) profile that maps UML2 to user requirements notation (URN) semantics for goal requirements, so that UML can be used in combination with goal-oriented requirements language (GRL). This combined use permits a coherent way to describe goal models, complemented with other UML concepts and diagrams. This work enables one to use UML2 tools and construct UML models that will have the semantics of URN. Z.uml-urn-ucm, Unified modeling language (UML) profile for URN UCM This Recommendation defines a unified modeling language (UML) profile that maps UML2 to user requirements notation (URN) semantics for use descriptions, so that UML can be used in combination with use case maps (UCM). This combined use permits a coherent way to describe causal scenarios for telecommunication systems, complemented with other UML concepts and diagrams. This work enables one to use UML2 tools and construct UML models that will have the semantics of URN. Z Suppl.1 (revised), Supplement 1 to Z-series Recommendations – ITU-T Z.100-series – Supplement on methodology on the use of description techniques This Supplement replaces ITU-T Z.100 Supplement 1 (10/96) and includes a tutorial on the use of unified modeling language (UML) with ITU-T languages. It is intended that the document is suitable for incorporation by the users in their overall methodologies, tailored for their application systems and specific needs. In particular, this Supplement does not detail issues of derivation of an implementation from the specification or the testing of systems. In the case of testing, it is expected that this should be partially covered by a separate document dealing with the generation of tests for standards or products. In the case of product implementation, it is expected that manufacturers will have their own derivation guidelines and methodology. Z.Imp100 (revised), Specification and description language Implementers’ Guide - Version 2.0.0 This Implementers’ Guide is principally a compilation of reported defects and their resolutions to the Specification and description language ITU-T Recommendations for SDL-2010: • Z.100, Z.101, Z.102, Z.103, Z.104, Z.105, Z.106, Z.109, Z.111 and Z.119. It also contains some historical information of the previous set of Z.100-series Recommendations. - 37 - Question 14/17 - Testing languages, methodologies and framework Z.161 (revised), Testing and Test Control Notation version 3: TTCN 3 core language Recommendation ITU-T Z.161 defines TTCN-3 (Testing and Test Control Notation 3) intended for specification of test suites that are independent of platforms, test methods, protocol layers and protocols. TTCN-3 can be used for specification of all types of reactive system tests over a variety of communication ports. Typical areas of application are protocol testing (including mobile and Internet protocols), service testing (including supplementary services), module testing, testing of CORBA based platforms and APIs. The specification of test suites for physical layer protocols is outside the scope of this Recommendation. The core language of TTCN-3 can be expressed in a variety of presentation formats. While this Recommendation defines the core language, Recommendation ITU-T Z.162 defines the tabular format for TTCN (TFT) and Recommendation ITU-T Z.163 defines the graphical format for TTCN (GFT). The specification of these formats is outside the scope of this Recommendation. The core language serves three purposes: 1) as a generalized text-based test language; 2) as a standardized interchange format of TTCN test suites between TTCN tools; 3) as the semantic basis (and where relevant, the syntactical basis) for the various presentation formats. The core language may be used independently of the presentation formats. However, neither the tabular format nor the graphical format can be used without the core language. Use and implementation of these presentation formats shall be done on the basis of the core language. Z.164 (revised), Testing and Test Control Notation version 3: TTCN-3 operational semantics Recommendation ITU-T Z.164 defines the operational semantics of TTCN-3 (Testing and Test Control Notation 3). The operational semantics are necessary to unambiguously interpret the specifications made with TTCN-3. This Recommendation is based on the TTCN-3 core language defined in [ITU T Z.161]. Z.165 (revised), Testing and Test Control Notation version 3: TTCN 3 runtime interface (TRI) Recommendation ITU-T Z.165 provides the specification of the runtime interface for TTCN-3 (Testing and Test Control Notation 3) test system implementations. The TTCN-3 Runtime Interface provides the recommended adaptation for timing and communication of a test system to a particular processing platform and the system under test, respectively. This Recommendation defines the interface as a set of operations independent of target language. The interface is defined to be compatible with ITU T Recommendation Z.161. This Recommendation uses the CORBA Interface Definition Language (IDL) to specify the TRI completely. Clauses 6 and 7 specify language mappings of the abstract specification to the target languages Java and ANSI-C. A summary of the IDL-based interface specification is provided in Annex A. Z.166 (revised), Testing and Test Control Notation version 3: TTCN-3 control interface (TCI) Recommendation ITU-T Z.166 specifies the control interfaces for TTCN-3 test system implementations. The TTCN-3 Control Interfaces provide a standardized adaptation for management, test component handling and encoding/decoding of a test system to a particular test platform. This Recommendation defines the interfaces as a set of operations independent of a target language. - 38 - The interfaces are defined to be compatible with the TTCN-3 standards (see clause 2). The interface definition uses the CORBA Interface Definition Language (IDL) to specify the TCI completely. Clauses 8 and 9 present language mappings for this abstract specification to the target languages Java and ANSI C. A summary of the IDL based interface specification is provided in Annex A. Z.167 (revised), Testing and Test Control Notation version 3: TTCN-3 mapping from ASN.1 Recommendation ITU-T Z.167 defines a normative way of using ASN.1 as defined in Recommendations ITU-T X.680, ITU-T X.681, ITU-T X.682 and ITU-T X.683 with TTCN-3. The harmonization of other languages with TTCN-3 is not covered by this Recommendation. Z.168 (revised), Testing and Test Control Notation version 3: TTCN-3 mapping from CORBA IDL Recommendation ITU-T Z.168 defines the mapping rules for CORBA IDL (as defined in chapter 3 in Draft Approved Specification ptc/06-05-01 (2006)) to TTCN-3 (as defined in Recommendation ITU-T Z.161) to enable testing of CORBA-based systems. The principles of mapping CORBA IDL to TTCN-3 can be also used for the mapping of interface specification languages of other object/component-based technologies. The specification of other mappings is outside the scope of this Recommendation. Z.169 (revised), Testing and Test Control Notation version 3: TTCN-3 mapping from XML data definition Recommendation ITU-T Z.169 defines the mapping rules for W3C Schema to TTCN-3 to enable testing of XML-based systems, interfaces and protocols. Z.170 (revised), Testing and Test Control Notation version 3: TTCN-3 documentation comment specification Recommendation ITU-T Z.170 defines a documentation of TTCN-3 source code using special documentation comments. The source code documentation can then be produced automatically from the TTCN-3 core language, e.g., in the form of hypertext web pages. ___________
