ITU-T Study Group 17
Security, Languages and
Telecommunication Software
Summary of Results
Study Period 2005-2008
Herbert Bertine
Contents
Terms of reference
Highlights of achievements
Projects
Future work
Conclusions
Supplemental slides
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
2
Terms of Reference
Responsible for studies relating to
security, the application of open system
communications including networking and
directory, and for technical languages,
the method for their usage and other
issues related to the software aspects of
telecommunication systems.
Lead Study Group for:
–
–
Telecommunication security
Languages and description techniques
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
3
Highlights of achievements (I)
SG 17 successfully transitioned into a core
competency center on security averaging 114
participants
SG 17 examined 641 contributions and 2800+ TDs
and drew up 88 new or revised Recommendations
43 Recommendations currently under AAP or TAP
66 draft new/revised Recommendations currently
under development for approval in the next study
period
2 Lead Study Group responsibilities, 3 Focus
Groups, 2 JCAs, and 2 Projects were very active
Increased collaboration with SDOs (eg, joint texts)
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
4
Highlights of achievements (II)
Lead study group for Telecommunication Security
–
–
Close coordination with other SGs and SDOs on security;
Security Standards Roadmap developed
Establishment of a Joint Coordination Activity on Identity
Management (JCA-IdM)
Lead study group for Languages and Description
Techniques
–
–
Progress on ITU-T languages driven by Language
Coordination entity
Establishment of a Joint Coordination Activity on
Conformance and Interoperability Testing (JCA-CIT)
Study Group 17 has managed Focus Groups on
–
–
–
User Requirements Notation (URN)
Security Baseline for Network Operators (SBNO)
Identity Management (IdM)
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
5
Security (WP 2) Highlights (I)
Security Architecture and Frameworks
–
4 Recs and 1 Supplement on aspects of network security
Cybersecurity
–
–
–
–
In support WTSA-04 Resolution 50
Overview of Cybersecurity (X.1205)
X.1206 (spyware) and X.1207 (dissemination of updates)
Extended and adopted OASIS CAP for emergency services
Identity Management (IdM)
–
–
–
Leveraging significant deliverables from FG-IdM
2 Recs (X.1250, X.1251) in TAP, many under development
Intense work program; many collaborations; difficult
Countering Spam
–
–
In support WTSA-04 Resolution 52
3 Recs approved, 1 in TAP, 4 under development
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
6
Security (WP 2) Highlights (II)
Information Security Management
–
–
Guidelines for telecommunications organizations (X.1051)
with JTC1/SC27 (part of ISO/IEC 27000-series on ISMS)
Incident Management and Risk Management Guidelines
Secure applications and services
–
–
Security for home network, mobile communications, peerto-peer communications, web services, IPTV, NID, …
Markup languages SAML and XACML with OASIS
Telebiometrics
–
Interworking protocol, authentication protocol, digital key
framework, data security, safety aspects with ISO & IEC
Communications systems security
–
–
–
In support WTSA-04 Resolution 50
Security baseline for network operators (from FG-SBNO)
Security project (see separate slide)
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
7
Language (WP 3) Highlights
ASN.1 and OIDs
–
–
–
New edition of ASN.1 (X.680/690-series) with JTC1/SC6
New edition of Registration Authorities for OIDs
(X.660/X.670-series) with JTC1/SC6
ASN.1 and OID project (see separate slide)
SDL, MSC, URN, UML
–
–
–
–
Deliverable from FG-URN basis for Z.151 on URN
Z.100, Z.109 on SDL, Z.111 on notations, Z.119 on UML,
Z.120 Appendix on Application of MSC
SDL update planned for 2009
Updated Z.110 on FDTs and Z.140 on quality of Recs
Open Distributed Processing (ODP)
–
New X.906 and revised X.911 with JTC1/SC7
Testing languages and methodologies
–
–
New edition of TTCN (Z.160/170-series) with ETSI
Two Supplements on interoperability testing
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
8
Open Systems (WP 1) Highlights
End-to-end Multicast with QoS
–
Relayed multicast and multicast transport with JTC1/SC6
Directory
–
–
New edition of X.500-series Directory Recommendations
including widely implemented X.509 with JTC1/SC6
E.115 was kept up-to-date to serve the increasing
requirements for directory assistance service providers
OSI
–
Implementers’ Guide issued
Internationalized Domain Names (IDN)
–
–
–
In support WTSA-04 Resolution 48
Questionnaire issued and responses analyzed
Webpage on IDN created and maintained
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
9
Security Project
(Major focus is on coordination and outreach)
Security coordination
–
–
–
–
Within SG 17, with ITU-T SGs, with ITU-D and externally
Kept TSAG, IGF, ISO/IEC/ITU-T SAG-S informed on security efforts
Made presentations to workshops/seminars and to GSC
Maintained reference information on the LSG on security webpage
Security Compendium
–
Includes catalogs of approved security-related Recommendations
and security definitions extracted from approved Recommendations
Security Standards Roadmap
Includes searchable database of approved ICT security standards
from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS)
ITU-T Security manual – assisted in its development
–
Survey of developing countries ICT security needs
–
–
–
The overall level of concern about cyber security is high
There is a high level of interest in the possibility of obtaining advice
and/or assistance on ICT security from the ITU
The ITU needs to do a better in promoting its ICT security products
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
10
ASN.1 and OID Project
ASN.1 (Abstract Syntax Notation One)
–
–
–
–
A formal notation that is widely used for describing (binary or XMLencoded) data transmitted by telecommunications protocols
Project provides speakers and tutorial material to assist users of
ASN.1 within and outside of the ITU
Project maintains a freely accessible database of error-free,
compilable ASN.1 modules contained in ITU-T Recommendations and
some additional modules from ISO/IEC and IETF to facilitate
accurate implementation of protocols
Database: http://www.itu.int/ITU-T/asn1/database (>650 modules)
Object identifiers (OIDs) and associated registration
–
–
–
–
Many standards define objects for which unambiguous identification
is required (e.g., PKI, network management, directories, …); the OID
tree is a hierarchical naming structure for these objects that is
managed in a decentralized way
Recently extended to include identifiers in any natural language
Project helps people and organizations to set up a Registration
Authority for their OIDs (>25 Member States have been helped)
OID Repository: http://www.oid-info.com (gathers >93000 OIDs)
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
11
Future Work (I)
Improving security and trust in networks is a top imperative
for the ITU-T
It is essential to a have a SG focused on security with a
substantial and critical work program that will attract
technical security experts needed to advance the work
Need the right balance between centralized and distributed
work on security with effective coordination
Strengthened relationships and coordinated actions are
needed on cybersecurity with ITU-D and Secretary General
Excellent collaboration with other bodies on security has
been established (e.g., ISO/IEC JTC 1, OASIS, Liberty
Alliance, ...) and needs to be strengthened and broadened
Improved awareness is needed of SG 17 security material
and tools (highlighted by security Questionnaire responses)
SG 17 would benefit by increased participation from underrepresented regions
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
12
Future Work (II)
SG 17 proposed 16 Questions for the next study period,
including 1 new on service oriented architecture security
Associated with this work should be lead study group
responsibilities for Security, Identity management, and
Languages and description techniques
66 draft Recommendations are already under preparation for
approval in the next study period
All SG 17 leaders (except for IDN) are continuing their
responsibilities uninterrupted during the interregnum period
Security and ASN.1 & OID Projects as well as JCA-IdM and
JCA-CIT need to continue given their important contributions
Breakthrough is needed for the essential security work on
Identity, Identity management and Personally identifiable
information
Restructuring of WPs is essential to achieve stronger
integration of ASN.1, OID and Directory with core security
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
13
Conclusion
Participation to SG 17 has increased during the
study period to maintain well above 100 participants
SG 17 has successfully transitioned this study
period to security as its main focus with a core set
of security experts
Within security work, has significantly build-up
participation and energy in Identity Management
SG 17 has build strong relations with other key
bodies working on security and initiated numerous
collaborative efforts
SG 17 has promoted and disseminated ITU-T
security work (e.g., workshops, security roadmap);
its achievements are well recognized
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
14
Supplemental Slides
Management team
Structure
Leadership for other groups (JCAs and FGs)
Statistics
Workshops (with SG 17 leadership /
participation)
Acknowledgements
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
15
Management Team (I)
Chairman
Herbert V. BERTINE
Vice-Chairmen Jianyong CHEN
USA
China
Byoung-Moon CHIN
Korea
Arkadiy KREMER
Russia
Arve MEISINGSET
Norway
Ostap MONKEWICH
Canada
Yu WATANABE
Japan
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
16
Management Team (II)
WP Chairmen
TSB
Byoung Moon CHIN
WP 1/17
Yu WATANABE
WP 2/17
Ostap MONKEWICH
WP 3/17
Georges SEBEK
Counsellor
Xiaoya YANG
Counsellor
Gabrielle REGAN
Assistant
Isabelle GARDE
Assistant
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
17
Study Group Structure
WP 1/17, Open Systems Technology
Multicast communications, directories, internationalized
domain names and maintenance of OSI Recommendations
WP 2/17, Telecommunication Security
ITU-T security project, development of the generic securityrelated Recommendations including Identity Management
(IdM) in support of ITU-T’s work
WP 3/17, Languages and Telecommunication software
ASN.1 and OID project, development of ITU-T formal
languages, support of ITU-T activities on conformance and
interoperablity testing (CIT)
Joint coordination activities (JCA-IdM, JCA-CIT)
Focus groups (FG URN, FG SBNO, FG IdM)*
* all terminated
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
18
Leadership for SG 17-related other
groups (I)
JCA-IdM
–
Co-Conveners: Richard BRACKNEY, Chae-Sub LEE,
Olivier DUBUISSON
–
Represented:
TSAG, SGs 2, 3, 4, 5, 6, 9, 11, 12, 13, 15,
16, 17, 19, ATIS, FIDIS, GSMA, ISO/IEC JTC1/SC6, ISO/IEC
JTC1/SC27/WG5, ISO/IEC JTC1/SC17, Liberty Alliance, OECD,
Eclipse (Higgins Project), Concordia
JCA-CIT
–
–
Convener: Ostap MONKEWICH
Represented: SGs 4, 11, 13, 16, 17, 19
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
19
Leadership for SG 17-related other
groups (II)
FG URN
–
(Established 11 2000; Terminated 04 2005)
Chairman: Daniel AMYOT
FG SBNO
–
–
Chairman: Arkadiy KREMER
Vice-Chairman: Luis Sousa CARDOSO
FG IdM
–
–
(Established 10 2005; Terminated 09 2007)
(Established 12 2006; Terminated 09 2007)
Chairman: Abbie BARBIR
Vice-Chairman: Antony NADALIN, Richard
BRACKNEY
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
20
Focus Group URN - Key Facts
Focus Group URN established:
Work electronically
11 2000
Members:
Practitioners
Researchers
User communities
email
wiki
workshops
Deliverables:
–
–
–
–
–
5
Language requirements and framework Z.150
Language definition
Z.151
Use case map notation
draft
Methodological approach
draft
UML profile for URN
draft
Terminated:
Work continues within:
04 2005
Question 12/17
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
21
Focus Group SBNO - Key Facts
FG SBNO established:
Meetings:
10 2005
Members:
Network operators,
Administrations,
ICT companies,
Academia
Deliverables:
2
–
–
Associated to regional
events
Survey on security baseline for
network operators
2006-2007
Proposed draft Recommendation X.sbno X.Sup2 (09 2007)
Terminated:
Work continues within:
09 2007
Question 4/17
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
22
Focus Group IdM - Key Facts
FG IdM established:
Meetings:
–
–
face-to-face
Electronic
12 2006
5
every 1,5 month
email, wiki
Members:
ITU-T and other SDO
members, ICT experts
Deliverables:
6 reports on
–
–
–
–
–
–
Activities completed and proposed
Deliverables
Identity management ecosystem and lexicon
Identity management use cases and gap analysis
Requirements for global interoperable identity management
Identity management framework for global interoperability
Terminated:
Work continues within:
09 2007
IdM-GSI
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
23
Statistics (I)
45 rapporteur group meetings held
(standalone, during GSI events or collaborative with ISO/IEC JTC
1/SC 6, 7, 27 or 37)
641 contributions received
(excluding Rapporteur
meetings)
7 SG meetings held
5 WP 1, 2, 3 meetings held
2 IdM-GSI events held (rapporteur groups)
Min/Max/Average SG participants:
88/141/114
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
24
Statistics (II)
88 New/Revised Recommendations
approved, plus 43 Recommendations
determined or consented
66 draft new/revised Recommendations
currently under development for approval
in the next study period
15 Questions assigned by WTSA-04
2 New Questions added during study
period
16 Questions proposed for next period
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
25
Workshops (I)
Advancing public-private partnerships for e-business standards
Geneva, Switzerland, 18 – 19 September 2008
Joint ITU-T and SDL Forum Society workshop on "ITU System
Design Languages"
Geneva, Switzerland, 15 – 16 September 2008
Regional Workshop on Frameworks for Cybersecurity and Critical
Information Infrastructure Protection
Buenos Aires, Argentina, 16-18 October 2007
WSC - Workshop on Transit Security
Gaithersburg, USA, 4-5 October 2007
Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and FIDIS
Workshop on Identity Management Standards
Lucerne, Switzerland, 30 September 2007
ITU Workshop on Frameworks for National Action: Cybersecurity
and Critical Information Infrastructure Protection
Geneva, 17 September 2007
Regional Workshop on Frameworks for Cybersecurity and Critical
Information Infrastructure Protection
Hanoi, Vietnam, 28-31 August 2007
Second Informal Workshop on Conformance and Interoperability
Testing
Geneva, 08 December 2006
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
26
Workshops (II)
ITU-T Workshop on Digital Identity for NGN
Geneva, 05 December 2006
Telecommunication Standardization Workshop
Maputo, Mozambique 25-27 October 2006
Joint ITU-T/ OASIS Workshop and Demonstration of Advances in
ICT Standards for Public Warning
Geneva, 19-20 October 2006
SAM 06
Kaiserslautern, Germany, 31 May - 02 June 2006
ITU and UNESCO Global Symposium on Promoting the Multilingual
Internet
Geneva, 9-11 May 2006
Informal Workshop on Conformance and Interoperability Testing
Geneva, 25 January 2006
Workshop on “New Horizons for Security Standardization”
Geneva, 3 - 4 October 2005
SDL'05 Forum
20-23 June, 2005, Grimstad, Norway
ITU-T Workshop on NGN in collaboration with IETF
ITU Headquarters, Geneva, 1 - 2 May 2005
Cybersecurity Symposium II
Moscow, Russian Federation, 29 March 2005
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
27
Acknowledgements
Great thanks are due to the many people
who have contributed to the enormous
success of SG 17 during this study period:
Delegates with their many contributions
Editors in drafting texts for Recommendations
Rapporteurs in leading work efforts
Liaison officers in coordinating efforts with other bodies
Project leaders, Focus Group leaders, JCA leaders
Management team including Working Party chairmen
TSB support – Counsellors, Assistants and other staff
Best wishes to all for the next study period
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
28
Thank you!
Herbert Bertine is chairman of ITU-T Study Group 17. He has been
actively involved in the standards work of the ITU since 1975 and
has held senior leadership positions since 1980. He has devoted
extensive efforts in facilitating cooperation with SDOs. He
represents the ITU-T in ISO/IEC/ITU-T SAG on security and is the ITU-T liaison
officer to ISO/IEC JTC 1.
Herb also has been active in other arenas dealing with ICT standards including
ISO/IEC JTC 1/SC 6 and ANSI. He was instrumental in developing the
collaborative procedures between ITU-T and JTC 1 (reflected in Rec. A.23) and in
establishing the cooperative procedures with the IETF.
Herb retired in November 2007. He was Director, Standards at Lucent
Technologies where he led Lucent’s standards efforts worldwide. He joined Bell
Laboratories in June 1965 and spent his career in communication technologies.
This included systems engineering work on modems, digital data systems, X.25
packet networks, open systems, and advanced communication systems. Since
1982, he had various responsibilities for corporate-wide standards management.
In October 2006, Herb was awarded the American National Standards Institute
(ANSI) Edward Lohse Information Technology Medal for outstanding technical and
managerial leadership in establishing international information technology and
telecommunications standards and the methods by which they are produced.
Herb has a Bachelor of Electrical Engineering degree and a Master of Electrical
Engineering degree from Rensselaer Polytechnic Institute. He is a member Eta
Kappa Nu (EE Honor Society) and Tau Beta Pi (Engineering Honor Society) and of
the Institute of Electrical and Electronic Engineers (IEEE).
ITU-T Study Group 17
Security, Languages and Telecommunication Software
International
Telecommunication
Union
29