-1Question(s): 28/16 Study Group: 16 Meeting, date: Working Party: 2/16 Intended type of document(R-C-D-TD): TD Source: Title: A.5 justification information for draft revised H.810 Contact: <Name> <Organization> <Country> Contact: Tel: Fax: Email: Tel: Fax: Email: Please don't change the structure of this table, just insert the necessary information. 1 Introduction According to ITU procedures, as described in ITU-T Recommendation A.5, any normative reference to documentation produced outside the ITU (other than ISO and IEC texts) needs to be evaluated by the study group or working party before a decision is made to incorporate the reference in an ITU-T Recommendation. This TD contains the A.5 justification information for revised H.810. 2 Referred documents and respective justifications - Bluetooth BCS: Bluetooth SIG, Body Composition Service, Version 1.0 - Specification approved at 2014-10-21. - The Body Composition Service, Version 1.0, is needed to allow device inter-connectivity within the ITU-T H.810 personal area network architecture. This specification defines a short-range communications system intended to replace the cable(s) connecting portable and/or fixed electronic devices for body composition analyzer. - Complete A.5 justification information can be found in Annex 1. - Bluetooth CTS: Bluetooth SIG, Current Time Service, Version 1.1 - Specification approved at 2014-10-07. - The Current Time Service, Version 1.1, is needed to allow device inter-connectivity within the ITU-T H.810 personal area network architecture. This specification defines how a Bluetooth device can expose date and time information to other Bluetooth devices. - Complete A.5 justification information can be found in Annex 2. - Bluetooth PHDT v1.5: Bluetooth SIG, Personal Health Devices Transcoding White Paper, v1.5 - Specification approved at 2014-10-21. - The Bluetooth Personal Health Devices Transcoding White Paper, v1.5, is needed to allow device inter-connectivity within the Continua Design Guidelines personal area network architecture. This specification defines a short-range communications system intended to replace the cable(s) connecting portable and/or fixed electronic devices for Bluetooth low energy sensors. -2- Complete A.5 justification information can be found in Annex 3. - GSM/UMTS: ETSI TS 123 040 V11.3.0 (2012-10), Digital cellular telecommunications system (Phase 2+);Universal Mobile Telecommunications System (UMTS); Technical realization of the Short Message Service (SMS). (3GPP TS 23.040 version 11.3.0 Release 11) - Specification approved at 2012-10. - The ITU-T H.810 architecture uses Short Message Service (SMS) to provide a means of sending messages of limited size to and from GSM/UMTS/EPS mobiles. - Complete A.5 justification information can be found in Annex 4. - HL7 CDA CD: HL7 Implementation Guide for Clinical Document Architecture, Release 2: Consent Directives, Release 1 - Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2011-01. - The ITU-T H.810 architecture uses HL7 Implementation Guide for Clinical Document Architecture, Release 2 (HL7 CDA CD). The purpose of this document is to describe constraints on the Clinical Document Architecture Release 2 (CDA R2) header and body elements used to express Privacy Consent Directive documents. - Complete A.5 justification information can be found in Annex 5. - HL7 CDA QFD (2014): HL7 Implementation Guide for CDA, Release 2: Questionnaire Form Definition Document, Release 1 - Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2014-01-31. - The ITU-T H.810 architecture uses HL7 CDA: Questionnaire Form Definition Document (HL7 CDA QFD). This document describes constraints on the Clinical Document Architecture (CDA) Release 2 (R2) header and body elements of Questionnaire Form Definition documents. The purpose of a Questionnaire Form Definition document is to capture the health survey questions or question sets to be administered to a patient. Questionnaire Form Definition documents enable the definition of questions for surveying the patient's perceptions on their health and the impact that any treatments or adjustments to lifestyle have had on their quality of life. - Complete A.5 justification information can be found in Annex 6. - HL7 CDA QRD (2014): HL7 Implementation Guide for CDA, Release 2: Questionnaire Response Document, Release 1 - Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2014-01-31. - The ITU-T H.810 architecture uses HL7 CDA: Questionnaire Response Document (HL7 CDA QFD). This document describes constraints on the Clinical Document Architecture (CDA) Release 2 (R2) header and body elements of Questionnaire Response documents. The purpose of a Questionnaire Response document is to capture the health survey answers or answer sets to questions that have been administered to a patient. Questionnaire Response documents enable the capture of responses for surveying the patient's perceptions on their health and the impact that any treatments or adjustments to lifestyle have had on their quality of life. - Complete A.5 justification information can be found in Annex 7. - HL7 RLUS (2013): Health Level 7 Service Functional Model Specification - Retrieve, Locate, and Update Service (RLUS), Release 1 - Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2013-03-22. - The ITU-T H.810 architecture uses HL7 Retrieve, Locate, and Update Service (RLUS) Service -3Functional Model. The RLUS Service Functional Model specify the appropriate capabilities that must be realized by a service interface to locate, retrieve, and update resources (e.g. documents, messages) among and within healthcare organizations. - Complete A.5 justification information can be found in Annex 8. - IETF RFC 2818 (2000): HTTP Over TLS, May 2000 - This is an IETF Informational RFC, published in May 2000. Errata exist. - [INFORMATIONAL RFC] The ITU-T H.810 requires the use of HTTP over TLS for the operation of medical, health and fitness devices using the WAN interface specifically for its privacy cryptography for data encryption and its connection reliability and integrity using secure hash functions. The HTTP over TLS provides use TLS to secure HTTP connections over the Internet. - Complete A.5 justification information can be found in Annex 9. - IETF RFC 4346 (2006): The Transport Layer Security (TLS) Protocol, Version 1.1, April 2006 - Proposed Standard. Obsoleted by RFC 5246. - [OBSOLETED] The ITU-T H.810 requires the use of TLS v1.1 for the operation of medical, health and fitness devices using the WAN interface specifically for its privacy cryptography for data encryption and its connection reliability and integrity using secure hash functions. The TLS v1.1 protocol provides sufficient communication privacy over the Internet allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. There is also dependency on the use of this spec across other IHE and HL7 that also use this version of the TLS protocol. - Complete A.5 justification information can be found in Annex 10. - IETF RFC 6749 (2012): The OAuth 2.0 Authorization Framework - Specification approved at 2012-10. - The ITU-T H.810 requires the use of OAuth 2.0 Authorization Framework for web services security. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. - Complete A.5 justification information can be found in Annex 11. - IETF RFC 6750 (2012): The OAuth 2.0 Authorization Framework: Bearer Token Usage - Specification approved at 2012-10. - The ITU-T H.810 architecture uses bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). - Complete A.5 justification information can be found in Annex 12. - OASIS MQTT (2013): OASIS MQTT Version 3.1.1 - Specification approved 2013-12-12. -4- The ITU-T H.810 architecture uses OASIS MQTT. The MQTT is a Client Server publish/subscribe messaging transport protocol. - Complete A.5 justification information can be found in Annex 13. - TIA-637-C: TIA-637-C, Short Message Service (SMS) For Wideband Spread Spectrum Systems - Historical specification approved at 2012-11. Transposition of 3GPP2 C.S0015-C v1.0. Superseded by revision D. - The ITU-T H.810 architecture uses Short Message Service (SMS) to provide a means of sending messages of limited size to and from GSM/UMTS/EPS mobiles. - Complete A.5 justification information can be found in Annex 14. - ZigBee Spec: Zigbee Alliance, ZigBee Specification, January 17, 2008 - Specification approved at 2008-01-17. - The ZigBee Specification is needed to allow device inter-connectivity within the ITU-T H.810 personal area network architecture. It enhances the IEEE 802.15.4 standard by adding network and security layers and an application framework. - Complete A.5 justification information can be found in Annex 15. -5- Annex 1 A.5 justification information for the reference to Bluetooth BCS 1 Clear description of the referenced document: Bluetooth BCS: Bluetooth SIG, Body Composition Service, Version 1.0 2 Status of approval: Specification approved at 2014-10-21. 3 Justification for the specific reference: The Body Composition Service, Version 1.0, is needed to allow device inter-connectivity within the ITU-T H.810 personal area network architecture. This specification defines a short-range communications system intended to replace the cable(s) connecting portable and/or fixed electronic devices for body composition analyzer. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2014-10-21 and some qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] Bluetooth Core Specification v4.0 or later version of the Core Specification. [2] Characteristic and Descriptor descriptions are accessible via the Bluetooth SIG Assigned Numbers. [3] Current Time Service Specification v1.1 or later [4] IEEE 11073-10420 - 2010 (Health informatics-Personal health device communication - Part 10420: Device specialization - Body Composition Analyzer) -69 Qualification of Bluetooth: Bluetooth SIG meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. 10 N/A Other (for any supplementary information): -7- Annex 2 A.5 justification information for the reference to Bluetooth CTS 1 Clear description of the referenced document: Bluetooth CTS: Bluetooth SIG, Current Time Service, Version 1.1 2 Status of approval: Specification approved at 2014-10-07. 3 Justification for the specific reference: The Current Time Service, Version 1.1, is needed to allow device inter-connectivity within the ITUT H.810 personal area network architecture. This specification defines how a Bluetooth device can expose date and time information to other Bluetooth devices. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2014-10-07 and some qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] Bluetooth Core Specification v4.0 or later [2] Characteristic and Descriptor descriptions are accessible via the Bluetooth SIG Assigned Numbers: <http://www.bluetooth.org/Technical/AssignedNumbers/home.htm> 9 Qualification of Bluetooth: Bluetooth SIG meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. 10 N/A Other (for any supplementary information): -8- Annex 3 A.5 justification information for the reference to Bluetooth PHDT v1.5 1 Clear description of the referenced document: Bluetooth PHDT v1.5: Bluetooth SIG, Personal Health Devices Transcoding White Paper, v1.5 2 Status of approval: Specification approved at 2014-10-21. 3 Justification for the specific reference: The Bluetooth Personal Health Devices Transcoding White Paper, v1.5, is needed to allow device inter-connectivity within the Continua Design Guidelines personal area network architecture. This specification defines a short-range communications system intended to replace the cable(s) connecting portable and/or fixed electronic devices for Bluetooth low energy sensors. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2014-10-21 and some qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] ISO/IEEE Std 11073-20601- 2008 Health Informatics - Personal Health Device Communication - Application Profile - Optimized Exchange Protocol - version 1.0.This also includes ISO/IEEE Std 11073-20601a™-2010 – Amendment 1 [2] Device Information Service v1.1 [3] Bluetooth SIG Assigned Numbers.<http://www.bluetooth.org/Technical/AssignedNumbers/home.htm> [4] ISO/IEEE Std 11073-10408-2008 Standard for Health informatics - Personal health device communication - Device specialization - Thermometer [5] Health Thermometer Service v1.0 -9[6] Continua Design Guidelines 2015 (version 5.0) [7] IEEE Std 11073-10406-2011 Standard for Health informatics - Personal health device communication - Device specialization - Basic Electrocardiograph (ECG) (1 to 3-lead ECG) [8] Heart Rate Service v1.0 [9] Blood Pressure Service v1.0 [10] IEEE Std 11073-10407-2008 Standard for Health informatics – Personal health device communication – Device specialization – Blood Pressure Monitor [11] IEEE Std 11073-10417-2011 Standard for Health informatics – Personal health device communication – Device specialization – Glucose meter [12] Glucose Service v1.0 [13] Bluetooth Core Specification v4.0 or later [14] Current Time Service v1.1 [15] ISO/IEEE Std 11073-10441-2008 Standard for Health Informatics – Personal health device communication – Device specialization – Cardiovascular fitness and activity monitor [16] Specification of Regulatory Certification Data List at ISO/IEEE Std 11073-20601a-2010, sections 6.3.2.3 (MDS class attributes) and A.11.2 (MDS-related data types). [17] Patient Care Device (PCD) Technical Framework at the IHE site.<http://www.ihe.net/Technical_Frameworks/> [18] Weight Scale Service v1.0 [19] Body Composition Service v1.0 [20] ISO/IEEE Std 11073-10415-2010 Standard for Health Informatics – Personal health device communication – Device specialization – Weighing Scale - 10 [21] ISO/IEEE Std 11073-10420-2010 Standard for Health Informatics – Personal health device communication – Device specialization – Body Composition Analyzer 9 Qualification of Bluetooth: Bluetooth SIG meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. 10 N/A Other (for any supplementary information): - 11 - Annex 4 A.5 justification information for the reference to GSM/UMTS 1 Clear description of the referenced document: GSM/UMTS: ETSI TS 123 040 V11.3.0 (2012-10), Digital cellular telecommunications system (Phase 2+);Universal Mobile Telecommunications System (UMTS); Technical realization of the Short Message Service (SMS). (3GPP TS 23.040 version 11.3.0 Release 11) 2 Status of approval: Specification approved at 2012-10. 3 Justification for the specific reference: The ITU-T H.810 architecture uses Short Message Service (SMS) to provide a means of sending messages of limited size to and from GSM/UMTS/EPS mobiles. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2012-10 and many qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] Void [2] 3GPP TS 22.003: " Circuit Teleservices supported by a Public Land Mobile Network (PLMN)". [3] 3GPP TS 22.004: "General on supplementary services". [4] 3GPP TS 22.041: "Operator Determined Barring (ODB)". [5] 3GPP TS 23.002: "Network architecture". [6] 3GPP TS 23.008: "Organization of subscriber data". - 12 [7] 3GPP TS 23.011: "Technical realization of supplementary services". [8] 3GPP TS 23.015: "Technical realization of Operator Determined Barring (ODB)". [9] 3GPP TS 23.038: "Alphabets and language-specific information". [10] 3GPP TS 23.041: "Technical realization of Cell Broadcast Service (CBS)". [11] Void [12] 3GPP TS 44.008: "Mobile radio interface layer 3 specification". [13] 3GPP TS 24.011: "Point-to-Point (PP) Short Message Service (SMS) support on mobile radio interface". [14] 3GPP TS 27.005: "Use of Data Terminal Equipment - Data Circuit terminating Equipment (DTE -DCE) interface for Short Message Service (SMS) and Cell Broadcast Service (CBS)". [15] 3GPP TS 29.002: "Mobile Application Part (MAP) specification". [16] 3GPP TS 51.011 Release 4 (version 4.x.x): "Specification of the Subscriber Identity Module Mobile Equipment (SIM- ME) interface". [17] CCITT Recommendation E.164 (Blue Book): "The international public telecommunicationnumbering plan". [18] CCITT Recommendation E.163 (Blue Book): "Numbering plan for the international telephone service". [19] CCITT Recommendation Q.771: "Specifications of Signalling System No.7; Functional description of transaction capabilities". [20] CCITT Recommendation T.100 (Blue Book): "International information exchange for interactive videotex". [21] CCITT Recommendation T.101 (Blue Book): "International interworking for videotex services". - 13 [22] CCITT Recommendation X.121 (Blue Book): "International numbering plan for public data networks". [23] CCITT Recommendation X.400 (Blue Book): "Message handling services: Message handling system and service overview". [24] ISO/IEC10646: "Universal Multiple-Octet Coded Character Set (USC); UCS2, 16 bit coding". [25] 3GPP TS 22.022: "Personalisation of Mobile Equipment (ME); Mobile functionality specification". [26] 3GPP TS 23.042: "Compression Algorithm for Text Messaging Services". [27] 3GPP TS 23.060: "General Packet Radio Service (GPRS); Service description; Stage 2". [28] 3GPP TS 31.115: "Secured packet structure for (U)SIM toolkit application". [29] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications". [30] 3GPP TS 31.102: "Characteristics of the USIM application". [31] 3GPP TS 31.101: "UICC – Terminal interface; Physical and logical characteristics". [32] 3GPP TS 22.105: "Services and Service Capabilites". [33] Infrared Data Association. Specifications for Ir Mobile Communications (IrMC). iMelody. [34] IETF RFC 5322 (October 2008): "Internet Message Format". [35] Void [36] "vCard - The Electronic Business Card", version 2.1,The Internet Mail Consortium (IMC),September 18, 1996, URL:http://www.imc.org/pdi/vcard-21.doc". [37] "vCalendar - the Electronic Calendaring and Scheduling Format", version 1.0, The Internet Mail Consortium (IMC), September 18, 1996, URL:http://www.imc.org/pdi/vcal-10.doc - 14 [38] Scalable Polyphony MIDI Specification, MIDI Manufacturers Association (2002); http://www.midi.org [39] Scalable Polyphony MIDI Device 5-to-24 Note Profile for 3GPP, MIDI Manufacturers Association (2002); http://www.midi.org [40] The Complete MIDI 1.0 Detailed Specification, Incorporating all Recommended Practices, MIDI Manufacturers Association, Document version 96.1, 1996; http://www.midi.org [41] 3GPP TS 23.097: Multiple Subscriber Profile (MSP) (Phase 2) - Stage 2 [42] 3GPP TS 23.204: "Support of SMS over generic 3GPP IP access; Stage 2". [43] IETF RFC 3261 (June 2002): "SIP: Session Initiation Protocol". [44] IETF RFC 3428 (December 2002): "Session Initiation Protocol (SIP) Extension for Instant Messaging". [45] 3GPP TS 23.272: "Circuit Switched (CS) fallback in Evolved Packet System (EPS); Stage 2". [46] 3GPP TS 29.272: "Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol". [47] 3GPP TS 29.118: "Mobility Management Entity (MME) – Visitor Location Register (VLR) SGs interface specification". [48] 3GPP TS 23.682: "Architecture enhancements to facilitate communications with packet data networks and applications". [49] 3GPP TS 29.336: "Home Subscriber Server (HSS) diameter interfaces for interworking with packet data networks and applications". [50] 3GPP TS 29.338: "Diameter based protocols to support of SMS capable MMEs". 9 Qualification of ETSI: ETSI is recognized under the provisions of ITU-T Recommendations A.5 and A.6. Qualifying information is on file at TSB. - 15 10 N/A Other (for any supplementary information): - 16 - Annex 5 A.5 justification information for the reference to HL7 CDA CD 1 Clear description of the referenced document: HL7 CDA CD: HL7 Implementation Guide for Clinical Document Architecture, Release 2: Consent Directives, Release 1 2 Status of approval: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2011-01. 3 Justification for the specific reference: The ITU-T H.810 architecture uses HL7 Implementation Guide for Clinical Document Architecture, Release 2 (HL7 CDA CD). The purpose of this document is to describe constraints on the Clinical Document Architecture Release 2 (CDA R2) header and body elements used to express Privacy Consent Directive documents. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2011-01. The comment period for use of this draft standard shall end 24 months from the date of publication. Following this 24 month evaluation period, this draft standard, revised as necessary, will be submitted to a normative ballot in preparation for approval by ANSI as an American National Standard. Implementations of this draft standard shall be viable throughout the normative ballot process and for up to six months after publication of the relevant normative standard. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] Composite Privacy Consent Directive Domain Analysis Model (CPCD DAM) – DSTU February 2010 [2] LOINC: Logical Observation Identifiers Names and Codes, Regenstrief Institute. http://www.loinc.org [3] CDA: Clinical Document Architecture Release 2: Clinical Document Architecture (CDA) Release 2, May 2005. http://www.hl7.org/v3ballot/html/infrastructure/cda/cda.htm [4] Health Information Technology Standards Panel (HITSP) Constructs, including the Encounter Document Using IHE Scanned Document (XDS-SD) Component (C48). http://www.hitsp.org/ - 17 - 9 Qualification of HL7: Health Level 7 meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. 10 Other (for any supplementary information): Same reference as the one using the label [HL7 CDA IG (2011)]. - 18 - Annex 6 A.5 justification information for the reference to HL7 CDA QFD (2014) 1 Clear description of the referenced document: HL7 CDA QFD (2014): HL7 Implementation Guide for CDA, Release 2: Questionnaire Form Definition Document, Release 1 2 Status of approval: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2014-01-31. 3 Justification for the specific reference: The ITU-T H.810 architecture uses HL7 CDA: Questionnaire Form Definition Document (HL7 CDA QFD). This document describes constraints on the Clinical Document Architecture (CDA) Release 2 (R2) header and body elements of Questionnaire Form Definition documents. The purpose of a Questionnaire Form Definition document is to capture the health survey questions or question sets to be administered to a patient. Questionnaire Form Definition documents enable the definition of questions for surveying the patient's perceptions on their health and the impact that any treatments or adjustments to lifestyle have had on their quality of life. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2014-01-31. The comment period for use of this draft standard shall end 24 months from the date of publication. Following this 24 month evaluation period, this draft standard, revised as necessary, will be submitted to a normative ballot in preparation for approval by ANSI as an American National Standard. Implementations of this draft standard shall be viable throughout the normative ballot process and for up to six months after publication of the relevant normative standard. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] HL7 Version 3 Interoperability Standards. <http://www.hl7.org/v3ballot/html/infrastructure/conformance/conformance.htm> [2] HL7 Clinical Document Architecture (CDA Release 2). <http://www.hl7.org/implement/standards/cda.cfm> 9 Qualification of HL7: Health Level 7 meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. - 19 10 N/A Other (for any supplementary information): - 20 - Annex 7 A.5 justification information for the reference to HL7 CDA QRD (2014) 1 Clear description of the referenced document: HL7 CDA QRD (2014): HL7 Implementation Guide for CDA, Release 2: Questionnaire Response Document, Release 1 2 Status of approval: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2014-01-31. 3 Justification for the specific reference: The ITU-T H.810 architecture uses HL7 CDA: Questionnaire Response Document (HL7 CDA QFD). This document describes constraints on the Clinical Document Architecture (CDA) Release 2 (R2) header and body elements of Questionnaire Response documents. The purpose of a Questionnaire Response document is to capture the health survey answers or answer sets to questions that have been administered to a patient. Questionnaire Response documents enable the capture of responses for surveying the patient's perceptions on their health and the impact that any treatments or adjustments to lifestyle have had on their quality of life. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2014-01-31. The comment period for use of this draft standard shall end 24 months from the date of publication. Following this 24 month evaluation period, this draft standard, revised as necessary, will be submitted to a normative ballot in preparation for approval by ANSI as an American National Standard. Implementations of this draft standard shall be viable throughout the normative ballot process and for up to six months after publication of the relevant normative standard. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [1] HL7 Implementation Guide for CDA Release 2.0: Form Definition Document, Release 1: April 2013 Ballot. <http://www.hl7.org/dstucomments/showdetail.cfm?dstuid=116> [2] HL7 Version 3 Interoperability Standards. <http://www.hl7.org/v3ballot/html/infrastructure/conformance/conformance.htm> - 21 - [3] HL7 Clinical Document Architecture (CDA Release 2). <http://www.hl7.org/implement/standards/cda.cfm> [4] D. Gould et al. "Information Point: Visual Analog Scale (VAS)". <http://www.cebp.nl/vault_public/filesystem/?ID=1478> (Accessed on 17-March-2013)] 9 Qualification of HL7: Health Level 7 meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. 10 N/A Other (for any supplementary information): - 22 - Annex 8 A.5 justification information for the reference to HL7 RLUS (2013) 1 Clear description of the referenced document: HL7 RLUS (2013): Health Level 7 Service Functional Model Specification - Retrieve, Locate, and Update Service (RLUS), Release 1 2 Status of approval: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2013-03-22. 3 Justification for the specific reference: The ITU-T H.810 architecture uses HL7 Retrieve, Locate, and Update Service (RLUS) Service Functional Model. The RLUS Service Functional Model specify the appropriate capabilities that must be realized by a service interface to locate, retrieve, and update resources (e.g. documents, messages) among and within healthcare organizations. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Approved by HL7 as a Draft Standard for Trial Use (DSTU) in 2013-03-22. The comment period for use of this draft standard shall end 24 months from the date of publication. Following this 24 month evaluation period, this draft standard, revised as necessary, will be submitted to a normative ballot in preparation for approval by ANSI as an American National Standard. Implementations of this draft standard shall be viable throughout the normative ballot process and for up to six months after publication of the relevant normative standard. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: 1 http://hssp.healthinterop.org 2 The term “Interface specification” is intended within the service orientation context, so it's not restricted to user interface. 3 OMG, Retrieve, Locate, and Update Service (RLUS) Specification, http://www.omg.org/spec/RLUS/Current 4 http://hssp-rlus-normative.wikispaces.com/ - 23 - 5 http://www.uml.org/ 6 http://www.omg.org/spec/BPMN/2.0/ 7 http://www.omg.org/spec/SoaML/ 9 Qualification of HL7: Health Level 7 meets the qualifying criteria for normative referencing as per Recommendation ITUT A.5. 10 N/A Other (for any supplementary information): - 24 - Annex 9 A.5 justification information for the reference to IETF RFC 2818 (2000) 1 Clear description of the referenced document: IETF RFC 2818 (2000): HTTP Over TLS, May 2000 2 Status of approval: This is an IETF Informational RFC, published in May 2000. Errata exist. 3 Justification for the specific reference: [INFORMATIONAL RFC] The ITU-T H.810 requires the use of HTTP over TLS for the operation of medical, health and fitness devices using the WAN interface specifically for its privacy cryptography for data encryption and its connection reliability and integrity using secure hash functions. The HTTP over TLS provides use TLS to secure HTTP connections over the Internet. 4 Current information, if any, about IPR issues: Information on IPR issues regarding RFCs is available at: https://datatracker.ietf.org/ipr/search/. Specifically: https://datatracker.ietf.org/ipr/search/?option=rfc_search&rfc_search=2818 5 Other useful information describing the "Quality" of the document: SSL, and its successor TLS [RFC2246] were designed to provide channel-oriented security. This document describes how to use HTTP over TLS. 6 The degree of stability or maturity of the document: The concepts in this document is sufficiently stable for our use. Updated by RFC 5785. Errata exist. 7 Relationship with other existing or emerging documents: IETF RFC 1738 "Uniform Resource Locators (URL)", December 1994. IETF RFC 2616, Hypertext Transfer Protocol -- HTTP/1.1, June 1999 IETF RFC 2660, The Secure HyperText Transfer Protocol, August 1999 IETF RFC 3986 "Uniform Resource Identifier (URI): Generic Syntax", January 2005 8 Any explicit references within that referenced document should also be listed: [RFC2459] Housley, R., Ford, W., Polk, W. and D. Solo, "Internet Public Key Infrastructure: Part I: X.509 Certificate and CRL Profile", RFC 2459, January 1999. - 25 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol, HTTP/1.1", RFC 2616, June 1999. [RFC2119] Bradner, S., "Key Words for use in RFCs to indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol", RFC 2246, January 1999. 9 Qualification of ISOC/IETF: 9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996). 9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process. 9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html. 10 None Other (for any supplementary information): - 26 - Annex 10 A.5 justification information for the reference to IETF RFC 4346 (2006) 1 Clear description of the referenced document: IETF RFC 4346 (2006): The Transport Layer Security (TLS) Protocol, Version 1.1, April 2006 2 Status of approval: Proposed Standard. Obsoleted by RFC 5246. 3 Justification for the specific reference: [OBSOLETED] The ITU-T H.810 requires the use of TLS v1.1 for the operation of medical, health and fitness devices using the WAN interface specifically for its privacy cryptography for data encryption and its connection reliability and integrity using secure hash functions. The TLS v1.1 protocol provides sufficient communication privacy over the Internet allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. There is also dependency on the use of this spec across other IHE and HL7 that also use this version of the TLS protocol. 4 Current information, if any, about IPR issues: Information on IPR issues regarding RFCs is available at: https://datatracker.ietf.org/ipr/search/. Specifically: https://datatracker.ietf.org/ipr/search/?option=rfc_search&rfc_search=4346 5 Other useful information describing the "Quality" of the document: This RFC has been in existence since April,2006, obsolescing RFC 2246 6 The degree of stability or maturity of the document: RFC 4346 is an internet standard. It and its successor are in existence for about 10 years; obsoletes RFC 2246. Updated by: 4366, 4680, 4681, 5746, 6176. Obsoleted by RFC 5246. Errata exist. 7 Relationship with other existing or emerging documents: Transport Layer Security (TLS), is a cryptographic protocol which provides secure communications on the Internet. Other RFCs subsequently extended TLS, including RFC 2712, RFC 2817, RFC 2818, RFC 3546, RFC 4132, RFC 4162 etc. 8 Any explicit references within that referenced document should also be listed: [AES] National Institute of Standards and Technology, "Specification for the Advanced Encryption Standard (AES)" FIPS 197. November 26, 2001. [3DES] W. Tuchman, "Hellman Presents No Shortcut Solutions To DES," IEEE Spectrum, v. 16, n. 7, July 1979, pp. 40-41. [DES] ANSI X3.106, "American National Standard for Information Systems-Data Link Encryption," American National Standards Institute, 1983. - 27 [DSS] NIST FIPS PUB 186-2, "Digital Signature Standard," National Institute of Standards and Technology, U.S. Department of Commerce, 2000. [HMAC] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. [IDEA] X. Lai, "On the Design and Security of Block Ciphers," ETH Series in Information Processing, v. 1, Konstanz: Hartung-Gorre Verlag, 1992. [MD5] Rivest, R., "The MD5 Message-Digest Algorithm ", RFC 1321, April 1992. [PKCS1A] B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 1.5", RFC 2313, March 1998. [PKCS1B] J. Jonsson, B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003. [PKIX] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. [RC2] Rivest, R., "A Description of the RC2(r) Encryption Algorithm", RFC 2268, March 1998. [SCH] B. Schneier. "Applied Cryptography: Protocols, Algorithms,and Source Code in C, 2ed", Published by John Wiley & Sons, Inc. 1996. [SHA] NIST FIPS PUB 180-2, "Secure Hash Standard," National Institute of Standards and Technology, U.S. Department of Commerce., August 2001. [REQ] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. [TLSAES] Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)", RFC 3268, June 2002. [TLSEXT] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and T. Wright, "Transport Layer Security (TLS) Extensions", RFC 3546, June 2003. - 28 - [TLSKRB] Medvinsky, A. and M. Hur, "Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)", RFC 2712, October 1999. 9 Qualification of ISOC/IETF: 9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996). 9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process. 9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html. 10 Other (for any supplementary information): References should always be made to RFC numbers (and not by other designations such as STD, BCP, etc.). References not to be made to documents referred to as "Internet Drafts" or RFCs categorized as "Historic". Normative references should not be made to RFCs that are not standards, for example, "Informational" and "Experimental" RFCs. - 29 - Annex 11 A.5 justification information for the reference to IETF RFC 6749 (2012) 1 Clear description of the referenced document: IETF RFC 6749 (2012): The OAuth 2.0 Authorization Framework 2 Status of approval: Specification approved at 2012-10. 3 Justification for the specific reference: The ITU-T H.810 requires the use of OAuth 2.0 Authorization Framework for web services security. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2012-10 and many devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. BernersLee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. - 30 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66,RFC 3986, January 2005. [RFC4627] Crockford, D., "The application/json Media Type for JavaScript Object Notation (JSON)", RFC 4627, July 2006. [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949, August 2007. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)", RFC 6125, March 2011. [USASCII] American National Standards Institute, "Coded Character Set -- 7-bit American Standard Code for Information Interchange", ANSI X3.4, 1986. [W3C.REC-html401-19991224] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 Specification", World Wide Web Consortium Recommendation REC-html401-19991224, December 1999, <http://www.w3.org/TR/1999/REC-html401-19991224>. [W3C.REC-xml-20081126] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", World Wide Web Consortium Recommendation REC-xml-20081126, November 2008, <http://www.w3.org/TR/2008/REC-xml20081126>. - 31 9 Qualification of ISOC/IETF: 9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996). 9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process. 9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html. 10 N/A Other (for any supplementary information): - 32 - Annex 12 A.5 justification information for the reference to IETF RFC 6750 (2012) 1 Clear description of the referenced document: IETF RFC 6750 (2012): The OAuth 2.0 Authorization Framework: Bearer Token Usage 2 Status of approval: Specification approved at 2012-10. 3 Justification for the specific reference: The ITU-T H.810 architecture uses bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2012-10 and many devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. BernersLee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. - 33 - [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66,RFC 3986, January 2005. [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, April 2011. [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, October 2012. [USASCII] American National Standards Institute, "Coded Character Set -- 7-bit American Standard Code for Information Interchange", ANSI X3.4, 1986. [W3C.REC-html401-19991224] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 Specification", World Wide Web Consortium Recommendation REC-html401-19991224, December 1999, <http://www.w3.org/TR/1999/REC-html401-19991224>. [W3C.REC-webarch-20041215] Jacobs, I. and N. Walsh, "Architecture of the World Wide Web, Volume One", World Wide Web Consortium Recommendation REC-webarch-20041215, December 2004, <http://www.w3.org/TR/2004/REC-webarch-20041215>. 9 Qualification of ISOC/IETF: 9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996). 9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process. - 34 - 9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html. 10 N/A Other (for any supplementary information): - 35 - Annex 13 A.5 justification information for the reference to OASIS MQTT (2013) 1 Clear description of the referenced document: OASIS MQTT (2013): OASIS MQTT Version 3.1.1 2 Status of approval: Specification approved 2013-12-12. 3 Justification for the specific reference: The ITU-T H.810 architecture uses OASIS MQTT. The MQTT is a Client Server publish/subscribe messaging transport protocol. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2013-12-12 and some qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [RFC793] Postel, J. Transmission Control Protocol. STD 7, IETF RFC 793, September 1981. http://www.ietf.org/rfc/rfc793.txt [RFC2119] S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. IETF RFC 2119, March 1997. http://www.ietf.org/rfc/rfc2119.txt [RFC3629] - 36 - F. Yergeau. UTF-8, a transformation format of ISO 10646 IETF RFC 3629, November 2003. http://www.ietf.org/rfc/rfc3629.txt [Unicode63] Unicode 6.3.0 Specification http://www.unicode.org/versions/Unicode6.3.0/ [RFC5246] T. Dierks. The Transport Layer Security (TLS) Protocol Version 1.2, August 2008 http://tools.ietf.org/html/rfc5246 [RFC6455] I Fette. The WebSocket Protocol, IETF RFC 6455, December 2011 http://tools.ietf.org/html/rfc6455 [AES] Advanced Encryption Standard (AES) (FIPS PUB 197). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [DES] Data Encryption Standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf - 37 [PCIDSS] PCI SSC Data Security Standards https://www.pcisecuritystandards.org/security_standards/ [SARBANES] Sarbanes-Oxley Act of 2002. Corporate responsibility. http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/html/PLAW-107publ204.htm [USEUSAFEHARB] U.S.-EU Safe Harbor http://export.gov/safeharbor/eu/eg_main_018365.asp 1.3 Non normative references [MQTTV31] MQTT V3.1 Protocol Specification. http://public.dhe.ibm.com/software/dw/webservices/wsmqtt/mqttv3r1.htmlhttp://www.ibm.com/developerworks/webservices/library/ws-mqtt/index.html. [RFC1928] M Leech. SOCKS Protocol Version 5, March 1996. http://www.ietf.org/rfc/rfc1928.txt [RFC4511] - 38 J. Sermersheim. Lightweight Directory Access Protocol (LDAP): The Protocol, June 2006. http://tools.ietf.org/html/rfc4511 [RFC6749] D Hardt The OAuth 2.0 Authorization Framework, October 2012 http://tools.ietf.org/html/rfc6749 [RFC3546] S. Blake-Wilson Transport Layer Security (TLS) Extensions, June 2003. http://tools.ietf.org/html/rfc3546 [RFC5077] J. Salowey Transport Layer Security (TLS) Session Resumption without Server-Side State, January 2008. http://tools.ietf.org/html/rfc5077 [RFC6960] S. Santesson X.509 Internet Public Key Infrastructure online Certificate Status Protocol – OCSP, June 2013. http://tools.ietf.org/html/rfc6960 [IEEE 802.1AR] IEEE Standard for Local and metropolitan area networks - Secure Device Identity http://standards.ieee.org/findstds/standard/802.1AR-2009.html - 39 [NISTCSF] Improving Critical Infrastructure Cybersecurity Executive Order 13636 http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf [NIST7628] NISTIR 7628 Guidelines for Smart Grid Cyber Security http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf [FIPS1402] Federal Information Processing Standards (FIPS-140-2) http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf [PCIDSS] PCI-DSS Payment Card Industry Data Security Standard https://www.pcisecuritystandards.org/security_standards/ [NSAB] NSA Suite B Cryptography http://www.nsa.gov/ia/programs/suiteb_cryptography/ [RFC6960] S. Santesson X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP http://tools.ietf.org/html/rfc6960 - 40 - [RFC5280] D Cooper Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile http://tools.ietf.org/html/rfc5280 [ISO29192] Information technology -- Security techniques -- Lightweight cryptography -- Part 1: General http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=56425 9 Qualification of OASIS: OASIS is recognized under the provisions of ITU-T Recommendations A.5 and A.4. Qualifying information is on file at TSB. 10 N/A Other (for any supplementary information): - 41 - Annex 14 A.5 justification information for the reference to TIA-637-C 1 Clear description of the referenced document: TIA-637-C: TIA-637-C, Short Message Service (SMS) For Wideband Spread Spectrum Systems 2 Status of approval: Historical specification approved at 2012-11. Transposition of 3GPP2 C.S0015-C v1.0. Superseded by revision D. 3 Justification for the specific reference: The ITU-T H.810 architecture uses Short Message Service (SMS) to provide a means of sending messages of limited size to and from GSM/UMTS/EPS mobiles. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2012-11 and many qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: 3GPP2 equivalent: https://global.ihs.com/doc_detail.cfm?&input_doc_number=&input_doc_title=&item_s_key=00231 215&item_key_date=950430&origin=DSSC 8 Any explicit references within that referenced document should also be listed: 1. ISO/IEC 646:1991, Information technology - ISO 7-bit coded character set for information interchange. 2. ISO/IEC 8348:2002, Information technology - Open Systems Interconnection - Network service definition. 3. ITU-T Recommendation T.50, International Reference Alphabet (IRA) (Formerly International Alphabet No. 5 or IA5) - Information technology - 7-bit coded character set for information interchange. - 42 4. ITU-T Recommendation X.213, Information technology – Open Systems Interconnection – Network service definition. 5. ITU-T Recommendation X.25, Interface between Data Terminal Equipment (DTE) and Data Circuit-terminating Equipment (DCE) for terminals operating in the packet mode and connected to public data networks by dedicated circuit. 6. ATIS-1000607.2000 (R2009), Integrated Services Digital Network (ISDN) - Layer 3 Signaling Specification for Circuit Switched Bearer Service for Digital Subscriber Signaling System Number 1 (DSS1). 7. ANSI INCITS 4-1986 (R2007), Information Systems - Coded Character Sets - 7-Bit American National Standard Code for Information Interchange (7-Bit ASCII). 8. 3GPP2 X.S0004-550-E, Mobile Application Part (MAP) – PARAMETERS SIGNALING PROTOCOLS, December 2010. 9. 3GPP2 C.S0004-E v3.0, Signaling Link Access Control (LAC) Standard for cdma2000 Spread Spectrum Systems, May 2011. 10. 3GPP2 C.S0005-E v3.0, Upper Layer (Layer 3) Signaling Standard for cdma2000 Spread Spectrum Systems, May 2011. 11. 3GPP2 S.R0006, Cellular Features Description. 12. Reserved 13. Reserved 14. TIA/EIA/IS-91-A, Base Station - Mobile Station Compatibility Specification for 800 MHz Cellular, Auxiliary, and Residential Services (1999), November 1999. 16. IETF RFC 791, Internet Protocol. 17. IETF RFC 822, Standard for the Format of ARPA Internet Text Messages.3GPP2 C.S0015-C v1.0 1-6 19. 3GPP2 C.S0023-D v2.0, Removable User Identity Module [R-UIM] for 1 Spread Spectrum Systems, December 2011. - 43 - 20. 3GPP TS 23.038, Alphabets and Language-Specific Information. 21. 3GPP TS 23.040, Technical Realization of the Short Message Service (SMS). 22. Reserved 23. Reserved 24. WAP-259-WDP-20010614-a, Wireless Datagram Protocol (WDP) 25. Reserved 26. 3GPP2 X.S0024-0 v1.0, IP-Based Location Services, November 2005 27. 3GPP2 C.S0064-0 v2.0, IP-Based Over-the-Air Device Management (IOTA-DM) for cdma2000 Systems, January 2011. 28. 3GPP2 X.S0042-A v1.0, Voice Call Continuity Between IMS and Circuit Switched Systems, August 2008. 9 Qualification of TIA: The TIA was recognized under the provisions of ITU-T Recommendation A.5 on 1 November 1999. Qualifying information is on file in TSB. 10 N/A Other (for any supplementary information): - 44 - Annex 15 A.5 justification information for the reference to ZigBee Spec 1 Clear description of the referenced document: ZigBee Spec: Zigbee Alliance, ZigBee Specification, January 17, 2008 2 Status of approval: Specification approved at 2008-01-17. 3 Justification for the specific reference: The ZigBee Specification is needed to allow device inter-connectivity within the ITU-T H.810 personal area network architecture. It enhances the IEEE 802.15.4 standard by adding network and security layers and an application framework. 4 Current information, if any, about IPR issues: N/A 5 Other useful information describing the "Quality" of the document: Specification approved at 2008-01-17 and some qualified devices implementing this version of the specification exist. 6 The degree of stability or maturity of the document: See item 5 above. 7 Relationship with other existing or emerging documents: See item 5 above. 8 Any explicit references within that referenced document should also be listed: [B1] Institute of Electrical and Electronics Engineers, Inc., IEEE Std. 802.15.4-2003, IEEE Standard for Information Technology —Telecommunications and Information Exchange between Systems — Local and Metropolitan Area Networks — Specific Requirements — Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low Rate Wireless Personal Area Networks (WPANs). New York: IEEE Press. 2003. [B2] IEEE 754-1985, IEEE Standard for Binary Floating-Point Arithmetic, IEEE, 1985. [B3] Document 03285r0: Suggestions for the Improvement of the IEEE 802.15.4 Standard, July 2003. [B4] Document 02055r4: Network Requirements Definition, August 2003. - 45 [B5] ISO/IEC 639-1:2002 Codes for the representation of names of languages— Part 1: Alpha-2 code. [B6] ISO/IEC 646:199 Information technology — ISO 7-bit coded character set for information interchange. [B7] ANSI X9.63-2001, Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography, American Bankers Association, November 20, 2001. Available from http://www.ansi.org. [B8] FIPS Pub 197, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, US Department of Commerce/N.I.S.T, Springfield, Virginia, November 26, 2001. Available from http://csrc.nist.gov/. [B9] FIPS Pub 198, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198, US Department of Commerce/N.I.S.T., Springfield, Virginia, March 6, 2002. Available from http://csrc.nist.gov/. [B10] ISO/IEC 9798-2, Information Technology - Security Techniques —Entity Authentication Mechanisms — Part 2: Mechanisms Using Symmetric Encipherment Algorithms, International Standardization Organization, Geneva, Switzerland, 1994 (first edition). Available from http://www.iso.org/. [B11] NIST Pub 800-38A 2001 ED, Recommendation for Block Cipher Modes of Operation — Methods and Techniques, NIST Special Publication 800-38A, 2001 Edition, US Department of Commerce/N.I.S.T., December 2001. Available from http://csrc.nist.gov/. [B12] NIST, Random Number Generation and Testing. Available from http://csrc.nist.gov/rng/. 9 Qualification of ZigBee Alliance: ZigBee Alliance meets the qualifying criteria for normative referencing as per Recommendation ITU-T A.5. 10 N/A Other (for any supplementary information):