Committed to Connecting the World SG 17 input for a joint ITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010) Chairman: Arkadiy Kremer Counsellor: Georges Sebek Joint ITU-T/ISO IEC JTC 1 Leadership meeting February 2010 1 Committed to Connecting the World ITU-T SG 17 role and mandate Responsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems Lead study group on telecommunication security, identity management (IdM) and languages and description techniques February 2010 2 Committed to Connecting the World Q2 Architecture Q3 ISM Q4 Cybersecurity Countering Q5 spam WP 1 February 2010 Ubiquitous Q6 services Q7 Applications Q8 SOA Q9 Telebiometrics WP 2 Identity management and languages Security Q1 project Application security Network and information security SG 17 structure Q10 IdM Q11 Directory Q12 ASN.1, OID Q13 Languages Q14 Testing Q15 OSI WP 3 3 Committed to Connecting the World Collaboration on ICT Security Standards Roadmap (Q.1/17 Telecommunications systems security project) An important on-line security standards resource developed in collaboration with ISO/IEC, ENISA, ETSI, IETF and other SDOs Comprises 5 parts: Part 1 contains information about organizations working on ICT security standards Part 2 is a searchable database of existing security standards from 9 SDOs and consortia Part 3 lists (or links to) current projects and standards in development Part 4 identifies future needs and proposed new standards Part 5 lists security best practices Publicly available under Special Projects and Issues at: www.itu.int/ITU-T/studygroups/com17/index Need to establish a process for regular updating of the Roadmap February 2010 4 Committed to Connecting the World Collaboration on telecommunication information security management (Q.3/17 Telecommunications information security management) Close collaboration and liaison with JTC 1/SC 27/WG1 - Information security management systems (ISMS) Developing common Recommendations | International Standards ITU-T X.1051 | ISO/IEC 27011, Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (Published 2008) ITU-T X.isgf | ISO/IEC 27014, Information security governance framework (Currently under development as a joint project) Enhancing ISMS related documents in Q.3/17 Information security management guidelines for small and medium telecommunication organizations Information asset maintenance guidelines February 2010 5 Committed to Connecting the World Collaboration on cybersecurity information exchange (Q.4/17 Cybersecurity) Q.4/17 cybersecurity information exchange (CYBEX) links ISO/IEC JTC 1 SC 27/WG1 Information security management system requirements (ISO/IEC 27001) Information security management code of practice (ISO/IEC 27002) Information security governance (ISO/IEC 27014) Information security management for inter-sector and inter-organizational communication (ISO/IEC 27010) ISO/IEC JTC 1 SC 27/WG 3 Evaluation criteria for IT security, international common criteria project (ISO/IEC 15408, 18045) Protection profile registration procedures (ISO/IEC 15292) Security assessment of operational systems (ISO/IEC 19791) Responsible vulnerability disclosure (ISO/IEC 27047) Cybersecurity (ISO/IEC 27032) Network security (ISO/IEC 27033) Application security (ISO/IEC 27034) Information security incident management (ISO/IEC 27035) Security of outsourcing (ISO/IEC 27036) Guidelines for digital evidence (ISO/IEC 27037) Entity authentication assurance (ITU-T X.eaa | ISO/IEC 29115) ISO/IEC JTC 1 SC 27/WG 4 ISO/IEC JTC 1 SC 27/WG 5 February 2010 6 Committed to Connecting the World Collaboration on ubiquitous sensor network security (Q.6/17 Security aspects of ubiquitous telecommunication services) Close collaboration and liaison with JTC 1/SC 6/WG 7 - ubiquitous sensor network (USN) security Developing common Recommendations | International Standards ITU-T X.usnsec-1 | ISO/IEC CD 29180, Security framework for ubiquitous sensor network (Currently under development as a joint project) Advance authorization for Final Committee Draft ballot on ITU-T X.usnsec-1 | ISO/IEC CD 29180 in January 2010 JTC 1/SC 6/WG 7 meeting Further consideration for inclusion of joint works on Recommendations X.usnsec-2, Ubiquitous sensor network (USN) middleware security guidelines X.usnsec-3 Secure routing mechanisms for wireless sensor network February 2010 7 Collaboration on biometrics related technology Committed to Connecting the World (Q.9/17 Telebiometrics) ISO/IEC JTC 1/SC 37 Biometrics ISO TC 12 IEC TC 25 Quantities and Units ISO/IEC JTC 1/SC 27 IT Security Techniques Threats & Countermeasures Data & System protection Authentication protocol for Biometrics applications in Telecommunication Vocabulary Biometrics data format Application interfaces Application profiles Testing scenario Biometric data used in e-health applications Biometric sample protection Biometric template protection Private information protection ITU-T/SG 17 WP 2/Q.9 Telebiometrics February 2010 8 Collaboration on biometrics related technology Committed to Connecting the World (Q.9/17 Telebiometrics) ITU-T Recommendations Collaboration with ISO, IEC or ISO/IEC JTC1 Projects X.1083 BioAPI Interworking Protocol Joint collaboration with ISO/IEC JTC1/SC37 (IS 24708 - BioAPI Interworking Protocol) X.1086 Telebiometrics Protection Procedures Part1: A Guideline to Technical and Managerial Countermeasures for Biometric Data Security Collaboration with ISO/IEC JTC1/SC27 (IS 19792 - Security evaluation of biometrics) X.1089 Telebiometrics Authentication Infrastructure Collaboration with ISO/IEC JTC1/SC27 (IS 24761 - Authentication context for biometrics) X.gep A guideline for evaluating telebiometric template protection techniques Collaboration with ISO/IEC JTC1/SC27 (IS 24745 - Biometric template protection ) X.th1 Generic ASN.1 definitions for telebiometrics related to health communications. Collaboration with ISO TC 12 and IEC X.th2 to X.th6 Telebiometrics related to physics, TC 25 chemistry, biology, culturology and psychology February 2010 9 Committed to Connecting the World Collaboration on identity management (Q.10/17 Identity management architecture and mechanisms) Collaboration with ITU-T SGs 2, 11, 13 and 16; ITU-D SG 1, ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN; OASIS; Kantara Initiative; OMA; NIST; 3GPP; 3GPP2, Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc. Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc. JCA-IdM designed to minimize duplication of coordinate IdM Standardization work by exchanging information about ongoing projects. 7 meetings held during the period 2008-2010 basic coordination tool is an IdM Roadmap that provides abstracts and relationships of IdM projects in major IdM SDO's, consortiums, and fora Significant progress has been made in developing a set of baseline IdM terms and definitions that were initiated by ITU-T SC 27 is a regular participant and contributor to the JCA-IdM February 2010 10 Committed to Connecting the World Collaboration on entity authentication assurance, X.eaa with ISO/IEC JTC 1/SC 27/WG 5 (Q.10/17) ITU-T X.eaa ISO/IEC 29115 5th WD sessions held in September (ITU-T) and November 2009 (ISO/IEC JTC 1/SC 27) ITU-T proposed change in scope a proposal to establish a Collaborative Team with Terms of Reference (ToR) submitted to ISO/IEC JTC 1/SC 27/WG5 SC 27 accepted a 6th WD with a significantly changed format and new material. ToR were reviewed, modified and sent to the ISO national bodies. ToR should be approved in April 2010 In January 2010 the 6th WD, representing major improvements was sent to the ISO Secretariat for distribution to national bodies WG 5 requested a one year extension for ITU-T X.eaa ISO/IEC 29115 It is anticipated that with the establishment of the Collaborative Team, progress should improve February 2010 11 Committed to Connecting the World Collaboration on the Directory (Q.11/17 Directory services, Directory systems, and publickey/attribute certificates) Two Directory projects: ITU-T X.500-series | ISO/IEC 9594–All Parts ITU-T E.115 - Computerized directory assistance ITU-T X.500 | ISO/IEC 9594 in fruitful cooperation with ISO/IEC JTC 1/SC 6 X.500 is a specification for a highly secure, versatile and distributed directory The specification is under continuous enhancement support for RFID an important new work item ITU-T X.509 | ISO/IEC 9594-8, the most important standard: Basis for eGovernment, eBusiness, etc. all over the world Is the base specification for many other groups (IETF PKIX, ETSI ESI, CA Browser Forum, etc.) February 2010 12 Committed to Connecting the World Collaboration on ASN.1 and Object Identifiers (Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration) Five main projects: Abstract Syntax Notation 1 (ASN.1) ASN.1 encoding rules Object identifiers Registration of tag-based applications and services The Object Identifier Resolution System ITU-T X.680-series | ISO/IEC 8824 in collaboration with ISO/IEC JTC 1/SC 6 (and earlier with SC 16) These are the base ASN.1 standards – a widely used notation for abstract syntax definition ITU-T X.690-series | ISO/IEC 8825 in collaboration with ISO/IEC JTC 1/SC 6 (and earlier with SC 16) Specification of encoding rules, including XML encodings for ASN.1 February 2010 Committed to Connecting the World Collaboration on ASN.1 and Object Identifiers (Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration) ITU-T X.660-series | ISO/IEC 9834 in collaboration with ISO/IEC JTC 1/SC 6 The Object Identifier Standards. OIDs form a major part of world-wide unambiguous identification schemes for security and other purposes ITU-T X.668 | ISO/IEC 9834-9 in collaboration with ISO/IEC JTC 1/SC 6 Registration of tag-based identification schemes ITU-T X.oid-res | ISO/IEC CD2 29168 in collaboration with ISO/IEC JTC 1/SC 6 Provides for on-line access using DNS to multi-media information associated with and International OID node February 2010 Committed to Connecting the World Collaboration on formal languages (Q.13/17 Formal languages and telecommunication software) ODP Recommendations developed jointly with SC 7 are now in maintenance phase To some extent SDL overlaps the domain of JTC 1/SC 7 LOTOS and E-LOTOS, however (at least for telecommunications) SDL is more widely used. Work plan covers the UML profiles for SDL, MSC, URN and (possibly) Testing and Test Control Notation (TTCN). UML profiles integrate the ITU-T languages using UML as a framework. Thus (like JTC 1/SC 7) Q.13/17 has interest in OMG UML, though Q.13/17 uses OMG UML 2.n (not UML 1.4.2 as in ISO/IEC 19501:2005). Q.13/17 has in its scope (though no work is planned): the CHILL programming language – Z.200, quality issues – Z.400 and Z.450, architecture – Z.600 and Z.601. February 2010 15 Committed to Connecting the World ISO/IEC/ITU-T Strategic Advisory Group on Security Terms of reference To oversee standardization activities in ISO, IEC and ITU-T relevant to the field of security To provide advice and guidance to the ISO Technical Management Board, the IEC Standardization Management Board and the ITU-T Telecommunication Standardization Advisory Group (TSAG) relative to the coordination of work relevant to security, and in particular to identify areas where new standardization initiatives may be warranted To monitor the implementation of the recommendations of the SAG-S Web site: http://www.iso.org/iso/iss_home ITU-T SG 17 provides representatives to SAG-S February 2010 16 Committed to Connecting the World Summary ITU-T SG 17 has a long experience of collaboration with ISO, IEC TCs/SCs and JTC 1 SCs ITU-T SG 17 hosts collaborative meetings with SC 6 on ASN.1 and OID, Directory, ubiquitous sensor networks (USN) security (new). Collaborative meetings are planned with SC 27 on Entity Authentication assurance Details on collaboration are given at http://www.itu.int/ITUT/studygroups/com17/refdocs/relationships.html SG 17 is maintaining reference documents: Listing of common text and technically aligned Recommendations | International Standards Mapping between ISO/IEC Standards and ITU-T Recommendations February 2010 17