170 likes | 371 Views
SG 17 input for a joint ITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010). Chairman: Arkadiy Kremer Counsellor: Georges Sebek Joint ITU-T/ISO IEC JTC 1 Leadership meeting. ITU-T SG 17 role and mandate.
E N D
SG 17 input for a jointITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010) Chairman: Arkadiy Kremer Counsellor: Georges Sebek Joint ITU-T/ISO IEC JTC 1 Leadership meeting
ITU-T SG 17 role and mandate Responsible for studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems Lead study group on telecommunication security, identity management (IdM) and languages and description techniques
SG 17 structure Identity management and languages Network and information security Q10IdM Securityproject Q1 Application security Ubiquitousservices Q6 Q11Directory Q2Architecture Q7 Applications Q12ASN.1, OID Q3ISM Q13Languages Q8SOA Q4Cybersecurity Q14Testing Q9Telebiometrics Counteringspam Q5 Q15OSI WP 1 WP 2 WP 3
An important on-line security standards resource developed in collaboration with ISO/IEC, ENISA, ETSI, IETF and other SDOs Comprises 5 parts: Part 1 contains information about organizations working on ICT security standards Part 2 is a searchable database of existing security standards from 9 SDOs and consortia Part 3 lists (or links to) current projects and standards in development Part 4 identifies future needs and proposed new standards Part 5 lists security best practices Publicly available under Special Projects and Issues at: www.itu.int/ITU-T/studygroups/com17/index Need to establish a process for regular updating of the Roadmap Collaborationon ICT Security Standards Roadmap(Q.1/17 Telecommunications systems security project)
Collaborationon telecommunication information security management(Q.3/17 Telecommunications information security management) Close collaboration and liaison with JTC 1/SC 27/WG1 - Information security management systems (ISMS) Developing common Recommendations | International Standards ITU-T X.1051 | ISO/IEC 27011, Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (Published 2008) ITU-T X.isgf | ISO/IEC 27014, Information security governance framework (Currently under development as a joint project) Enhancing ISMS related documents in Q.3/17 Information security management guidelines for small and medium telecommunication organizations Information asset maintenance guidelines 5
Collaborationon cybersecurity information exchange (Q.4/17 Cybersecurity) Q.4/17 cybersecurity information exchange (CYBEX) links ISO/IEC JTC 1 SC 27/WG1 Information security management system requirements (ISO/IEC 27001) Information security management code of practice (ISO/IEC 27002) Information security governance (ISO/IEC 27014) Information security management for inter-sector and inter-organizational communication (ISO/IEC 27010) ISO/IEC JTC 1 SC 27/WG 3 Evaluation criteria for IT security, international common criteria project (ISO/IEC 15408, 18045) Protection profile registration procedures (ISO/IEC 15292) Security assessment of operational systems (ISO/IEC 19791) Responsible vulnerability disclosure (ISO/IEC 27047) ISO/IEC JTC 1 SC 27/WG 4 Cybersecurity (ISO/IEC 27032) Network security (ISO/IEC 27033) Application security (ISO/IEC 27034) Information security incident management (ISO/IEC 27035) Security of outsourcing (ISO/IEC 27036) Guidelines for digital evidence (ISO/IEC 27037) ISO/IEC JTC 1 SC 27/WG 5 Entity authentication assurance (ITU-T X.eaa | ISO/IEC 29115) 6
Collaborationon ubiquitous sensor network security (Q.6/17 Security aspects of ubiquitous telecommunication services) Close collaboration and liaison with JTC 1/SC 6/WG 7 - ubiquitous sensor network(USN)security Developing common Recommendations | International Standards ITU-T X.usnsec-1 | ISO/IEC CD 29180, Security framework for ubiquitous sensor network (Currently under development as a joint project) Advance authorization for Final Committee Draft ballot on ITU-T X.usnsec-1 | ISO/IEC CD 29180 in January 2010 JTC 1/SC 6/WG 7 meeting Further consideration for inclusion of joint works on Recommendations X.usnsec-2, Ubiquitous sensor network (USN) middleware security guidelines X.usnsec-3 Secure routing mechanisms for wireless sensor network 7
Collaboration on biometrics related technology (Q.9/17 Telebiometrics) ISO/IEC JTC 1/SC 37 Biometrics ISO TC 12 IEC TC 25 Quantities and Units ISO/IEC JTC 1/SC 27 IT Security Techniques Threats & Countermeasures Data & System protection Authentication protocol for Biometrics applications in Telecommunication VocabularyBiometrics data formatApplication interfaces Application profiles Testing scenario Biometric data used in e-health applications Biometric sample protection Biometric template protection Private information protection ITU-T/SG 17 WP 2/Q.9 Telebiometrics
Collaboration on biometrics related technology (Q.9/17 Telebiometrics)
Collaborationon identity management(Q.10/17 Identity management architecture and mechanisms) • Collaboration with ITU-T SGs 2, 11, 13 and 16; ITU-D SG 1, ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN; OASIS; Kantara Initiative; OMA; NIST; 3GPP; 3GPP2, Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc. Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc. • JCA-IdM • designed to minimize duplication of coordinate IdM Standardization work by exchanging information about on-going projects. 7 meetings held during the period 2008-2010 • basic coordination tool is an IdM Roadmap that provides abstracts and relationships of IdM projects in major IdM SDO's, consortiums, and fora • Significant progress has been made in developing a set of baseline IdM terms and definitions that were initiated by ITU-T • SC 27 is a regular participant and contributor to the JCA-IdM
Collaboration on entity authentication assurance, X.eaa with ISO/IEC JTC 1/SC 27/WG 5(Q.10/17) • ITU-T X.eaa ISO/IEC 29115 5th WD sessions held in September (ITU-T) and November 2009 (ISO/IEC JTC 1/SC 27) • ITU-T proposed change in scope • a proposal to establish a Collaborative Team with Terms of Reference (ToR) submitted to ISO/IEC JTC 1/SC 27/WG5 • SC 27 accepted a 6th WD with a significantly changed format and new material. ToR were reviewed, modified and sent to the ISO national bodies. ToR should be approved in April 2010 • In January 2010 the 6th WD, representing major improvements was sent to the ISO Secretariat for distribution to national bodies • WG 5 requested a one year extension for ITU-T X.eaa ISO/IEC 29115 • It is anticipated that with the establishment of the Collaborative Team, progress should improve
Collaborationon the Directory (Q.11/17 Directory services, Directory systems, and public-key/attribute certificates) • Two Directory projects: • ITU-T X.500-series | ISO/IEC 9594–All Parts • ITU-T E.115 - Computerized directory assistance • ITU-T X.500 | ISO/IEC 9594 in fruitful cooperation with ISO/IEC JTC 1/SC 6 • X.500 is a specification for a highly secure, versatile and distributed directory • The specification is under continuous enhancement • support for RFID an important new work item • ITU-T X.509 | ISO/IEC 9594-8, the most important standard: • Basis for eGovernment, eBusiness, etc. all over the world • Is the base specification for many other groups (IETF PKIX, ETSI ESI, CA Browser Forum, etc.)
Collaborationon ASN.1 and Object Identifiers (Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration) • Five main projects: • Abstract Syntax Notation 1 (ASN.1) • ASN.1 encoding rules • Object identifiers • Registration of tag-based applications and services • The Object Identifier Resolution System • ITU-T X.680-series | ISO/IEC 8824 in collaboration with ISO/IEC JTC 1/SC 6 (and earlier with SC 16) • These are the base ASN.1 standards – a widely used notation for abstract syntax definition • ITU-T X.690-series | ISO/IEC 8825 in collaboration with ISO/IEC JTC 1/SC 6 (and earlier with SC 16) • Specification of encoding rules, including XML encodings for ASN.1
Collaborationon ASN.1 and Object Identifiers(Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration) • ITU-T X.660-series | ISO/IEC 9834 in collaboration with ISO/IEC JTC 1/SC 6 • The Object Identifier Standards. OIDs form a major part of world-wide unambiguous identification schemes for security and other purposes • ITU-T X.668 | ISO/IEC 9834-9 in collaboration with ISO/IEC JTC 1/SC 6 • Registration of tag-based identification schemes • ITU-T X.oid-res | ISO/IEC CD2 29168 in collaboration with ISO/IEC JTC 1/SC 6 • Provides for on-line access using DNS to multi-media information associated with and International OID node
Collaborationon formal languages (Q.13/17 Formal languages and telecommunication software) • ODP Recommendations developed jointly with SC 7 are now in maintenance phase • To some extent SDL overlaps the domain of JTC 1/SC 7 LOTOS and E-LOTOS, however (at least for telecommunications) SDL is more widely used. • Work plan covers the UML profiles for SDL, MSC, URN and (possibly) Testing and Test Control Notation (TTCN). • UML profiles integrate the ITU-T languages using UML as a framework. Thus (like JTC 1/SC 7) Q.13/17 has interest in OMG UML, though Q.13/17 uses OMG UML 2.n (not UML 1.4.2 as in ISO/IEC 19501:2005). • Q.13/17 has in its scope (though no work is planned): the CHILL programming language – Z.200, quality issues – Z.400 and Z.450, architecture – Z.600 and Z.601.
ISO/IEC/ITU-TStrategic Advisory Group on Security • Terms of reference • To oversee standardization activities in ISO, IEC and ITU-T relevant to the field of security • To provide advice and guidance to the ISO Technical Management Board, the IEC Standardization Management Board and the ITU-T Telecommunication Standardization Advisory Group (TSAG) relative to the coordination of work relevant to security, and in particular to identify areas where new standardization initiatives may be warranted • To monitor the implementation of the recommendations of the SAG-S • Web site: http://www.iso.org/iso/iss_home • ITU-T SG 17 provides representatives to SAG-S 16
Summary ITU-T SG 17 has a long experience of collaboration with ISO, IEC TCs/SCs and JTC 1 SCs ITU-T SG 17 hosts collaborative meetings with SC 6 on ASN.1 and OID, Directory, ubiquitous sensor networks (USN) security (new). Collaborative meetings are planned with SC 27 on Entity Authentication assurance Details on collaboration are given at http://www.itu.int/ITU-T/studygroups/com17/refdocs/relationships.html SG 17 is maintaining reference documents: Listing of common text and technically aligned Recommendations | International Standards Mapping between ISO/IEC Standards and ITU-T Recommendations