Executive Summary
Study Group 17 meeting
(8 - 17 April 2015, Geneva/Switzerland)
Participation:
147 participants (19 less than at the previous SG17 meeting, 192 pre-registered); 28 Member States, 15 Sector Members, 3 Associates, and 5 Academia participating. Several invited experts. Increased participation of Member States from of developing countries.
Organization of the meeting:
Busy and productive 5th meeting of this study period having 8 working days.
- Many parallel meetings per quarter each day. Many sessions were equipped with AdobeConnect teleconferencing to allow participation from remote. The JCA-IdM meeting had to be stopped due to the ITU network outage on WED 15 April 2015, communication with the remote participants was not possible anymore; a follow-up JCA-IdM e-meeting will be organized.
- Two SG17 open, extended management team meetings were held (one late afternoon prior to the opening plenary and the other during the weekend), complemented by the SG17 security coordination meeting.
- Contributions: 74 (80 last time, stable), one contribution withdrawn
Contributions from Africa: 3, Americas: 1, Asia/Pacific: 61, Arab: 1, LAM: 0, CIS: 4, Europe: 4. Some contributions from Korea did not have change marks as claimed by the submitters; TDs with the changed marked contributions were posted. - TDs: 378 (19 less than in the previous meeting). This includes 60 incoming liaison statements, and 42 outgoing liaison statements.
Absent SG17 vice chairmen:
- Mr Khalid Belhoul, UAE, SG17 vice chairman, had left TRA; UAE Administration is seeking for a replacement.
- No response from Mr Mario German Fromow Rangel (Mexico), SG17 vice chairman. TSB needs to contact the Administration of Mexico to clarify the situation.
Newly appointed Associate Rapporteurs:
- Mr Younghwa Kim (Korea) in Question 1/17;
- Mr Chen Cai (China) in Question 1/17;
- Ms Zhiyuan Hu (Alcatel-Lucent Shanghai Bell Co. Ltd) in Question 2/17;
- Mr Michael Katundu (Kenya) in Question 4/17.
Recommendation approved (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting approved the text announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. There is one new Recommendation as listed below:
Q
Acronym
Title
New / Revised
Editor(s)
Location of text
Equivalent
e.g., ISO/IEC
Start of work
Timing
4/17 X.1525
(X.cwss) Common weakness scoring system New Robert A. Martin TD 1738 2009-09 2015-04
Approval of the above Recommendation is reflected in TSB Circular 149 of 23 April 2015.
Amendment and Implementer Guide approved, Supplement agreed:
The SG17 plenary meeting approved one new Amendment and one Implementer's Guide, and agreed one new Supplement to the ITU-T Z-series Recommendations.
Q
Acronym
Title
New / Revised
Editor(s)
Location of Text
Equivalent
e.g., ISO/IEC
Start of work
Timing
4/17
X.1500
Amd.7
Note (1)
Overview of cybersecurity information exchange – Amendment 7 – Revised structured cybersecurity information exchange techniques Note (1) Youki Kadobayashi TD 1763 Rev.1 2013-09 2015-04
12/17 Z.Imp100 Specification and Description Language implementer's guide – Version 2.0.2 Revised Rick Reed TD 1691 Rev.1
2014-09 2015-04
12/17 Z.Sup1 Supplement 1 to Z-series Recommendations –
ITU-T Z.100-series – Supplement on methodology on the use of description techniques Revised Rick Reed TD 1598 Rev.1 2010-12 2015-04
Note:
(1) Amendment 7 supersedes Amendment 6.
Recommendations determined (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting determined (TAP) three new ITU-T Recommendations in accordance with WTSA-12 Resolution 1, Section 9.
Q
Acronym
Title
New / Revised
Editor(s)
Location of text
Equivalent
e.g., ISO/IEC
Start of work
Timing
5/17 X.1246*
(X.ticvs) Technologies involved in countering voice spam in telecommunication organizations New Xuetao Du,
Tao Lou
COM 17 – R 40(TD 1718 Rev.1)
2011-09 2015-04
7/17 X.1157*
(X.sap-7)
Note (1) Technical capabilities of fraud detection and response for services with high assurance level requirements New Tae Kyun Kim,
Hyung-Jin Lim COM 17 – R 43
(TD 1638) 2011-09 2015-04
11/17 X.1341*
(X.cmail)
Note (1) Certified mail transport and certified post office protocols New David Keller,
Laura Prin COM 17 – R 45
(TD 1634 Rev.1) 2013-04 2015-04
Notes:
(1) X.1157 and X.1341 were deferred from previous AAP Last Call to SG17 for consideration. SG17 changed the approval process from AAP to TAP according to Rec. ITU-T A.8 clause 5.2 upon request by Germany recognising regulatory and policy implications.
Information on the Member States consultation is available in TSB Circular 150 issued 30 April 2015.
Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8):
The SG17 plenary meeting gave consent (AAP) to three draft new ITU-T Recommendations, eleven draft revised ITU-T Recommendations, and three Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:
Q(1)
Acronym
Title
New / Revised
Editor(s)
Location of text
Equivalent
e.g., ISO/IEC
Start of work
Timing
7/17 X.1163
(X.p2p-3) Security requirements and mechanisms of peer-to-peer-based telecommunication networks New Lijin Liu,
Jaehoon Nah TD 1717 Rev.4
Note (4)
2009-09 2015-04
8/17,
(3/17) X.1631
(X.cc-control)
Notes (2), (3) Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services New Kojo Nakao,
Huirong Tian TD 1810 ISO/IEC 27017 2013-04 2015-04
11/17 X.226 Cor.1
Note (3) Information Technology – Open Systems Interconnection – Connection-Oriented Presentation Protocol: Protocol Specification Jean-Paul Lemaire TD 1713 ISO/IEC 8823-1 2015-04 2015-04
11/17 X.227bis Cor.1
Note (3) Information technology – Open Systems Interconnection – Connection-mode protocol for the Application Service Object Association Control Service Element Jean-Paul Lemaire TD 1714 ISO/IEC 15954 2015-04 2015-04
11/17 X.509 Cor.1 Information technology – Open Systems Interconnection – The Directory – Public-key and attribute certificate frameworks – Technical Corrigendum 1
Erik Andersen TD 1731 Rev.1
Note (5) ISO/IEC 9594-1 Cor.1 2014-09 2015-04
11/17 X.675
(X.orf) OID-based resolution framework for heterogeneous identifiers and locators New Younghwan Choi TD 1799 Rev.2 2013-04 2015-04
11/17 X.680 Rev
Note (3) Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8824-1 2015-04 2015-04
11/17 X.681 Rev
Note (3) Information technology – Abstract Syntax Notation One (ASN.1): Information object specification Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8824-2 2015-04 2015-04
11/17 X.682 Rev
Note (3) Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8824-3 2015-04 2015-04
11/17 X.683 Rev
Note (3) Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8824-4 2015-04 2015-04
11/17 X.690 Rev
Note (3) Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-1 2015-04 2015-04
11/17 X.691 Rev
Note (3) Information technology – ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-2 2015-04 2015-04
11/17 X.692 Rev
Note (3) Information technology – ASN.1 encoding rules: Specification of Encoding Control Notation (ECN) Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-3 2015-04 2015-04
11/17 X.693 Rev
Note (3) Information technology – ASN.1 encoding rules: XML Encoding Rules (XER) Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-4 2015-04 2015-04
11/17 X.694 Rev
Note (3) Information technology – ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1 Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-5 2015-04 2015-04
11/17 X.695 Rev
Note (3) Information technology – ASN.1 encoding rules: Registration and application of PER encoding instructions Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-6 2015-04 2015-04
11/17 X.696 Rev
Note (3) Information technology – ASN.1 encoding rules: Specification of Octet Encoding Rules (OER) Revised Paul Thorpe TD 1588 Rev.1 ISO/IEC 8825-7 2015-04 2015-04
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Approval process was changed from TAP to AAP according to WSTA-12 Resolution 1 section 8.3 (ref TD 1753).
(3) AAP Last Call delayed to allow synchronization with ISO/IEC JTC 1
(4) WP4/17 Report (COM 17 – R 42 Annex B Attachment 2) contains the A.5 justification information for draft Recommendation ITU-T X.1163 (X.p2p-3).
(5) WP5/17 Report (COM 17 – R 44 Annex A Attachment 1) contains the A.5 justification information for draft technical corrigendum 1 to X.509.
New work items:
The following eight new work items were agreed by SG17 to be added to the SG17 work programme
Q(1)
Acronym
Title
New/ Revised
AAP/TAP/ Agreement
Editor(s)
Document
Timing*
1/17 X.TRsuss Technical Report on the successful use of security standards New Agreement Mohamed M. K. Elhaj (Provisional appointment)
SG17 Vice-chairman
mohamed.elhaj@ntc.org.sd NWI template:
TD 1806 Rev.1
Base text:
COM17-TD 0115 Rev.1 (2009-2012 study period)
2016-09
2/17 X.sdnsec-2 Security requirements and reference architecture for Software-Defined Networking New AAP
Zhiyuan HU, Alcatel-Lucent Shanghai Bell,
Zhiyuan.hu@alcatel-sbell.com.cn;
Zhaoji Lin, ZTE Corporation,
lin.zhaoji@zte.com.cn
NWI template:
TD 1766 Rev.1
Base text:
TD 1766 Rev.1 Annex 1
2017-09
4/17 X.nessa Access control models for incidents exchange networks New TAP Alexey Koshka, Ministry of Telecom and Mass Communications, Russian Federation,
biocheshire@yandex.ru NWI template:
TD 1792 Rev.2
Base text:
TD 1792 Rev.2 Annex 2
2016
4/17 X.samtn Security assessment techniques in telecommunication/ICT networks New TAP
Vibha Tomar, India,
dirngn.tec@gov.in,
dirsw.tec@gmail.com;
Byung-Moon Chin
NWI template:
TD 1755 Rev.3
Base text:
C 0316
2016
5/17 X.gcsfmpd Supplement to Rec. ITU-T X.1231 on guidance of countering spam for mobile phone developers New Agreement
Tae-Jin Lee, KISA, Korea (Republic of),
tjlee@kisa.or.kr;
Jeong-Jun Suh, KISA, Korea (Republic of),
jjun2@kisa.or.kr
NWI template:
TD 1737 Rev.3
Base text:
TD 1737 Rev.3 Annex 2
2016-03
6/17 X.iotsec-2 Security framework for Internet of Things New TAP
Xia Junjie, China Unicom,
xiajj2@chinaunicom.cn;
Heung Youl Youm, Korea (Republic of),
hyyoum@sch.ac.kr
NWI template:
TD 1743 Rev.1
Base text:
TD 1743 Rev.1 Annex 2
2018-02
8/17 X.1601rev Security framework for cloud computing Revised TAP Nan Meng, China,
mengnan@caict.ac.cn NWI template:
TD 1780 Rev.2
Base text:
C 0345
2015-09
9/17 X.pbact Privacy-based access control in Telebiometrics New TAP
Erik Andersen, Denmark,
era@tdcadsl.dk;
Michele Peiry Meier, ISO TC 12 Liaison Officer,
michele.peiry@hotmail.com
NWI template:
TD 1778 Rev.1
Base text:
C 0374
2018-04
Notes:
* Target date for consent or determination of Recommendations or for approval of Appendices or Implementers' Guides, agreement of Supplements
(1) SG17 Question. In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
Work items discontinued:
The following ten work items were agreed to be deleted from the work programme, an OLS on clean-up of stale work items will be sent to RevCom:
Q(1)
Acronym
Title
Action
4/17 X.cee* Common event expression delete
4/17 X.cee.1* CEE overview delete
4/17 X.cee.2* CEE profile delete
4/17 X.cee.3* CEE common log syntax (CLS) delete
4/17 X.cee.4* CEE common log transport (CLT) requirements delete
4/17 X.csmc* An iterative model for cybersecurity operation using CYBEX techniques delete
7/17, (10/17) X.1141
Amd.1 Security Assertion Markup Language (SAML) 2.0 – Amendment 1: Errata delete
7/17, (10/17) X.1142
Amd.1 eXtensible Access Control Markup Language (XACML 2.0) – Amendment 1: Errata delete
10/17, (8/17) X.idmcc* Requirements of IdM in cloud computing delete
10/17
Note (2)
X.scim-use* Application of system for cross identity management (SCIM) in telecommunication environments delete
Notes:
(1) SG17 Question. In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Joint with Q8/13, with Q10/17 having the lead.
* Marked draft Recommendations were for determination; all non-marked were for consent.
Coordination and promotion activities:
- Two Joint Coordination Activity meetings under the SG17 parent-ship were held, JCA-IdM (interrupted due to network outage), and JCA-COP.
- Updates were made to the Security Compendium, and to the ICT Security Roadmap.
- SG17 willingness conveyed to ITU-D SG2 Q3/2 to join in their planned ITU security workshop in September 2015. Details and timing are yet to be figured out.
Correspondence Groups:
Three Correspondence Group continued, one new established, and one terminated.
- CG-CYBEX: Continued Correspondence Group on cybersecurity information exchange capabilities.
- CG-investigate: Continued Correspondence Group on investigation for new topics for SG17 standardization, with amended ToR;
The CG will investigate any considerable topics from the results of the September 2014 ITU security workshop, and to collect and analyze the further information related to the new topics, including those proposed NWIs that failed adoption at this meeting, for the purpose of identifying a set of new work items for SG17 near future. - CG-coll-strengthening: Continued Correspondence Group on strengthening collaboration between ITU-T SG17 and ITU-D SG2 Q3/2 on security. This (still not established) ITU intersectoral CG between the ITU-T- and the D- Sectors will identify areas for collaboration. Exact details of the technical implementation and convernership of this CG are subject for further coordination between TSB and BDT.
- New CG-response on Response to ITU-D Q3/2 is an internal SG17 CG, which is to prepare a response to ITU-D Q3/2 in a timely manner within ITU-T SG17.
- Terminated CG-rapp-guidelines as work was completed.
- SG17 agreed that the Correspondence Group conveners for all current and future CGs shall establish a work plan for their correspondence group, including specific timeframes, and seek correspondence group agreement within one month from the closing SG17 plenary. This should help to bring more transparency and activity to the CGs; which were fairly inactive in the past.
Other highlights
- New African Regional Group under SG17 was established with ToR; chairman: Michael Katundu (Kenya); vice chairmen: Mr Mohamed Elhaj (Sudan) and Mr Patrick Mwesigwa (Uganda) and Mr Mohamed Toure (Guinea).
- Four special sessions were held to off-load the plenaries from debates:
- on bridging the standardization gap (with live interpretation), where the meeting confirmed to continue organizing a BSG session at every SG17 meeting;
- on new topics for SG17 standardization, where interest was confirmed for SG17 to continue working on IoT security and ITS security, and to continue CG-investigate with amended ToR;
- on collaboration with ITU-D SG2 Q3/2 (which exceptional French-English live interpretation re-using available interpreters from the pool, for the sake of French speaking delegates from developing countries). Result was to establish CG-response, and liaison statements sent to the forthcoming ITU-D SG2 Rapporteur Groups meetings;
- and on collaboration with ISO/IEC JTC 1/SC 27, for the coordination and preparation of liaison statements to SC27.
- Two (plenary) special sessions were organized on establishment of a new Focus Group on Critical Infrastructure Protection and ICT Security (FG-CIPIS). Two further proposals (one on industrial control systems, and one on providing confidence and security in the use of ICT for Critical Telecommunication Infrastructures Protection) for ToR of a FG were developed during the meeting, but all failed to find interest, and necessary support, due to various expressed concerns, too vague scope, lack of focus, and lack of need. Agreement was reached to continue discussion of ToR of a new FG on CG-investigate.
- The SG17 plenary agreed the amended and customized TSB slide set on "presentation of contributions to ITU-T SG17: Guidelines". The slide set should be linked from Collective letter 6/17.
- SG17 allocated a new OID arc for ITS.
- The ICT Security Standards Roadmap and the Security Compendia were updated.
- The editor of the 6th edition of the Security Manual met with several Counsellors and organized inputs.
- Developed a template for unifying the agendas of meetings of Questions held during working party or study group meetings of SG17, in particular unifying the time table for taking up agendas items.
Associated events:
Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.
- Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
Tutorial presentations:
Six tutorial presentations were given at this Study Group 17 meeting and found quite some positive interest, addressing SG17 overview for newcomers, tiny IoT device authentication, cybersecurity data protection and cyber resilience in smart sustainable cities, ETSI security update, and a training for Rapporteurs & Editors.
Next SG17 meeting (shifted):
- TUE 8 – THU 17 September 2015, Geneva, Switzerland; shifted 8 days earlier to allow partially overlapping with ITU-D SG2, and ITU-D SG1 meetings.
- Several interim Rapporteur Group meetings, and some virtual e-meetings are planned until September 2015, but no interim meetings in Singapore.