draft summaries for recommendations under development or

Draft summaries for Recommendations under development or revision in Study Group 17

(Last updated: October 2007)

Working Party 1/17 – Open Systems Technology

Q. Acronym 1) Title or Subject Editor Location of Text

EQUIVALENT

e.g., ISO/IEC

Timing 2)

1 X.603.1/Amd.1

Relayed Multicast Protocol: Specification for simplex group applications – Security extensions

M.Y. Youn TD 1320 ISO/IEC 16512-2/Amd.1

Sept. 2008

1 X.603.2 Relayed multicast protocol: Specification for N-plex group applications

J.Y. Park TD 1323 ISO/IEC 16512-3 Sept. 2008

1 X.607.1 Enhanced communications transport protocol: Specification of QoS management for duplex multicast transport

M. Roshanaei,S.J. Koh,H.K. Kahng

TD 1361 ISO/IEC 14476-4 Sept. 2008

1 X.608.1 Enhanced communications transport protocol: Specification of QoS management for N-plex multicast transport

D.M. Lee,M. Roshanaei,H.K. Kahng

TD 1362 ISO/IEC 14476-6 Sept. 2008

1 X.mmc-1 Mobile multicast communications - Framework M. Roshanaei,J.Y. Park,S.J. Koh

TD 1321 ISO/IEC 24793-1 Sept. 2008

1 X.mmc-2 Mobile multicast communications - Protocol over native IP multicast network

S.J. Koh,Y.J. Kim

TD 1295 ISO/IEC 24793-2 TBD

1 X.mmc-3 Mobile multicast communications - Protocol over overlay multicast network

J.Y. Park,M. Roshanaei

TD 1322 ISO/IEC 24793-3 TBD

2 E.115 (revised)

Computerized directory assistance E. Andersen TD 1308 Rev.1

April 2008

2 X.500 (revised)

Directory: Overview of concepts, models and services E. Andersen ISO/IEC 9594-1 Sept. 2008

2 X.501 (2001)/Cor.3

Technical Corrigendum 3 to Directory: Models E. Andersen TD 1329 ISO/IEC 9594-2:2001/Cor.3

April 2008

- 2 -

2 X.501 (2005)/Cor.1

Technical Corrigendum 1 to Directory: Models E. Andersen TD 1328 ISO/IEC 9594-2:2005/Cor.1

April 2008

2 X.501 (revised)

Directory: Models E. Andersen ISO/IEC 9594-2 Sept. 2008

2 X.509 (revised)

Directory: Public-key and attribute certificate frameworks

Hoyt Kesterson ISO/IEC 9594-8 Sept. 2008

2 X.511 (2001)/Cor.3

Technical Corrigendum 3 to Directory: Abstract service definition

E. Andersen TD 1333 ISO/IEC 9594-3:2001/Cor.3

April 2008

2 X.511 (2005)/Cor.1

Technical Corrigendum 1 to Directory: Abstract service definition


April 2008

2 X.511 (revised)

Directory: Abstract service definition E. Andersen ISO/IEC 9594-3 Sept. 2008

2 X.518 (2001)/Cor.2

Technical Corrigendum 2 to Directory: Procedures for distributed operations


April 2008

2 X.518 (2005)/Cor.1

Technical Corrigendum 1 to Directory: Procedures for distributed operations


April 2008

2 X.518 (revised)

Directory: Procedures for distributed operations E. Andersen ISO/IEC 9594-4 Sept. 2008

2 X.519 (2001)/Cor.1

Technical Corrigendum 1 to Directory: Protocols E. Andersen TD 1337 ISO/IEC 9594-5:2001/Cor.1

April 2008

2 X.519 (2005)/Cor.1

Technical Corrigendum 1 to Directory: Protocols E. Andersen TD 1336 ISO/IEC 9594-5:2005/Cor.1

April 2008

2 X.519 (revised)

Directory: Protocol specifications E. Andersen ISO/IEC 9594-5 Sept. 2008

2 X.520 (2001)/Cor.1

Technical Corrigendum 1 to Directory: Selected attribute types


April 2008

2 X.520 (2005)/Cor.1

Technical Corrigendum 1 to Directory: Selected attribute types


April 2008

2 X.520 (revised)

Directory: Selected attribute types E. Andersen ISO/IEC 9594-6 Sept. 2008

2 X.521 (revised)

Directory: Selected object classes E. Andersen ISO/IEC 9594-7 Sept. 2008

- 3 -

2 X.525 (revised)

Directory: Replication E. Andersen ISO/IEC 9594-9 Sept. 2008

2 X.530 (2001)/Cor.1

Technical Corrigendum 1 to Directory: Use of systems management for administration of the Directory


April 2008

2 X.530 (revised)

Directory: Use of systems management for administration of the Directory

E. Andersen ISO/IEC 9594-10 Sept. 2008

Working Party 2/17 – Telecommunication Security


EQUIVALENT

e.g., ISO/IEC

Timing 2)

4 Supplement 1 to X.800-X.849 series on security: Security baseline for network operators

A. Kremer TD 2801 Rev.2

Sept. 2007 [Achieved]

5 X.1031 (X.805+)

Security architecture aspects of end users and networks in telecommunications

N. Etroukhin TD 2783 Rev.1


5 X.1036 (X.spn)

Framework for creation, storage, distribution and enforcement of policies for network security

J-H. Kim TD 2789 Rev.1


5 X.805nsa Network security assessment/guidelines based on ITU-T Recommendation X.805

R. Vasireddy Sept. 2008

5 X.akm Framework for EAP-based authentication and key management

H-Y. Youm C 167 Dec. 2007

5 X.gisn Guidelines for implementing system and network security

U. Chandrashekhar

C 194 April 2008

6 X.1205* (X.cso)

Overview of cybersecurity A. Barbir TD 2761 Rev.1

Dec. 2007

6 X.1206* (X.vds)

A vendor-neutral framework for automatic notification of security related information and dissemination of updates

H. Takeshi,C. Schultz

TD 2745 Rev.4


6 X.1207* (X.sds)

Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software

M.C. Kang TD 2765 Rev.3


http://www.itu.int/md/dologin_md.asp?lang=en&id=T05-SG17-070919-TD-WP2-2789!R1!MSW-E


- 4 -

6 X.gopw* Guideline on preventing worm spreading in a data communication network

M. Kim,H.Y. Youm

C 170 TBD 2009

6 X.idif* User control enhanced digital identity interchange framework

Sangrae Cho,Seung-Hun Jin

C 153 Sept. 2008

6 X.idmgap* Identity management use cases and gap analysis R. Singh TD 0295 April 2008

6 X.idmint* Identity management framework for global interoperability

T. Nadalin TD 0297 TBD 2009

6 X.idmSerSup Supplement to X-series Recommendations on identity management: Identity management lexicon

TD 0294 April 2008

6 X.idmreq* Requirements for global interoperable identity management

T. Rutkowski,Jiwei Wei

TD 0296 April 2008

6 X.nsmf* Network security management framework C 223 April 2008

6 X.rfpg* Privacy guideline for RFID H. Lee C 130 April 2008

6 X.sisfreq* Requirement of security information sharing framework Il-Ahn Cheong,C. Schultz

Sept. 2008

6 X.soaf* Service oriented architecture framework Abbie Barbir Sept. 2008

6 X.soas* Service oriented architecture security Abbie Barbir Sept. 2008

7 X.1051 (revised)

Information security management guidelines for telecommunications based on ISO/IEC 27002

Y. Fujimoto TD 2837 ISO/IEC 27011 Dec. 2007

7 X.rmg Risk management guidelines for telecommunications E.J. Humphreys TD 2844 April 2008

7 X.sim Security incident management guidelines for telecommunications

J.D. Kim C 171 April 2008

8 X.1082 (X.physiol)

Telebiometrics related to human physiology P. Gerome TD 2726 Rev.4

ISO/IEC 80000-14 Sept. 2007 [Achieved]

8 X.1083 (X.bip)

BioAPI interworking protocol J.P. Lemaire TD 2793 Rev.2

ISO/IEC 24708 Sept. 2007 [Achieved]

8 X.tai Telebiometrics authentication infrastructure J. Wei TD 2825 Dec 2007

8 X.tdk Telebiometrics digital key framework H.W. Lee,J. Kim,Y.S. Chung,K.Y. Moon

TD 2815 April 2008

- 5 -

8 X.tpp-1 A guideline of technical and managerial countermeasures for biometric data security

J. Kim,H. Kim

TD 2814 Dec. 2007

8 X.tpp-2 A guideline for secure and efficient transmission of multibiometric data

Y.H. Gil,Y.S. Chung,Y. Bae,K.I. Chung

TD 2816 April 2008

8 X.tsm-1 Telebiometrics system mechanism - General biometric authentication protocol and profile on telecommunication system

Y. Isobe,Y.N. Shin

TD 2773 Rev.2

Dec. 2007

8 X.tsm-2 Telebiometrics system mechanism - Protection profile for client terminals

Y. Isobe,Y.N. Shin

TD 2820 April 2008

9 X.1112 (X.homesec-2)

Device certificate profile for the home network J.H. Baek,D.Y. Yoo

TD 2781 Rev.2


9 X.1113 (X.homesec-3)

Guideline on user authentication mechanism for home network services

H.K. Lee TD 2769 Rev.2


9 X.1123 (X.msec-3)

Differentiated security service for secure mobile end-to-end data communication

J. Chen,B.Wu

TD 2763 Rev.2


9 X.1124 (X.msec-4)

Authentication architecture in mobile end-to-end data communication

Z. Zheng,J. Wei

TD 2799 Rev.1


9 X.1125 (X.crs)

Correlative reacting system in mobile network S. Liu,J. Wei

TD 2798 Rev.1


9 X.1143 (X.websec-3)

Security architecture for message security in mobile web services

J.S. Lee TD 2807 Rev.3


9 X.1151 (X.sap-1)

Guideline on secure password-based authentication protocol with key exchange

H. Y. Youm TD 2764 Rev.1


9 X.homesec-4 Authorization framework for home network TD 2792 TBD

9 X.mcsec-1 Security requirements and framework in multicast communication

C 180 TBD

9 X.nidsec-1 Privacy protection framework for networked RFID services

D.H. Choi C 154 April 2008



- 6 -

9 X.p2p-1 Security requirements for peer-to-peer communications Y. Miyake C 216 April 2008

9 X.p2p-2 Security architecture for peer-to-peer network J.H. Nah TD 2836 April 2008

9 X.sap-2 Secure end-to-end data communication techniques using TTP services

T. Kaji TD 2809 April 2008

9 X.usnsec-1 Requirement and Framework for USN H. Y. Youm C 179 TBD

17 X.csreq* Requirement on countering spam H.W. Luo,J. Chen

TD 2823 Dec. 2007

17 X.fcs* Technical framework for countering email spam K. Yang,J. Chen

TD 2811 Dec. 2007

17 X.fcsip* Framework of countering IP multimedia spam Sung Hei Kim,Young Duk Cho

TD 2808 April 2008

17 X.gcs* Guideline on countering email spam Park So Young,Y. Li

TD 2788r1 Dec. 2007

17 X.ocsip* Overview of countering spam for IP multimedia applications

Shin Gak Kang,Mi Joo Kim

TD 2800r1 April 2008

17 X.tcs* Technical means for countering spam TBD

17 X.tcs-1* Interactive countering spam gateway system Hua Jiang TD 2644 April 2008

17 X.ssf* SMS filtering system based on users’ rules Hongwei Luo,Lijun Liu

TD 2824 Sept. 2008

Working Party 3/17 – Languages and Telecommunications Software


EQUIVALENT

e.g., ISO/IEC

Timing 2)

10 X.660 (revised)

Procedures for the operation of OSI Registration Authorities: General procedures and top arcs of the ASN.1 Object identifier tree

P. Thorpe TD 3446 ISO/IEC 9834-1 April 2008

10 X.662 Amd.1 Internationalized object identifiers P. Thorpe TD 3447 ISO/IEC 9834-3/Amd.1

April 2008


April 2008

- 7 -


April 2008

10 X.668 (X.RA-nid)

Procedures for the operation of OSI registration authorities: registration of object identifier arcs for ID-based applications

J. Lee TD3384 Rev.1

ISO/IEC 9834-9 April 2008

10 X.669 Amd.1 Internationalized object identifiers P. Thorpe TD 3450 April 2008

10 X.680(revised)

Specification of basic notation P. Thorpe ISO/IEC 8824-1 Sept. 2008

10 X.681(revised)

Information object specification P. Thorpe ISO/IEC 8824-2 Sept. 2008

10 X.682(revised)

Constraint specification P. Thorpe ISO/IEC 8824-3 Sept. 2008

10 X.683(revised)

Parameterization of ASN.1 specifications P. Thorpe ISO/IEC 8824-4 Sept. 2008

10 X.690(revised)

Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)

P. Thorpe ISO/IEC 8825-1 Sept. 2008

10 X.691(revised)

Specification of Packed Encoding Rules (PER) P. Thorpe ISO/IEC 8825-2 Sept. 2008

10 X.692(revised)

Specification of Encoding Control Notation (ECN) P. Thorpe ISO/IEC 8825-3 Sept. 2008

10 X.693(revised)

XML Encoding Rules (XER) P. Thorpe ISO/IEC 8825-4 Sept. 2008

10 X.694(revised)

Mapping W3C XML schema definitions into ASN.1 P. Thorpe ISO/IEC 8825-5 Sept. 2008

11 Z.100(revised 2007)

Specification and Description Language R. Reed TD 3426 Rev.2


11 Z.100(revised 2008)

Specification and Description Language: Overview of SDL-2008

2008

11 Z.101 Specification and Description Language: Basic SDL-2008

2008

- 8 -

11 Z.102 Specification and Description Language: Comprehensive SDL-2008

2008

11 Z.103 Specification and Description Language: Shorthand notation and annotation in SDL-2008

2008

11 Z.104(revised)

Specification and Description Language: Data and action language in SDL-2008

2008

11 Z.105(revised)

Specification and Description Language: SDL-2008 combined with ASN.1 modules

2008

11 Z.106(revised)

Specification and Description Language: Common interchange format (CIF) for SDL-2008

A. Ek 2008

12 Z.120 Appendix 1

Application of MSC L. Hélouet April 2008

12 Z.151 Languages for telecommunications applications — GRL: Goal-oriented requirement language

D. Amyot TD 3200 April 2008

12 Z.152 Languages for telecommunications applications — UCM: Use case maps notation

D. Amyot TD 3201 April 2008

12 Z.153 URN: Methodological approach D. Amyot TD 3158 [2001-2004]

2008

13 X.689 ASN.1 combined with UML 2.0 T. Weigert 2008

13 Z.109(revised)

Specification and Description Language: SDL-2008 combined with UML

T. Weigert 2008

13 Z.110(revised)

Criteria for use of formal description techniques by ITU-T

T. Weigert 2008

13 Z.111 Notations to define ITU-T languages T. Weigert TD 3288 Rev.1

April 2008

13 Z.uml-msc (Z.129)

UML profile for MSC T. Weigert TD 3308 2008

13 Z.uml-eodl (Z.139)

UML profile for eODL T. Weigert TBD

13 Z.uml-ttcn (Z.149)

UML profile for TTCN T. Weigert 2008

- 9 -

13 Z.uml-urn (Z.159)

UML profile for URN T. Weigert 2008

14 Z.161 (Z.140 revised)

Testing and Test Control Notation version 3 (TTCN-3): Core language

D. Hogrefe TD 3377 ETSI ES 201 873-1 Sept. 2007 [Achieved]

14 Z.162 (Z.141 revised)

Testing and Test Control Notation version 3 (TTCN-3): Tabular presentation format (TFT)


14 Z.163 (Z.142 revised)

Testing and Test Control Notation version 3 (TTCN-3): Graphical presentation format (GFT)


14 Z.164 (Z.143 revised)

Testing and Test Control Notation version 3 (TTCN-3): Operational semantics (OS)


14 Z.165 (Z.144 revised)

Testing and Test Control Notation version 3 (TTCN-3): Runtime interface (TRI)


14 Z.166 (Z.145 revised)

Testing and Test Control Notation version 3 (TTCN-3): Control interface (TCI)


14 Z.167 (Z.146 revised)

Testing and Test Control Notation version 3 (TTCN-3): Using ASN.1 with TTCN-3

D. Hogrefe ETSI ES 201 873-7 2008

14 Z.168 Testing and Test Control Notation version 3 (TTCN-3): The IDL to TTCN-3 mapping


14 Z.169 Testing and Test Control Notation version 3 (TTCN-3): TTCN-3 and the use of XML

D. Hogrefe ETSI ES 201 873-9 2008

14 Z.170 Testing and Test Control Notation version 3 (TTCN-3): TTCN-3 documentation tags

D. Hogrefe TD 3431 ETSI ES 201 873-10


14 Z.171 Testing and Test Control Notation version 3 (TTCN-3): TTCN-3 and the use of C/C++

D. Hogrefe 2008

14 Supplement 1 to X.290 series (Z.itfm): Generic approach to interoperability testing

D. Hogrefe TD 3294 April 2008

14 Supplement 2 to X.290 series (Z.itfm): Interoperability testing framework and methodology

S. Kang D 18 [2001-2004]

April 2008

15 X.901 (revised)

Information technology – Open distributed processing - Reference model: Overview

A. Meisingset ISO/IEC 10746-1 TBD

http://www.itu.int/md/dologin_md.asp?lang=en&id=T05-SG17-070919-TD-WP3-3431!!ZIP-E




- 10 -

15 X.902 (revised)

Information technology – Open distributed processing -Reference model: Foundation

A. Meisingset TD 3407 ISO/IEC 10746-2 TBD

15 X.903 (revised)

Information technology – Open distributed processing -Reference model: Architecture

A. Meisingset TD 3407 ISO/IEC 10746-3 TBD

15 X.904 (revised)

Information technology – Open distributed processing – Reference Model: Architectural semantics

A. Meisingset ISO/IEC 10746-4 TBD

15 X.906 Use of UML for ODP system specifications A. Meisingset TD 3404 Rev.1

ISO/IEC 19793 Sept. 2007 [Achieved]

1) * marked Recommendations are for determination

2) target date for consent or determination

Working Party 1/17 – Open Systems Technology

Question 1/17 – End-to-end Multicast Communications with QoS Managing Facility

Amd.1 to ITU-T X.603.1 | ISO/IEC 16512-1, Information technology - Relayed multicast protocol: Specification for simplex group applications – Amendment 1 - Security Extensions

This amendment describes the security functionalities to an application-level relayed multicast protocol for one-to-many group applications. This protocol provides various security facilities to fulfill general security requirements as well as specific security requirements. This protocol also provides some detail functions, which can be operated with a variety of standardized security mechanisms. This amendment enforces existing RMCP protocol security.

ITU-T X.603.2 | ISO/IEC 16512-3, Information technology - Relayed multicast protocol: Specification for N-plex group applications

This Recommendation | International Standard describes an application-layer protocol which constructs multicast tree for data delivery from multiple senders to multiple receivers over Internet where IP multicast is not fully deployed. The specified relay multicast protocol consists of multicast agent and session manager. The functions and procedures for multicast agent to relay N-plex data are specified. Operations of session manager are specified to manage multicast sessions. This protocol can be used for applications that require many-to-many data delivery service, such as multimedia conference, network game, etc.

ITU-T X.607.1 | ISO/IEC 14476-4, Information technology - Enhanced communications transport protocol: Specification of QoS management for duplex multicast transport

This Recommendation | International Standard describes QoS management functions for the duplex multicast transport over Internet where IP multicast is supported. QoS management functions such as QoS negotiation, monitoring, and maintenance features are specified. Protocol details such as packet format, parameter values and procedures are described. This protocol can be used for applications that require one-to-many as well as many-to-one data delivery service with QoS managing facility. Example of services supported by the protocol can be e-learning service, IPTV home-shopping service etc.

ITU-T X.608.1 | ISO/IEC 14476-6, Information Technology - Enhanced communications transport protocol: Specification of QoS management for N-plex multicast transport

This Recommendation | International Standard describes QoS management functions for the N-plex multicast transport over Internet where IP multicast is supported. QoS management functions such as QoS negotiation, monitoring, and maintenance features are specified. Protocol details such as packet format, parameter values and procedures are described. This protocol can be used for applications that require many-to-many data delivery service with QoS managing facility; the protocol is expected to provide transport service to multimedia conference service over IP multicast, etc.

X.mmc-1, Mobile multicast communications - Framework

This Recommendation describes a framework for mobile multicast communications (MMC). The requirement for specifying detail protocol functions and procedures are described. This framework is applied to develop relevant protocol specifications on mobile multicast communications over native IP multicast network as well as overlay multicast network.

X.mmc-2, Mobile multicast communications - Protocol over native IP multicast network

- 12 -

This Recommendation describes a multicast control protocol, which targets at the real-time one-to-many multicast services and applications over native IP multicast network. This specification describes detailed functions and procedures of the control protocol for applications that require one-to-many data delivery service over mobile network environment.

X.mmc-3, Mobile multicast communications - Protocol over overlay multicast network

This Recommendation describes a multicast control protocol which constructs multicast tree for data delivery from a sender to multiple receivers over overlay multicast network. This specification describes detailed functions and procedures of the control protocol for applications that require one-to-many data delivery service over fixed and mobile converged network environment.

Question 2/17 – Directory Services, Directory Systems, and Public-key/Attribute Certificates

E.115 (revised), Computerized directory assistance

This Recommendation specifies the protocol, called the Directory Assistance protocol, to be used for Directory Assistance information exchange among service providers. This supports assistance/inquiry as part of the international telephone operator service. This Recommendation also gives a description of the principles and procedures to be followed in interconnecting different national computerized directory assistance services. It specifies two versions of the protocol; version 1 specifies basic functions, while version 2 of the protocol provides enhancements and uses HTTP as the underlying service.

ITU-T X.500 (revised) | ISO/IEC 9594-1, Information technology – Open System Interconnection – The Directory: Overview of concepts, models and services

This Recommendation | International Standard introduces the concepts of the Directory and the DIB (Directory Information Base) and overviews the services and capabilities which they provide.

ITU-T X.501 (revised) | ISO/IEC 9594-2, Information technology – Open System Interconnection – The Directory: Models

This Recommendation | International Standard provides a number of different models for the Directory as a framework for the other ITU-T Recommendations in the X.500 series. The models are the overall (functional) model, the administrative authority model, generic Directory Information models providing Directory User and Administrative User view on Directory information, generic Directory System Agent (DSA) and DSA information models and operational framework and a security model.

ITU-T X.509 (revised) | ISO/IEC 9594-8, Information technology – Open System Interconnection – The Directory: Public-key and attribute certificate frameworks

This Recommendation | International Standard defines a framework for public-key certificates and attribute certificates. These frameworks may be used by other standards bodies to profile their application to Public Key Infrastructures (PKI) and Privilege Management Infrastructures (PMI). Also, this Recommendation | International Standard defines a framework for the provision of authentication services by Directory to its users. It describes two levels of authentication: simple authentication, using a password as a verification of claimed identity; and strong authentication, involving credentials formed using cryptographic techniques. While simple authentication offers some limited protection against unauthorized access, only strong authentication should be used as the basis for providing secure services

ITU-T X.511 (revised) | ISO/IEC 9594-3, Information technology – Open System Interconnection – The Directory: Abstract service definition

- 13 -

This Recommendation | International Standard defines in an abstract way the externally visible service provided by the Directory, including bind and unbind operations, read operations, search operations, modify operations and errors.

ITU-T X.518 (revised) | ISO/IEC 9594-4, Information technology – Open System Interconnection – The Directory: Procedures for distributed operations

This Recommendation | International Standard specifies the procedures by which the distributed components of the Directory interwork in order to provide a consistent service to its users.

ITU-T X.519 (revised) | ISO/IEC 9594-5, Information technology – Open System Interconnection – The Directory: Protocol specifications

This Recommendation | International Standard specifies the Directory Access Protocol, the Directory System Protocol, the Directory Information Shadowing Protocol and the Directory Operational Binding Management Protocol fulfilling the abstract services specified in ITU-T Recs. X.501 | ISO/IEC 9594-2, X.511 | ISO/IEC 9594-3, X.518 | ISO/IEC 9594-4 and X.525 | ISO/IEC 9594-9.

ITU-T X.520 (revised) | ISO/IEC 9594-6, Information technology – Open System Interconnection – The Directory: Selected attribute types

This Recommendation | International Standard defines a number of attribute types and matching rules which may be found useful across a range of applications of the Directory. One particular use for many of the attributes defined is in the formation of names, particularly for the classes of object defined in ITU-T Rec. X.521 | ISO/IEC 9594-7.

ITU-T X.521 (revised) | ISO/IEC 9594-7, Information technology – Open System Interconnection – The Directory: Selected object classes

This Recommendation | International Standard defines a number of selected object classes and name forms which may be found useful across a range of applications of the Directory. An object class definition specifies the attribute types which are relevant to the objects of that class. A name form definition specifies the attributes to be used in forming names for the objects of a given class.

ITU-T X.525 (revised) | ISO/IEC 9594-9, Information technology – Open System Interconnection – The Directory: Replication

This Recommendation | International Standard specifies a shadow service which DSAs may use to replicate Directory information. The service allows Directory information to be replicated among DSAs to improve service to Directory users, and provides for the automatic updating of this information.

ITU-T X.530 (revised) | ISO/IEC 9594-10, Information technology – Open System Interconnection – The Directory: Use of systems management for administration of the Directory

This Recommendation | International Standard describes the requirements for Directory management, and analyses these requirements to identify those that may be realized by OSI Systems Management services (and protocols), those that are realized by Directory services (and protocols), and those that are realized by local means.

- 14 -

Working Party 2/17 –Telecommunication Security

Question 4/17 – Communications systems security project

Supplement 1 to X.800-X.849 series on security: Security baseline for network operators

This Supplement to X.800-X.849 series of Recommendations on security defines a security baseline against which network operators can assess their network and information security status in terms of readiness and ability to collaborate with other entities (operators, users and law enforcement authorities) to counteract information security threats. This Supplement can be used by network operators to provide meaningful criteria against which each network operator can be assessed if required.

Question 5/17 – Security Architecture and Framework

X.1031 (X.805+), Security architecture aspects of end users and networks in telecommunications

This Recommendation provides guidance for applying the concepts of the ITU-T Recommendation X.805 architecture to division of security controls between the telecommunication networks (including service provider’s and/or application provider’s networks) and the end user’s equipment. The Recommendation also defines the factors that must be taken into account in setting up or dividing the interaction of security controls belonging to the telecommunication network and the users. In addition, a classification of security controls for telecommunication is given.

X.1036 (X.spn), Framework for creation, storage, distribution, and enforcement of policies for network security

This Recommendation establishes a set of network security policies that will drive the security controls of a system or a service. It also specifies the framework for the creation, storage, distribution, and enforcement of policies for network security that can be applied to various network conditions and devices.

X.805nsa, Network security assessment/guidelines based on ITU-T Recommendation X.805

This Recommendation provides a framework for network security assessment/guidelines.

X.akm, Framework for EAP-based authentication and key management

This Recommendation establishes a framework for EAP-based authentication and key management for securing the link layer in an end-to-end data communication network. It also provides guidance on selection of the EAP methods. In addition, it provides the mechanism of the key management for the link layer of an end-to-end data communication network.

X.gisn, Guidelines for implementing system and network security

This Recommendation provides guidelines for implementing system and network security utilizing the concepts of the Recommendation X.805 and other security Recommendations and standards.

Question 6/17 – Cyber Security

X.1205, Overview of cybersecurity

This Recommendation provides a definition for cybersecurity. The Recommendation provides a taxonomy of security threats from an operator point of view. Cybersecurity vulnerabilities and threats are presented and discussed at various network layers.

Various cybersecurity technologies that are available to counter threats include: routers, firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure computing, audit and monitoring. Network protection principles such as defense in depth, access and identity

- 15 -

management with application to cybersecurity are discussed. Risk management strategies and techniques are discussed including the value of training and education in protecting the network. A discussion of cybersecurity standards, cybersecurity implementation issues and certification are presented.

X.1206 (X.vds), A vendor-neutral framework for automatic notification of security related information and dissemination of updates

This Recommendation provides a framework for automatic notification of security related information and dissemination of updates. The key point of the framework is that it is vendor-neutral. Once an Asset is registered, updates of vulnerability information, patches or updates can be automatically made available to the users or directly to applications.

X.1207 (X.sds), Guidelines for Internet service providers for addressing the risk of spyware and potentially unwanted software

This Recommendation provides guidelines for Telecommunication Service Providers (TSP) for addressing the risks of spyware and potentially unwanted software. The Recommendation promotes best practices around principles of clear notices, and user’s consents and controls for TSP web hosting services. The Recommendation develops and promotes best practices to users on Personal Computer (PC) security, including use of Anti-spyware, Anti-virus, Personal Firewall, and security updates software on client systems.

X. gopw, Guideline on preventing worm spreading in a data communication network

This Recommendation describes worm spreading patterns and scenarios in a data communication network.

X. idif, User control enhanced digital identity interchange frameworkThis Recommendation describes a User Control Enhanced Digital Identity Interchange Framework.

X.idmgap, Identity management use cases and gap analysis

This Recommendation defines Use Cases and provides a Gap Analysis on Identity Management.

X.idmint, Identity management framework for global interoperabilityThis Recommendation provides an Identity Management framework for global interoperability.

X.idmlex, Identity Management LexiconThis Recommendation contains definitions, term and specific terminology about Identity Management.

X.nsmf, Network security management framework

This Recommendation describes a network security management framework (NSMF) functional architecture, asset management function and related interface of NSMF.

X.rfpg, Privacy guideline for RFID

This Recommendation recognizes that as RFID greatly facilitates the access and dispersion of information pertaining specifically to the merchandise that individuals wear and/or carry; it creates an opportunity for the same information to be abused for tracking an individual's location or invading their privacy in a malfeasant manner. For this reason the Recommendation develops guidelines and best practices regarding RFID procedures that can be used by service providers to gain the benefits of RFID while attempting to protect the privacy rights of the general public within national policies.

X. soaf, Service Oriented Architecture framework

- 16 -

This Recommendation specifies a Service Oriented Architecture framework.

X. soas, Service Oriented Architecture security

This Recommendation describes Service Oriented Architecture security.

X.sisfreq, Requirements for security information sharing framework

This Recommendation provides requirements for a framework for the sharing of security information regarding the identification of threats, attacks, intrusions and other malicious behaviour. This framework will allow previously independent acting entities to participate in various coordinated efforts such as the prevention or halting of targeted behaviour or the coordination of analysis and determination efforts.

Question 7/17 – Security Management

ITU-T X.1051 (revised) | ISO/IEC 27011, Information technology - Information security management guidelines for telecommunications based on ISO/IEC 27002

This Recommendation | International Standard establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in telecommunications based on ISO/IEC 27002. The objectives outlined in this Recommendation | International Standard provide general guidance on the commonly accepted goals of information security management for telecommunications.

This Recommendation | International Standard may serve as a practical guideline for developing telecommunication security standards and effective security management practices and to help build confidence in inter-telecommunication activities.

X.rmg, Risk management guidelines for telecommunications

This Recommendation describes and recommends techniques for information security risk management for telecommunications to support the ITU-T Recommendation X.1051, Information security management guideline for telecommunications based on ISO/IEC 27002. These techniques can be used to assess security requirements and risks identified in telecommunications, and help to establish and maintain the appropriate security controls, i.e. the correct information security level. There are many specific methodologies that have been developed to address the requirements for risk management. This Recommendation provides the criteria for assessing and selecting appropriate methodologies for a telecommunication organization. However, this does not aim to propose a specific risk management methodology for telecommunications. In addition this Recommendation provides several risk profiles both in terms of ITU-T X.1051 | ISO/IEC 27011 management areas as well as telecom specific services areas.

X.sim, Security incident management guidelines for telecommunications

This Recommendation provides an overview of information security incident management for telecommunications. It provides an introduction to the topic and outlines the benefits and key issues associated with it. Clear steps pertaining to planning and documenting an information security incident management policy and scheme are detailed along with the associated processes and procedures for managing security incidents, and conducting post-incident resolution activities.

Question 8/17 - Telebiometrics

ITU-T X.1083 (X.bip) | ISO/IEC 24708, Information technology - BioAPI interworking protocol

This Recommendation | International Standard, the BioAPI Interworking Protocol (BIP), specifies the syntax, semantics, and encodings of a set of messages ("BIP messages") that enable a BioAPI-conforming application to request biometric operations in BioAPI-conforming biometric service

- 17 -

providers (BSPs) across node or process boundaries, and to be notified of events originating in those remote BSPs. It also specifies extensions to the architecture and behaviour of the BioAPI framework (specified in ISO/IEC 19784-1) that support the creation, processing, sending, and reception of BIP messages.

X.1082 (X.physiol), Telebiometrics related to human physiology

This Recommendation uses the framework defined in ITU-T Recommendation X.1081, The telebiometric multimodal model – A framework for the specification of security and safety aspects of telebiometrics, for optimal safety and security in telebiometrics. It gives names and symbols for quantities and units concerned with emissions from the human body that can be detected by a sensor, and with effects on the human body produced by the telebiometric devices in its environment. It is applicable to both physiology and biometrics (the measurement of physiological, biological, and behavioral characteristics). A taxonomy of wetware and hardware/software interactions is defined. Thresholds using the set of International System of Quantities (ISQ) and the related International System of Units (SI) are specified.

X.tai, Telebiometrics authentication infrastructure

This Recommendation defines a framework for biometric certificates to extend X.509 by employing biometrics technology. The Telebiometrics Authentication Infrastructure (TAI) can be used in biometrics identity authentication applications with or without Public Key Infrastructures (PKI) and/or Privilege Management Infrastructure (PMI) systems. With Biometric Extension fields, public-key certificates and attribute certificates can be used with biometrics certificates. Security levels of an application system with respect to both biometric processes and devices are also considered. While this framework can be used by other standard bodies to profile their applications with TAI, the detailed biometric process functions which support TAI are out of the scope of this Recommendation.

X.tdk, Telebiometrics digital key framework (TDK)

This Recommendation provides biometric digital key generation, protection, and extraction models and mechanisms using the biometric template from the biometric certificate in order to provide cryptographic secure authentication and secure communication in open network. It also defines biometric digital key generation and protection/extraction frameworks with cryptographic mechanisms. This Recommendation further defines on the security requirements in biometric digital key mechanisms for simplified authentication and secure communication.

X.tpp-1, A guideline of technical and managerial countermeasures for biometric data security

This Recommendation defines weaknesses and threats in operating telebiometric systems and provides a general guideline of security countermeasures from both technical and managerial perspectives. From the technical point of view, countermeasures are identified to ensure the integrity, mutual authentication, and confidentiality of the transmitted data and also to protect the data capture, feature extraction, enrollment, transmission and storage of the biometric information. From the managerial perspective, measures are described that provide protection of biometric devices as related to their installation, removal, and delivery, and operational procedures, roles and responsibilities of the personnel involved in the system are also defined.

X.tpp-2, A Guideline for secure and efficient transmission of multibiometric data

This Recommendation provides the procedures and methods for the security of the tele-multibiometric system. It adopts the general concepts of multibiometrics in ISO/IEC 24722, mainly regarding four kinds of multibiometrics such as sample-level fusion, feature-level fusion, score-level fusion, and decision level fusion multibiometrics. This Recommendation defines vulnerable points in all kinds of multibiometrics, and the threats on them. Then, it provides countermeasures against the threats on newly introduced vulnerable points. Also user-customized data transmission,

- 18 -

which is one countermeasure for multibiometric data protection, is provided for some indispensable applications where not all biometric measurements are available.

X.tsm-1, Telebiometrics system mechanism - General biometric authentication protocol and profile on telecommunication system

The biometric technologies are developed various products and populated in application systems such as the border control, the physical access control, etc, for identity verification. These technologies are expected to be applied to open network systems for reliable user authentication. However, open network systems need to manage risks in biometric products and system configurations for secure remote services. This Recommendation specifies the biometric authentication protocols and profiles for telecommunication systems in the open network.

X.tsm-2, Telebiometrics system mechanism - Protection profile for client terminals

This Recommendation defines the requirements on client terminals for biometric authentication over the open network, based on the models defined in Recommendation X.tsm-1. System mechanisms and security profile of the client side are specified based on Common Criteria: ISO/IEC 15408, Evaluation criteria for IT security such as protection profile.

Question 9/17 – Secure Communications Services

X.1112 (X.homesec-2), Device certificate profile for the home network

This Recommendation proposes a certificate profile for authenticating the device in the home network. It also describes how authentication works between devices in the home network with a secure home gateway. In addition, this Recommendation describes the certificate profile standard for home network devices using Recommendation X.509 as the basic reference for the device certificate profile. Finally, this Recommendation describes the certificate management procedures for the home device certificate in the home network.

X.1113 (X.homesec-3), Guideline on user authentication mechanisms for home network service

Some environments necessitate the authentication of the human user rather than a process or a device. In authenticating human users, the authentication system requires human users to prove their uniqueness. Such uniqueness is generally based on various authentication means like something known, something possessed or some immutable characteristics for each human user.

This Recommendation provides a guideline on user authentication mechanism for the home network services. It also considers various security issues according to Recommendation X.1111, which specifies the framework of security technologies for home network. Finally, the security assurance level and authentication model are defined according to authentication service scenarios.

X.1123 (X.msec-3), Differentiated security service for secure mobile end-to-end data communication

This Recommendation describes differentiated security service for secure mobile communication. The investigation of differentiated security service is important for both service providers and users. The service providers can use the differentiated security service to overcome rigorous circumstance of wireless access network and satisfy various users and service with different levels of security. The differentiated security service is realized by security policy with three layers. One layer is super security policy used as value added service that safeguards mobile communication with sensitive information. The second layer is baseline security policy used as prevalent service that satisfies mobile communication without sensitive information. The last layer is no security policy defined as the policy under which no security function is configured during communication.

X.1124 (X.msec-4), Authentication architecture in mobile end-to-end data communication

- 19 -

This Recommendation describes a service layer authentication architecture for mobile end-to-end data communications between mobile users and various service providers in the network. The generic negotiation mechanisms and authentication procedures specified in this Recommendation support both those entities that have miscellaneous authentication capabilities and to those entities that have differentiated security requirements. The authentication addressed in this Recommendation is used for service providers and requesters and is independent of network access authentication of the mobile users.

X.1125 (X.crs), Correlative reacting system in mobile network

In a mobile network environment, while core networks are able to manage security threats, mobile stations (MS) that access the mobile network have little defence capability due to limited hardware resources. Compromised mobile stations can themselves easily become virus agents and threaten the entire network. The Correlative Reacting System (CRS) defined in this Recommendation aims to protect mobile networks against the threats of the insecure terminals that do not conform to the security policy of the network, such as the terminals that have been compromised.

X.1143 (X.websec-3), Security architecture for message security in mobile web services

This Recommendation describes the security architecture and scenarios for message security in mobile Web Services.

Security services for messages are the most fundamental security requirements for mobile Web Services. Although the components for message security such as WS-Security have been standardized, standard architecture and service scenarios for providing message security for mobile Web Services have yet to be defined. Since Simple Object Access Protocol (SOAP) messages use Hypertext Transport Protocol (HTTP) ports, they cannot be filtered by firewalls; hence there is a need to provide a message filtering mechanism based on the message contents in the architecture for secure mobile Web Services as well as to integrate security policy mechanism suitable for mobile Web Services message security and the message filtering mechanism into the architecture. Since many mobile terminals do not have sufficient processing power to support the Web Services protocol stack fully, and many backend application servers are not based on Web Services, interworking mechanisms and scenarios between mobile Web Services and legacy non-Web Services applications should be provided.

This Recommendation seeks to establish a guideline for security architecture and security service scenarios for message security in mobile Web Services satisfying the above mentioned requirements.

X.1151 (X.sap-1), Guideline on secure password-based authentication protocol with key exchange

A secure password-based authentication protocol with key exchange is a kind of authentication protocol with authenticated key exchange using a human-memorable password. It is very simple and easy to implement as well as easy to use; no need for other infrastructure, e.g., PKI. A secure password-based authentication protocol with key exchange (SPAK) becomes very important, since a variety of usage cases in many applications will emerge in the near future. In addition, SPAK provides both user authentication and strong key exchange with weak password, .i.e., the subsequent communication session can be protected by a shared secret during the authentication procedure.

This Recommendation is intended to identify a set of requirements for password-based authentication protocols and define the guideline for selecting most suitable password authentication protocol by presenting the criteria for choosing an optimum SPAK protocol for applications. SPAK can also be used in a wide variety of applications wherein pre-shared secrets based on the weak password exist.

X.homesec-4, Authorization framework for home network

- 20 -

This Recommendation describes security threats and authorization requirements for home network, specifies authorization models, entities, and relationships between entities. In addition, it describes authorization mechanisms, protocols and authorization scenarios for home network.

X.mcsec-1, Security requirements and framework in multicast communication

This Recommendation investigates threat analysis for multicast communication services and describes security requirements and framework for secure multicast communication services. In addition, this Recommendation develops secure multicast services including group management, reliable multicast data transmission, and so forth.

X.nidsec-1, Privacy protection framework for networked RFID services

Widespread deployment of radio frequency identification (RFID) tags may cause privacy infringement worries to an ordinary person because of the abilities of RFID technology such as automated collection and processing of the RFID data from the RFID-enabled products, and possible disclosure of those data to the public. Especially, in networked RFID services based on personalized tag such as after-sale service for RFID-enabled products, healthcare-related service using RFID, etc., the privacy issue is more serious problem. This Recommendation describes privacy infringements for networked RFID service environment and requirements for privacy protection, and develops privacy protection services based on a user privacy policy profile.

X.p2p-1, Security requirements for peer-to-peer communications

Although many new applications which are based on peer-to-peer (P2P) technology have been developed, these communications have several problems from the viewpoint of security. This Recommendation investigates threat analysis for P2P communication services and describes security requirements for secure P2P communication services.

This Recommendation is aligned with Recommendation X.p2p-2.

X.p2p-2, Security architecture for peer-to-peer network

This Recommendation defines the general architectures of peer-to-peer communications. For the secure peer-to-peer communication, this involves the authentication/authorization, key generation/distribution, and peer-trusting frameworks for the peer-to-peer group communication. In addition, this Recommendation identifies functionalities and interfaces between components in the architecture for secure peer-to-peer communication services. The objective of this Recommendation is to serve as a foundation for developing detailed architecture for peer-to-peer security.

This Recommendation is aligned with Recommendation X.p2p-1.

X.sap-2, Secure end-to-end data communication techniques using TTP services

This Recommendation defines basic interfaces, basic interactions and security considerations for the secure end-to-end data communication using on-line TTP (trusted third party) services. This Recommendation also identifies which on-line TTP services can be used to support the secure end-to-end data communication between two applications.

X.usnsec-1 Security Framework for Ubiquitous Sensor Network

This Recommendation describes security threats and security requirements to the Ubiquitous Sensor Network. In addition, this Recommendation categorizes security technologies by security functions that satisfy above security requirements and by the place to which the security technologies are applied in the security model of the Ubiquitous Sensor Network. Finally, the security function requirements for each entity in the network and possible implementation layer for security function are presented.

Question 17/17 – Countering Spam by Technical Means

X.csreq, Requirement on countering spam

- 21 -

Requirements on countering spam are clarified in this Recommendation. There are many types of spam, such as email spam, mobile messaging spam and IP multimedia spam. Various types of spam may have both common and specific requirements on countering it. For one type of spam, the requirement in different entities should also be clarified.

X.fcs, Technical framework for countering email spam

This Recommendation specifies the technical framework for network structure for countering spam. Functions inside the framework are defined. It also provides universal rules of distinguishing spam from other emails and the common methods of countering email spam.

X.fcsip, Framework of countering IP multimedia spam

This Recommendation will specify general architecture of countering spam system on IP multimedia applications such as IP telephony, instant messaging, multimedia conference, etc. It will provide functional blocks of necessary network entities to counter spam and their functionalities, and describe interfaces among the entities. To build secure session against spam attack, user terminals and edge service entities such as proxy server or application servers will be extended to have spam control functions. Shown are interfaces between these extended peer entities, and interfaces with other network entities which can involve for countering spam.

X.gcs, Guideline on countering email spam

This Recommendation specifies basic concepts, characteristics, effects, and technical issues of email spam. It also provides the current technical solutions and related activities from various standard development organizations and relevant organizations on countering email spam. It provides guideline and information to the users who want to develop technical solutions on countering email spam and it will be used as a basis for further development of technical Recommendations on countering email spam.

X.ocsip, Overview of countering spam for IP multimedia applications

This Recommendation specifies basic concepts, characteristics, and effects of spam in IP multimedia applications such as IP telephony, instant messaging, multimedia conference, etc. It provides technical issues, requirements for technical solutions, and applicability of countering mechanism of email spam into IP multimedia spam. It provides basis and guideline for developing further technical solutions on countering spam.

X.tcs, Technical means for countering spam

Communication network is evolving, more services are emerging, and capability of spammers is stronger. Moreover, no single technical means has perfect performances on countering spam currently. It may be necessary to propose new technical countermeasures.

X.tcs-1, Interactive countering spam gateway system

This Recommendation specifies interactive countering spam gateway system as a technical mean for countering various types of spam. The gateway system enables spam notification from receiver’s gateway to sender’s gateway, prevents spam traffic from going across the network. This Recommendation defines architecture for the countering spam gateway system, describes basic entities, protocols and functions, provided mechanisms for spam detection, countering spam information sharing, and countering spam actions of the gateway systems.

X.ssf, SMS spam filtering system based on users’ rules

This Recommendation describes SMS spam filtering system based on users’ rules. It includes structure of system, interfaces between different elements, basic functions of system, and service management.

- 22 -

Working Party 3/17 – Languages and Telecommunication Software

Question 10/17 – Abstract Syntax Notation One (ASN.1) and other Data Languages

ITU-T X.660 (revised) | ISO/IEC 9834-1, Information technology - Procedures for the operation of OSI registration authorities: general procedures and top arcs of the ASN.1 object identifier tree

This Recommendation | International Standard defines a generic registration-hierarchical-name tree (RH-name tree) and the specific form of this called an ASN.1 Object Identifier (OID) tree, including registration of the top arcs of the ASN.1 object identifier tree. It specifies procedures that are referenced by other parts of the ITU-T Rec. X.660 series | ISO/IEC 9834 multi-part standard for the operation of international registration authorities.

This revision includes provisions for the support of internationalized object identifiers.

Amd.1 to ITU-T X.662 | ISO/IEC 9834-3, Internationalized object identifiers

This amendment includes provisions for the support of internationalized object identifiers.





ITU-T X.668 (X.RA-nid) | ISO/IEC 9834-x, Information technology - Procedures for the operation of OSI registration authorities: Registration of object identifier arcs for ID-based applications

In ID-based applications and services, it is necessary to minimize the length of the OID encoding. This Recommendation | International Standard provides for the registration of OID arcs which enable coding schemes for ID-based applications and services to be identified with an OID that encodes in two bytes. This Recommendation | International Standard specifies the information to be provided when registering a new OID for coding schemes for ID-based applications and services, and the procedures for the operation of the Registration Authority.

Amd.1 to ITU-T X.669, Internationalized object identifiers


ITU-T X.680 (revised) | ISO/IEC 8824-1, Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation

This Recommendation | International Standard provides a notation called Abstract Syntax Notation One (ASN.1) for defining the syntax of information data. It defines a number of simple data types and specifies a notation for referencing these types and for specifying values of these types.

The ASN.1 notations can be applied whenever it is necessary to define the abstract syntax of information without constraining in any way how the information is encoded for transmission.

ITU-T X.681 (revised) | ISO/IEC 8824-2, Information technology – Abstract Syntax Notation One (ASN.1): Information object specification

This Recommendation | International Standard provides the ASN.1 notation which allows information object classes as well as individual information objects and sets thereof to be defined and given reference names. An information object class defines the form of a conceptual table (an information object set) with one column for each field in the information object class, and with each complete row defining an information object.

- 23 -

ITU-T X.682 (revised) | ISO/IEC 8824-3, Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification

This Recommendation | International Standard provides the ASN.1 notation for the general case of constraint and exception specification by which the data values of a structured data type can be limited. The notation also provides for signalling if and when a constraint is violated.

ITU-T X.683 (revised) | ISO/IEC 8824-4, Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications

This Recommendation | International Standard defines the provisions for parameterized reference names and parameterized assignments for data types which are useful for the designer when writing specifications where some aspects are left undefined at certain stages of the development to be filled in at a later stage to produce a complete definition of an abstract syntax.

ITU-T X.690 (revised) | ISO/IEC 8825-1, Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)

This Recommendation | International Standard defines a set of Basic Encoding Rules (BER) that may be applied to values of types defined using the ASN.1 notation. Application of these encoding rules produces a transfer syntax for such values. It is implicit in the specification of these encoding rules that they are also used for decoding. This Recommendation | International Standard defines also a set of Distinguished Encoding Rules (DER) and a set of Canonical Encoding Rules (CER) both of which provide constraints on the Basic Encoding Rules (BER). The key difference between them is that DER uses the definite length form of encoding while CER uses the indefinite length form. DER is more suitable for the small encoded values, while CER is more suitable for the large ones. It is implicit in the specification of these encoding rules that they are also used for decoding.

ITU-T X.691 (revised)| ISO/IEC 8825-2, Information technology – ASN.1 encoding rules: Specification of Packed Encoding Rules (PER)

This Recommendation | International Standard describes a set of encoding rules that can be applied to values of all ASN.1 types to achieve a much more compact representation than that achieved by the Basic Encoding Rules and its derivatives (described in ITU-T X.690 | ISO/IEC 8825-1).

ITU-T X.692 (revised) | ISO/IEC 8825-3, Information technology – ASN.1 encoding rules: Specification of Encoding Control Notation (ECN)

This Recommendation | International Standard defines the Encoding Control Notation (ECN) used to specify encodings (of ASN.1 types) that differ from those provided by standardized encoding rules such as the Basic Encoding Rules (BER) and the Packed Encoding Rules (PER).

ITU-T X.693 (revised) | ISO/IEC 8825-4, Information technology – ASN.1 encoding rules: XML Encoding Rules (XER)

This Recommendation | International Standard specifies rules for encoding values of ASN.1 types using the Extensible Markup Language (XML).

ITU-T X.694 (revised) | ISO/IEC 8825-5, Information technology – ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1

This Recommendation | International Standard defines rules for mapping an XSD Schema (a schema conforming to the W3C XML Schema specification) to an ASN.1 schema in order to use ASN.1 encoding rules such as the Basic Encoding Rules (BER), the Distinguished Encoding Rules (DER), the Packed Encoding Rules (PER) or the XML Encoding Rules (XER) for the transfer of information defined by the XSD Schema.

- 24 -

The use of this Recommendation | International Standard with the ASN.1 Extended XML Encoding Rules (EXTENDED-XER) provides the same XML representation of values as that defined by the original XSD Schema.

Question 11/17 – Specification and Implementation Languages

Z.100 (revised 2007), Specification and Description Language

This Recommendation is a final edition of the main part of the Specification and Description Language version called SDL-2000, which includes maintenance changes previously only documented in the Z.100 series Implementers' Guide. As well as being the final edition of SDL-2000, Z.100 (2007) also provides a firm basis for adding the new features and revised Recommendation structure of SDL-2008.

Z.100 (revised 2008), Specification and Description Language: Overview of SDL-2008

This Recommendation gives an overview and common material (such as conventions) for the Specification and Description Language as redefined in the ITU-T 2005-2008 period and called SDL-2008. SDL-2008 is further defined in Z.101 to Z.106. Z.100 (2007) for SDL-2000 is distributed over Z.100, Z.101, Z.102, Z.103 and Z.104; Z.105 (07/03), Z.106 (08/02) and Z.109 (06/07) are revised; Z.107 (11/99) is withdrawn. The Specification and Description Language has concepts for behavior, data description and (particularly for larger systems) structuring. The basis of behavior description is extended finite state machines communicating by messages. Data description is based on data types for values and objects. The basis for structuring is hierarchical decomposition and type hierarchies. A distinctive feature is the graphical representation. SDL-2008 is backwards compatible with uses of the SDL-92 (amended in 1996) and SDL-2000. Z.100 (2007) was issued to include the maintenance changes documented in the Z.100 series Implementers' Guide, and create a final edition of SDL-2000 on which SDL-2008 could be firmly based, whereas the Z.100 series for SDL-2008 adds significant new features and results from the study undertaken during the 2005-2008 period. SDL-2008 complements rather than changes the agreement reached on the approval of SDL-2000.

Z.101, Specification and Description Language: Basic SDL-2008

This Recommendation contains a part of the revised Specification and Description Language Recommendations for SDL-2008, and covers core features such as agent (block, process) type diagrams, agent diagrams for structures with channels, diagrams for extended finite state machines and the associated semantics for these basic features.

Z.102, Specification and Description Language: Comprehensive SDL-2008

This Recommendation contains a part of the revised Specification and Description Language Recommendations for SDL-2008, and extends the semantics and syntax of the Basic language to cover full abstract grammar and the corresponding canonical concrete notation. This includes features such as continuous signals, enabling conditions, type inheritance, and composite states.

Z.103, Specification and Description Language: Shorthand notation and annotation in SDL-2008

This Recommendation contains a part of the revised Specification and Description Language Recommendations for SDL-2008, that adds notation shorthand (such as asterisk state) that make the language easier to use and more concise, and various annotations that make models easier to understand (such as comments or create lines), but do not add to the formal semantics of the models. The shorthand notations are transformed from the concrete syntax of Z.103 to concrete syntax that is allowed by Z.102 or Z.101.

Z.104 (revised), Specification and Description Language: Data and action language in SDL-2008

- 25 -

This Recommendation contains a part of the revised Specification and Description Language Recommendations for SDL-2008 that adds the data and action language used to define data types and expressions. In SDL-2008 it is allowed to use different concrete data notations, such as the SDL-2000 data notation or C with bindings to the abstract grammar and the Predefined data package.

Z.105 (revised), Specification and Description Language: SDL-2008 combined with ASN.1 modules

This Recommendation is revised to be consistent with the rest of the Z.100 series for SDL-2008, because it references the syntax and semantics of the language in other Recommendations in the series. There are some refinements of this Recommendation based on its use and usefulness, and changes to ASN.1.

Z.106 (revised), Specification and Description Language: Common interchange format (CIF) for SDL-2008

This Recommendation is revised to be consistent with the rest of the Z.100 series for SDL-2008. The CIF is intended for the interchange of graphical SDL specifications (SDL-GR) made on different tools that do not use the same storage format.

Question 12/17 – Requirements languages

Z.151, Languages for telecommunications applications – GRL: Goal-oriented requirement language

This Recommendation defines the Goal-oriented Requirement Language (GRL), a graphical notation intended for modeling and analyzing user requirements and quality attributes in the form of goals. GRL captures goals, objectives, alternatives and rationales, hence enabling argumentation and decision support. GRL is used to express, clarify and evaluate incomplete, tentative requirements (especially non-functional ones). GRL is meant to be used standalone or in combination with other languages from the User Requirements Notation (URN) family.

Z.152, Languages for telecommunications applications – UCM: Use case maps notation

This Recommendation defines the Use Case Maps (UCM) graphical notation, intended for modeling and analyzing user requirements in the form of causal scenarios. UCM captures causal sequences of responsibilities, which can be allocated to domain and system components. UCM is used to capture, combine, analyze and transform operational and functional requirements. It can be used to describe dynamic systems and to evaluate architectural alternatives based on early performance analysis.

Z.153, URN: Methodological approach

This Recommendation describes how best to combine GRL and UCM for modeling and analyzing requirements. It also considers links to other ITU-T languages (MSC, SDL, TTCN-3, and UML), especially in the form of transformations. This work provides basic building blocks enabling requirements-driven design and validation based on URN models.

Question 13/17 – System Design Languages Framework and Unified Modeling Language

X.689, ASN.1 combined with UML2.0

This Recommendation defines a UML profile that maps UML2.0 data descriptions to ASN.1 so that UML can be used in combination with ASN.1.

This Recommendation presents a definition of the UML2.0-to-ASN.1 mapping for use in the combination of ASN.1 and UML.

Z.109 (revised), Specification and Description Language: SDL-2008 combined with UML

- 26 -

This Recommendation is revised to be consistent with the rest of the Z.100 series for SDL-2008, because it references the abstract grammar of the language and paragraphs for transformation models in other Recommendations in the series.

Z.110 (revised), Criteria for use of formal description techniques by ITU-T

In view of the complexity and widespread use of Recommendations, it is imperative that adequate and appropriate description techniques and languages be used to ensure the required quality levels of Recommendations.

The purpose of this Recommendation is to guide the use of Description Techniques to ensure the quality of ITU-T Recommendations. Where special requirements for verification and validation exist, Formal Description Techniques (FDTs) should be used.

The effective use of FDTs requires phased procedures to introduce their use. This Recommendation states the procedures to accomplish this task.

Effective use of FDTs implies the use of state-of-the-art tools.

Z.111, Notations to define ITU-T languages

This Recommendation provides meta-grammars for ITU-T Recommendations that define ITU-T languages in the X.680-series and the Z-series Recommendations on languages for Specification, Implementation, Modeling and Testing. This allows the description of these meta-grammars that define the abstract or concrete grammar (syntax, constraints and semantics) of languages without having to repeat the meta-grammar (such as lexical naming rules, or the description of Backus-Naur Form syntax) as a preamble or annex to each language definition.

The Recommendation draws common elements from the meta-grammars of variously languages, covering issues such as common lexical rules, the use of multi-lingual character sets, and syntax and constraint description for languages at both the abstract and concrete level.

Z.uml-msc, UML profile for MSC

This Recommendation defines a UML profile that maps UML2.0 to Message Sequence Chart (MSC - Z.120) semantics so that UML can be used in combination with MSC. This combined use permits a coherent way to describe message-oriented scenarios for telecommunication systems. This work will enable one to use UML2.0 tools and construct models (e.g. interaction diagrams) that will have the semantics of MSC.

Z.uml-eodl, UML profile for eODL

This Recommendation defines a UML profile that maps UML2.0 to eODL semantics so that UML can be used in combination with eODL.

This Recommendation presents a definition of the UML2.0 to eODL mapping for use in the combination of eODL and UML.

The main area of application of this Recommendation is the specification of telecommunication systems. The combined use of eODL and UML2.0 permits a coherent way to specify the components, artefacts, and deployment of telecommunication systems.

This Recommendation is the reference manual describing the UML2.0 to eODL mapping for use in the combination of eODL and UML2.0. It is limited to eODL concepts that are not imported from the CORBA IDL OMG Recommendation. For IDL concepts IDL to UML2.0 mappings already exist in form of OMG Recommendations.

Z.uml-ttcn, UML profile for TTCN

This Recommendation defines a UML profile that maps UML2.0 data descriptions to TTCN so that UML can be used in combination with TTCN.

- 27 -

This Recommendation presents a definition of the UML2.0-to-TTCN mapping for use in the combination of TTCN and UML.

Z.uml-urn, UML profile for URN

This Recommendation defines a UML profile that maps UML2.0 to URN semantics (i.e., GRL combined with UCM) so that UML can be used in combination with GRL and/or UCM. This combined use permits a coherent way to describe goal models and causal scenarios for telecommunication systems, complemented with other UML concepts and diagrams. This work enables one to use UML2.0 tools and construct UML models that will have the semantics of URN.

Question 14/17 – Testing languages, Methodologies and Framework

Z.161 (Z.140 revised), Testing and Test Control Notation version 3 (TTCN-3): Core Language

This Recommendation defines TTCN-3 (Testing and Test Control Notation 3) intended for specification of test suites that are independent of platforms, test methods, protocol layers and protocols. TTCN-3 can be used for specification of all types of reactive system tests over a variety of communication ports. Typical areas of application are protocol testing (including mobile and Internet protocols), service testing (including supplementary services), module testing, testing of CORBA-based platforms and APIs. The specification of test suites for physical layer protocols is outside the scope of this Recommendation.

Z.162 (Z.141 revised), Testing and Test Control Notation version 3 (TTCN-3): Tabular presentation Format (TFT)

This Recommendation defines TFT, the Tabular Format for TTCN-3. TFT is the tabular presentation format for TTCN-3 (Testing and Test Control Notation 3) Core Language defined in Recommendation Z.161. It is similar in appearance and functionality to TTCN-2 defined in Recommendation X.292 for conformance testing. The tabular format provides an alternative way of displaying the core language as well as emphasizing those aspects that are particular to the requirements of a standardized conformance test suite.

Z.163 (Z.142 revised), Testing and Test Control Notation version 3 (TTCN-3): Graphical presentation Format (GFT)

This Recommendation defines GFT, a graphical presentation format for TTCN-3 (Testing and Test Control Notation 3) Core Language defined in Recommendation Z.161. GFT is used for the graphical presentation of test behaviour in form of a subset of Message Sequence Charts as defined in Recommendation Z.120 with test specific extensions. GFT provides a number of graphical symbols to enable the graphical presentation of TTCN-3 test cases, functions, altsteps and control parts. GFT can be applied whenever it is necessary to define or document test behaviour graphically.

Z.164 (Z.143 revised), Testing and Test Control Notation version 3 (TTCN-3): Operational Semantics

This Recommendation defines the operational semantics of TTCN-3 (Testing and Test Control Notation 3). The Recommendation is based on the TTCN-3 core language defined in Recommendation Z.161.

Z.165 (Z.144 revised), Testing and Test Control Notation version 3 (TTCN-3): Runtime Interface (TRI)

This Recommendation provides the specification of the runtime interface for TTCN-3 (Testing and Test Control Notation 3) test system implementations. The TTCN-3 Runtime Interface provides the recommended adaptation for timing and communication of a test system to a particular processing platform and the system under test, respectively. This Recommendation defines the interface as a set of operations independent of target language.

- 28 -

Z.166 (Z.145 revised), Testing and Test Control Notation version 3 (TTCN-3): Control Interface (TCI)

This Recommendation specifies the control interfaces for TTCN-3 (Testing and Test Control Notation 3) test system implementations. The TTCN-3 Control Interfaces provides the recommended adaptation for management, test component handling and encoding/decoding of a test system to a particular test platform. This Recommendation defines the interfaces as a set of operations independent of a target language.

Z.167 (Z.146 revised), Testing and Test Control Notation version 3 (TTCN-3): Using ASN.1 with TTCN-3

This Recommendation defines the way of using ASN.1 as defined in Recommendations X.680, X.681, X.682 and X.683 with TTCN-3 (Testing and Test Control Notation 3) as defined in Recommendation Z.161.

Z.168, Testing and Test Control Notation version 3 (TTCN-3): The IDL to TTCN-3 Mapping

This Recommendation defines the mapping rules for CORBA IDL to TTCN-3 (as defined in Recommendation Z.161) to enable testing of CORBA-based systems. The principles of mapping CORBA IDL to TTCN-3 can be also used for the mapping of interface specification languages of other object-/component-based technologies.

Z.169, Testing and Test Control Notation version 3 (TTCN-3): TTCN-3 and the Use of XML

This Recommendation defines the mapping rules for W3C Schema to TTCN-3 (as defined in Recommendation Z.161) to enable testing of XML-based systems, interfaces and protocols.

Z.170, Testing and Test Control Notation version 3 (TTCN-3): Documentation Comment Specification

This Recommendation defines a documentation of TTCN-3 source code using special documentation comments. The source code documentation can then be produced automatically from the TTCN-3 Core Language, e.g. in the form of hypertext web pages.

Z.171, Testing and Test Control Notation version 3 (TTCN-3): TTCN-3 and the Use of C/C++

This Recommendation defines mapping rules to convert C/C++ source files to TTCN-3 modules.

Supplement 1 to X.290-series (Z.itfm), Generic approach to interoperability testing

This Supplement defines the relevant principles, methodology and architectures to serve as a foundation for interoperability testing and the development of interoperability test suites.

Supplement 2 to X.290-series (Z.itfm), Interoperability testing framework and methodology

This Supplement defines a generic framework and methodology for interoperability testing of systems.

Question 15/17 – Open Distributed Processing (ODP)

ITU-T X.901 (revised) | ISO/IEC 10746-1, Information technology – Open Distributed Processing - Reference model: Overview

This Recommendation | International Standard is an integral part of the ODP Reference Model. It contains a motivational overview of Open Distributed Processing (ODP), giving scoping, justification and explanation of key concepts, and an outline of the ODP architecture. It contains explanatory material on how this Reference Model is to be interpreted and applied by its users, who may include standards writers and architects of ODP systems. It also contains a categorization of required areas of standardization expressed in terms of the reference points for conformance identified in ITU-T X.903 | ISO/IEC10746-3.

- 29 -

ITU-T X.902 (revised) | ISO/IEC 10746-2, Information technology – Open Distributed Processing - Reference model: Foundation

This Recommendation | International Standard contains the definition of the concepts and analytical framework for normalized description of (arbitrary) distributed processing systems. It introduces the principles of conformance to ODP standards and the way in which they are applied. This is only to a level of detail sufficient to support ITU-T X.903 | ISO/IEC 10746-3 and to establish requirements for new specification techniques.

The Recommendation | International Standard revises descriptions of role, action, policy, component, and additional definitions such as refinement of interaction, relationship between specification and instantiation, and human-system interaction. Additionally, multi-provider business, services and causalities are revisited.

ITU-T X.903 (revised) | ISO/IEC 10746-3, Information technology – Open Distributed Processing - Reference model: Architecture

This Recommendation | International Standard contains the specification of the required characteristics that qualify distributed processing systems as open. These are the constraints to which ODP standards must comply. It uses the descriptive techniques from ITU-T X.902 | ISO/IEC 10746-2.

The Recommendation | International Standard revises descriptions of community, channel rules, and provide alignments with ITU-T X.902 | ISO/IEC 10746-2 on the number of parameters, flows and use of signals, relationship between the computational and engineering viewpoints, the nature of the technology viewpoint, and infrastructure. Additionally, interaction rules and signatures of action templates are revisited.

ITU-T X.904 (revised) | ISO/IEC 10746-4, Information technology – Open Distributed Processing - Reference model: Architecture semantics

This Recommendation | International Standard is an integral part of the ODP Reference Model. It contains a formalisation of the ODP modelling concepts defined in ITU-T Rec. X.902 | ISO/IEC 10746-2, clauses 8 and 9. The formalisation is achieved by interpreting each concept in terms of the constructs of the different standardised formal description techniques.

ITU-T X.906 | ISO/IEC 19793, Information technology – Open Distributed Processing - Use of UML for ODP system specifications

This Recommendation | International Standard defines use of the Unified Modelling Language (UML 2.1.1) for expressing the specifications of open distributed systems in terms of the viewpoint specifications defined by the Reference Model of Open Distributed Processing (RM-ODP). It defines a set of UML Profiles for the expression of such specifications, and an approach for structuring them according to the RM-ODP principles. The purpose of this Recommendation | International Standard is to allow developers to use the UML profiles to write ODP specifications, and to allow UML tools to be used to process viewpoint specifications, thus facilitating the software design process. An Annex provides examples of use of the UML profiles.

_____________________

draft summaries for recommendations under development or

Documents

andersen isoiec

technical corrigendum

andersen td

kim td

park td

etroukhin td

kang td

youn td