ITU-T Identity Management Update

leathermumpsimusSoftware and s/w Development

Dec 13, 2013 (3 years and 8 months ago)

91 views

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

ITU
-
T Identity Management
Update

Bilel Jamoussi, Chief, SGD/TSB ITU

Abbie Barbir, Q10/17 Rapporteur


Document No:

GSC16
-
PLEN
-
24

Source:

ITU

Contact:

Bilel Jamoussi

GSC Session:

PLENARY

Agenda Item:

6.4

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

2


ITU
-
T Joint Coordination for IdM (JCA IdM) is now under SG 17
umbrella.


JCA IdM has developed an
inventory of major national, regional
and international Identity Management initiatives



ITU
-
T works collaboratively with other key bodies including:
OASIS,ETSI; Kantara Initiative, OMA, NIST,ISO/IEC JTC 1/SC 27,
ISO/IEC JTC 1/SC 38, etc..


ITU
-
T’s IdM focus work is on enhancing identity identification and
enrolment through the development of better authentication
assurance frameworks. Enhanced trust through open trust
Frameworks, Identity in the Cloud, identity based services for
mobile and finances and interoperability of diverse IdM capabilities
in telecommunications.


The JCA
-
IdM analyze
s

IdM standardization items and coordinate
an associated roadmap


Highlight of IdM Current Activities

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

3

ITU
-
T Joint coordination activity in

IdM JCA
-
IdM


Coordination and collaboration

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

4



Published ITU
-
T IdM Recommendation


Y.2720, NGN identity management framework


Supplement to Y.2704, Y.NGN Certificate Management
Certificate management




Y.NGN IdM Use
-
cases (Technical Report)


X.1250,
Baseline capabilities for enhanced global identity
management trust and interoperability


X.1251, A framework for user control of digital identity



X. 1252 Baseline identity management terms and definitions




Recommendation in Advanced Stages


X.1253 (X.idmsg), Security guidelines for identity management
systems, approved September 2011


X.eaa/ISO 29115, Entity authentication assurance framework.


Working with OASIS on synchronizing with SAML 2.0 and
XACML 3.0 and their equivalent ITU
-
T Recommendations



Y.NGN trusted SP requirements, NGN Requirements and Use
Cases for Trusted Service Provider Identity


Highlight of IdM Current Activities

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

5


Draft Recommendation in progress


Y.NGN
-
OAuth Support for OAuth in NGN


Y.NGN
-
OOF, Framework for NGN Support and Use of OpenID and
OAuth




Y.NGN
-
OpenID, Support for OpenID in NGN


X.atag, Attribute aggregation framework


X.authi, Guideline to implement the authentication integration of the
network layer and the service layer


X.discovery. Discovery of identity management information


X.giim, Mechanisms to support interoperability across different IdM
services


X.idmcc, Requirement of IdM in cloud computing


X.idmgen, Generic identity management framework


X.idm
-
ifa, Framework architecture for interoperable identity management
systems


X.mob
-
id, Baseline capabilities and mechanisms of identity management
for mobile applications and environment


X.oitf, Open identity trust framework


X.priva, Criteria for assessing the level of protection for personally
identifiable information in identity management

Highlight of IdM Current Activities

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

Current Q10/17 IdM Focus


Interoperability

of identity management


X.giim, Generic IdM interoperability mechanisms



X.idm
-
ifa,
Framework architecture for interoperable identity management
systems


X.idm
-
cloud, identity in the cloud


Trust

of identity management


X.authi, Authentication integration in IDM



X.EVcert, Extended validation certificate


X.eaa, Information technology


Security techniques


Entity authentication
assurance


X. OITF, Open identity trust framework


Discovery

of
of identity management information



X.discovery, Discovery of identity management information



Protection

of personally identifiable information


X.
1275,
Guidelines on protection of personally identifiable information in the
application of RFID technology



X.priva, Criteria for assessing the level of protection for personally identifiable
information in identity management


6

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

7


Trend is towards the support of strong authentication in online
transaction. A major challenge is how to enable the use of
strong authentication techniques and best practices in an
interoperable and secure fashion.


Identity Federations based on standardized trust model and
global interoperability of diverse identity management
schemas are major inhibitors to wide scale deployment of IdM
capabilities


Development of just in time secure cloud standards for identity
provisioning, de
-
provisioning and the control of fine grain
authorizations.


Enhance online trust, reducing fraud and identity theft while
protecting PII.

Challenges for IdM

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

8

Conclusions


Identity based services is a key technology for cloud
based SaaS


Online transaction requires means for identification of all
parties involved in a transaction


There need for open interoperable trust frameworks for
IdM


Identity Management continue to be a key security
enabler for mobile and wireless interactions


Protection of Personally Identifiable Identifiers (PII) is a
required capability for IdM systems


Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

9

Q&A


Discussion

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

10

Backup

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

11

OID Resolution system


Provides information associated
with any object identified by an
OID:


access information


child node information


OID
-
IRI canonical form


Joint work between ITU
-
T SG 17 and ISO/IEC JTC 1/SC 6 since
Oct. 2008 (draft Rec. ITU
-
T X.oid
-
res | ISO/IEC 29168)


Get an OID identifier arc assigned for identifying cybersecurity
organizations, information, and policies


Will specify:


OID resolution architecture


OID resolution protocol (probably based on DNS)


operation of the OID resolution service


security and trust of the OID resolution process


etc.

Halifax, 31 Oct


3 Nov 2011

ICT Accessibility For All

GSC16
-
PLEN
-
24

12

Object Identifiers (OIDs)


One of many identification schemes


Basically very simple: A tree


Arcs are numbered and may have an associated
alphanumeric identifier (beginning with a lowercase)


Infinitely many arcs from each node (except at the root)


Objects are identified by the path (OID) from the root to a
node


A Registration Authority (RA) allocates arcs beneath its
node to subordinate RAs, and so on, to an infinite depth


The OID tree is a hierarchical structure of RAs


Standardized in the
ITU
-
T X.660 | ISO/IEC 9834 series
(
ITU
-
T SG 17 and ISO/IEC JTC 1/SC 6)


Originated in 1985, still in use!