DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4...
-
Upload
anabel-fisher -
Category
Documents
-
view
213 -
download
0
Transcript of DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4...
DOCUMENT #: GSC15-PLEN-29
FOR: Presentation or Information
SOURCE: ITU-T
AGENDA ITEM: 6.4
CONTACT(S): [email protected]
Identity Management
Jianyong CHENSG 17 Vice Chairman
Global Standards Collaboration (GSC) GSC-15
Identity Management (IdM) for Telecom is an Essential Part of IP-based Networks and
Services
Identity-based services are exponentially increasing and available on many different mobile platforms
Internet is a part of telecommunication infrastructure Next-Generation business model for network operators demands
subscriber-centric data consolidation 2
Wireline
Per GSC-14/04 Resolution, ITU-T is progressing the development of a publically available Wiki-based inventory of major IdM initiatives and activities. ITU-T works collaboratively with other key bodies including: ISO/IEC JTC 1/SC 27, ETSI, Kantara Initiative, FIDIS, OASIS The focus of ITU-T’s IdM work is on global trust and interoperability of diverse IdM capabilities in telecommunications to include leveraging and bridging existing solutions. It is not in the development of standards for new IdM solutions. ITU-T’s JCA-IdM (Joint Coordination Activity) coordinates IdM activities within ITU-T and amongst other major IdM standards bodies.
Highlight of IdM Current Activities (1/2)
3
First ITU-T IdM Recommendation published early 2009:• Y.2720, NGN identity management framework
Joint ITU-T | ISO/IEC common text Recommendation | International Standard on Entity Authentication Assurance is approaching a stable document.
Three ITU-T Recommendations were published and available for free download• X.1250, Baseline capabilities for enhanced global
identity management trust and interoperability• X.1251, A framework for user control of digital
identity • X.1252, Basic IdM terms and definitions
4
Highlight of IdM Current Activities (2/2)
Identity Federations based on standardized trust frameworks and global interoperability of diverse identity management solutions are major inhibitors to wide scale deployment of IdM capabilities
Discovery of identity resources on a global level vs within an enterprise environment.
Common IdM terminology
Interoperability of Assurance Levels that are based on the risk assessment associated with the on-line transaction
Privacy services
Challenges for IdM
5
Next Step/Action for IdM
x.evcert Extended validation certificate (EVcert) framework
X.Eaa Information technology – Security techniques – Entity authentication assurance
X.idm-dm Common identity data model
X.idm-ifa Framework architecture for interoperable identity management systems
X.idmsg Security guidelines for identity management systems
X.priva Criteria for assessing the level of protection for personally identifiable information in identity management
X.authi Guideline to implement the authentication integration of the network layer and the service layer.
X.giim mechanisms to support interoperability across different IdM services.
X.idmgen Generic Frame for Interoperable IdM systems
X.sap-4 The general framework of combined authentication on multiple identity provider service environment
x.oitf Open Identity Trust Framework
x.discovery Discovery of identity management information
x.mobid Baseline Capabilities and mechanisms of Identity Management for Mobile applications and environment
13 Recommendations are in developing. Among them, X.evcert plan to be determined in December meeting.
Basic Concepts of Object Identifiers (OIDs) One of many identification schemes Basically very simple: A tree Arcs are numbered and may have an associated alphanumeric
identifier (beginning with a lowercase) Can also have Unicode labels (any language, any characters) Infinitely many arcs from each node (except at the root) Objects are identified by the path (OID) from the root to a node A Registration Authority (RA) allocates arcs beneath its node to
subordinate RAs, and so on, to an infinite depth The OID tree is a hierarchical structure of RAs Standardized in the ITU-T X.660 | ISO/IEC 9834 series (ITU-T
SG 17 and ISO/IEC JTC 1/SC 6) Originated in 1985, still in use, and still developing! Recent developments are use of the DNS to provide
information about the node identified by an OID.
7
Next Step/Action for OIDOID Resolution system
Provides information associated with any object identified by an OID:• access information• child node information• OID-IRI canonical form
Joint work between ITU-T SG 17 and ISO/IEC JTC 1/SC 6 since Oct. 2008 (draft Rec. ITU-T X.672 (ex X.oid-res) | ISO/IEC 29168-1)
Get an OID identifier arc assigned for identifying cybersecurity organizations, information, and policies
Specifies:• OID resolution architecture• OID resolution protocol (based on DNS)• operation of the OID resolution service• security and trust of the OID resolution process• etc.
Associated is another joint work on procedures for the OID-RES operational agency Rec. ITU-T X.673 | ISO/IEC 29168-2 8
Conclusions
Developers can bet on identity as a capability
User acceptance will gate success
Privacy is not opposed to security – it is a precondition of security
GSC-15 should continue GSC14/04 Resolution with some necessary editorial updates
9
Summary Contributions from ATIS, ETSI, ISACC and ITU-T
• Highlight Interoperability, Federation, Discovery of IdM and Privacy are key issues to be further
study. Leverage diverse IdM solutions are common objective among the SDOs. Collaboration among main SDOs need to be strengthened. Various important standards are in developing.
• Next step Challenge is to address the inconsistency of various IdM solutions from different SDOs. Continue to develop new standards and make revisions to existing standards. Stressed importance of cooperation among the SDOs. Focus on Identity management for RFIDs, sensors, wireless and near-field devices, on-
board GSM NGN, IPTV, clouding computing, healthcare, emergency communications, e-government, disaster relief, and convergent network and service
Recommendation• Reaffirm the existing Resolution GSC-14/04 • Retain HIS for GSC-16
Supplementary Slides
11
WeblinksITU-T
SG17 - http://www.itu.int/ITU-T/studygroups/com17/index.asp
Identity Management web page - http://www.itu.int/ITU-T/studygroups/com17/idm.html
Join coordination activity for identity management http://www.itu.int/ITU-T/jca/idm/
Top of the OID Tree
itu-t(0) iso(1)joint-iso-itu-t(2)
member-body(2)
identified-organisation(3)
root
recommendation(0)
Example: {joint-iso-itu-t(2) tag-based(27) mcode(1)}
Note: The name of the 3 top-level arcs does not imply a hierarchical dependency to ISO or ITU-T.
country(16)
tag-based(27)
ISO 3166 country codesISO 3166 country
codesISO 6523 ICD codes
13
Some Advantages of using OID
Human-readable notation:{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)}
Dot notation:1.2.840.113549.1
URN notation:urn:oid:1.2.840.113549.1
Internationalized notation (IRI):oid:/ISO/Member-Body/US/RSADSI/PKCS
Used in a lot of ISO standards, ITU-T Recommendations and IETF RFCs, but not only!
Very good take up: 120,000+ OIDs described athttp://www.oid-info.com; much more exist
Compact binary encoding (normally used in all computer communications)
Allows transmission over constrained networks14
Challenge for OIDUse of OIDs for the Internet of Things
ITU-T X.668 | ISO/IEC 9834-9 (2008) is a way to unify the many identification schemes used for the Internet of Things (RFID, bar codes, ISBN, etc.)
Does not cause existing tags to become obsolete Use case example: a tag placed on a billboard poster can
be read with a mobile phone and make it easy for the user to get additional multimedia (text, graphics, even voice or video) information about the content of the poster
Other use cases in Rec. ITU-T F.771
15