Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

ITU-T IDENTITY MANAGEMENT ITU-T IDENTITY MANAGEMENT UPDATEUPDATE

Bilel Jamoussi, Chief, SGD/TSB ITUAbbie Barbir, Q10/17 Rapporteur

Document No:

GSC17-PLEN-43

Source: ITU

Contact: Bilel Jamoussi

GSC Session:

PLENARY

Agenda Item:

6.4

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

2

• ITU-T Joint Coordination for IdM (JCA IdM) is under SG17 umbrella.

• JCA IdM has developed an inventory of major national, regional and international Identity Management initiatives

• ITU-T works collaboratively with other key bodies including: OASIS, ETSI; Kantara Initiative, OMA, NIST,ISO/IEC JTC 1/SC 27, ISO/IEC JTC 1/SC 38, etc..

• ITU-T’s IdM focus work is on enhancing identity identification and enrolment through the development of better authentication assurance frameworks. Enhanced trust through open trust Frameworks, Identity in the Cloud, identity based services for mobile and finances and interoperability of diverse IdM capabilities in telecommunications.

• The JCA-IdM analyzes IdM standardization items and coordinate an associated roadmap

Highlight of IdM Current Activities

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

3

ITU-T Joint coordination activity in IdM JCA-IdM

Coordination and collaboration

NSTIC

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

4

• Published ITU-T Recommendations• X.1154, General framework of combined authentication on

multiple identity service provider environments• X.1254, Entity authentication assurance framework• Y.3031, Identification framework in future networks

• Published ITU-T Supplements• Y.Suppl.18, ITU-T Y.2700-series - Supplement on next

generation network certificate management.

• Recommendations in Advanced Stages• X.discovery (X.1255), Framework for discovery of identity

management information.

Highlights of IdM Current Activities

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

5

• Draft Recommendations in progress• F.5xx, Directory Service - Support of Tag-based Identification

Services• Q.IdM.SIG, Signaling requirements and architecture of the IC-T

interface between transport stratum functional entity (T-FE) and Id management control functional entity (IdMC-FE)

• X.1141 Amd.1, Security Assertion Markup Language (SAML) 2.0 – Amendment 1: Errata

• X.1142 Amd.1, eXtensible Access Control Markup Language (XACML 2.0) – Amendment 1: Errata

• X.atag, Attribute aggregation framework• X.authi, Authentication integration in identity management• X.discovery (X.1255), Framework for discovery of identity

management information• X.giim, Generic identity management interoperability mechanisms• X.iamt, Identity and access management taxonomy• X.idmcc, Requirement of IdM in cloud computing• X.mob-id, Baseline capabilities and mechanisms of identity

management for mobile applications and environment• X.xacmlv3 eXtensible Access Control Markup Language (XACML

3.0))Errata

Highlights of IdM Current Activities

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

6

• Draft Recommendations in progress• X.oitf, Open identity trust framework• X.pki-em, Information Technology - Public-Key Infrastructure:

Establishment and maintenance• X.pki-prof, Information Technology - Public-Key Infrastructure: Profile• X.sap-8, Efficient multi-factor authentication mechanisms using mobile

devices• X.scim-use, Application of system for cross identity management (SCIM)

in telecommunication environments• X.xacml3, eXtensible Access Control Markup Language (XACML) 3.0• Y.2723 (Y.NGN-OAuth), Support for OAuth in NGN• Y.2724 (Y.NGN-OOF), Framework for NGN support and use of OpenID

and OAuth• Y.FNID-config, Configurations of node identifiers and their mapping with

locators in future networks• Y.NGN-OpenID, Support for OpenID in NGN• Y.NGNspid, NGN Requirements and Use Cases for Trusted Service

Provider Identity• Y.NGN IdM Use-cases (Technical Report), Supplement on NGN identity

management use cases

Highlights of IdM Current Activities

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

Current Q10/17 IdM FocusCurrent Q10/17 IdM Focus• Interoperability of identity management

– X.giim, Generic IdM interoperability mechanisms – X.idm-ifa, Framework architecture for interoperable identity management systems– X.idmcc, identity in the cloud

• Trust of identity management– X.authi, Authentication integration in IDM – X.1254, Entity authentication assurance framework– X.oitf, Open identity trust framework

• Discovery of of identity management information – X.discovery (X.1255), Framework for discovery of identity management information

• Protection of personally identifiable information – X.1275, Guidelines on protection of personally identifiable information in the

application of RFID technology

7

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

8

• Trend is towards the support of strong authentication in online transaction. A major challenge is how to enable the use of strong authentication techniques and best practices in an interoperable and secure fashion.

• Identity Federations based on standardized trust model and global interoperability of diverse identity management schemas are major inhibitors to wide scale deployment of IdM capabilities

• Development of just in time secure cloud standards for identity provisioning, de-provisioning and the control of fine grain authorizations.

• Enhance online trust, reducing fraud and identity theft while protecting PII.

Challenges for IdM

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

9

ConclusionsConclusions• Identity based services is a key technology for cloud

based SaaS • Online transaction requires means for identification of all

parties involved in a transaction• There need for open interoperable trust frameworks for

IdM• Identity Management continue to be a key security

enabler for mobile and wireless interactions• Protection of Personally Identifiable Identifiers (PII) is a

required capability for IdM systems

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

10

Q&A

Discussion

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

11

Backup

Jeju Island, Korea, 13 – 16 May 2013

Identity Management and Identification Systems

GSC17-PLEN-43

12

Object Identifiers (OIDs)Object Identifiers (OIDs)• One of many identification schemes• Basically very simple: A tree• Arcs are numbered and may have an associated

alphanumeric identifier (beginning with a lowercase)• Infinitely many arcs from each node (except at the root)• Objects are identified by the path (OID) from the root to a

node• A Registration Authority (RA) allocates arcs beneath its

node to subordinate RAs, and so on, to an infinite depth• The OID tree is a hierarchical structure of RAs• Standardized in the ITU-T X.660 | ISO/IEC 9834 series

(ITU-T SG 17 and ISO/IEC JTC 1/SC 6)• Originated in 1985, still in use!