abbiebarbiritu iiw update 111018022049 phpapp02

8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02

1/12

International

TelecommunicationUnion

Abbie Barbir, Ph.D.Rapporteur, Q10/17Identity Management [email protected]

ITU-T Identity Related WorkImportant to NSTIC

IIW October 2011


2/12

2

ITU-T Objectives

Develop and publishstandards for global ICTinteroperability

Identify areas for future

standardization Provide an attractive and effective forum

for the development of internationalstandards

Promote the value of ITU standards

Disseminate information and know-how

Cooperate and collaborate

Provide support and assistance


3/12

3

ITU-T Key Features

Truly globalpublic/privatepartnership

95% of work is doneby private sector

Continuouslyadapting to market

needs

Pre-eminent globalICT standards body


4/12

4

ITU-T Study groups (2009-2012)

SG 2 Operational aspects of service provision and telecommunications management

SG 3Tariff & accounting principles including related telecommunication economic & policyissues

SG 5 Environment and climate change

SG 9 Television and sound transmission and integrated broadband cable networks

SG 11 Signalling requirements, protocols and test specifications

SG 12 Performance, QoS and QoE

SG 13 Future networks including mobile and NGN (NGN Identity management)

SG 15 Optical transport networks and access network infrastructures

SG 16 Multimedia coding, systems and applications

SG 17 Security and identity management

We will focus on IdM work in ITU-T based on SG 17 Question 10/17 (Identity Management)

SG 13 Question 16/13 (NGN Security)


5/12

5

SG 17 Q10/17 Identity

management (IdM)Motivation

IdM is a security enabler by providing

trust in the identity of both parties toan e-transaction

Provides network operators opportunityto increase revenues through advancedidentity-based services

Focus on global trust andinteroperability

Leveraging and bridging existingsolutions


6/12

6

SG 17 Q10/17 Identity management(IdM)

Current Recommendations Identity management

X. 1250 Baseline capabilities for enhanced global identity managementtrust and interoperability

X. 1251 A framework for user control of digital identity X. 1252 Baseline identity management terms and definitions X.1253 (X.idmsg), Security guidelines for identity management systems X.eaa/ISO 29115, Entity authentication assurance framework (based on

NIST 800-63) X.atag, Attribute aggregation framework X.authi, Guideline to implement the authentication integration of the network layer

and the service layer X.discovery. Discovery of identity management information

X.giim, Mechanisms to support interoperability across different IdM services X.idmcc, Requirement of IdM in cloud computing

X.idmgen, Generic identity management framework X.

idm-ifa, Framework architecture for interoperable identity management systems X.mob-id, Baseline capabilities and mechanisms of identity management for mobileapplications and environment

X.oitf, Open identity trust framework X.priva, Criteria for assessing the level of protection for personally identifiable

information in identity management

Working with OASIS SAML 2.0 and XACML and their equivalent ITU-TRecommendations


7/12

7

ITU-T Joint coordination activity in

IdM JCA-IdM

Q10/17 Coordination and collaboration


8/12

International

TelecommunicationUnion

Q10/17 IdM Focus

Interoperability of identity managementX.giim, Generic IdM interoperability mechanismsX.idm-ifa, Framework architecture for interoperable identity

management systemsX.idm-cloud, identity in the cloud

Trust of identity managementX.

authi, Authentication integration in IDMX.EVcert, Extended validation certificateX.eaa, Information technology Security techniques Entity

authentication assuranceX. OITF, Open identity trust framework

Discovery of of identity management informationX.discovery, Discovery of identity management information

Protection of personally identifiable informationX.1275, Guidelines on protection of personally identifiable information

in the application of RFID technologyX.priva, Criteria for assessing the level of protection for personally

identifiable information in identity management


9/12

ITU-T SG 13 Q16/13

Q16/13 Security and identity management

Motivation

Address, in the context of NGN, IdM issues of concern to

Includes assertion and assurance of entity identities (e.g.

user, device, service providers) noted in the following, non-exhaustive list:

International emergency and priority services

Electronic government (e-Government) services

Privacy/user control of personal information (i.e. protection

of personal identifiable information [PPII]) Security (e.g. confidence of transactions, protection from

identity (ID) theft) and protection of NGN infrastructure,resources (services and applications) and end usersinformation

National security and critical infrastructure protection 9


10/12

SG 13 Q16/13Security and identity management

List of Recommendations in Progress

Supplement to Y.2704, Y.NGN Certificate ManagementCertificate management

Y.2700-series supplement, NGN security planning andoperations guidelines

Y.ETS-Sec, Minimum Security Requirements forInterconnection ofEmergency Telecommunications Service(ETS)

Y.NGN IdM Use-cases (Technical Report)

Y.NGN trusted SP requirements, NGN Requirements and Use

Cases for Trusted Service Provider Identity

Y.NGN-OAuth Support for OAuth in NGN

Y.NGN-OOF, Framework for NGN Support and Use ofOpenID and OAuth

Y.NGN-OpenID, Support for OpenID in NGN10


11/12

Question 16/13 Work Program

Mobility Security

Framework in

NGN

Y.2740 Security

Requirements for

Mobile Financial

Transactions in NGN

Y.2741 Architecture for

Secure Mobile

Financial Transactions

in NGN

Y.2704 NGNSecurity

Mechanisms

NGNCertificate

Management

Y.2703

NGN AAA

Y.2720 NGN IdM

Framework

Y.2722 NGN IdM

Mechanisms

Y.2701 SecurityRequirements

for NGN Release 1

Y.2721 NGN IdM

Requirements

and Use Cases

Y.2702 NGN

Authentication and

Authorization

Requirements

Determined draftRecommendation

IdM and

Security for

Cloud Services

Note: Recommendations produced by Q.16/13 are approved through the TAP.


12/12

SG 13 Q16/13

NGN IdM Framework (ITU-T Rec. Y.2720, 1/2009)

Users &Subscribers

Organizations, Business Enterprises,Government Enterprises

UserDevices

NetworkElements and

Objects

Network andService Providers

VirtualObjects

Entities

Identity Lifecycle Management

Correlation and Binding of Identity Information

Authentication , Assurance , and Assertion of Identity Information

Discovery and Exchange of Identity Information

IdM Capabilities

Identifiers

(e.g., User ID, emailaddress, telephone number,

URI, IP address)

Credentials

(e.g., digital certificates,tokens, and biometrics)

Attributes

(e.g., roles, claims,context, privileges,

location)

IdentityInformation

Federated Services

Application Access Control (e.g., Multimedia and IPTV)

Single Sign -on/Sign-off

Role-based Access to Resources

Protection of Personally -Identifiable Information

Security Protection of Information and Network Infrastructure

Business and Security Services

IdentityManagement

abbiebarbiritu iiw update 111018022049 phpapp02

Documents