Download - Abbie Barbir ITU IIW-update
InternationalTelecommunicationUnion
Abbie Barbir, Ph.D.Rapporteur, Q10/17 Identity Management Question [email protected]
ITU-T Identity Related WorkImportant to NSTIC
IIW October 2011
2
ITU-T Objectives Develop and publish
standards for global ICT interoperability
Identify areas for future standardization
Provide an attractive and effective forum for the development of international standards
Promote the value of ITU standards
Disseminate information and know-how
Cooperate and collaborate
Provide support and assistance
3
ITU-T Key Features
Truly global public/private partnership
95% of work is done by private sector
Continuously adapting to market needs
Pre-eminent global ICT standards body
4
ITU-T Study groups (2009-2012)
SG 2 Operational aspects of service provision and telecommunications management
SG 3Tariff & accounting principles including related telecommunication economic & policy issues
SG 5 Environment and climate change
SG 9 Television and sound transmission and integrated broadband cable networks
SG 11 Signalling requirements, protocols and test specifications
SG 12 Performance, QoS and QoE
SG 13 Future networks including mobile and NGN (NGN Identity management)
SG 15 Optical transport networks and access network infrastructures
SG 16 Multimedia coding, systems and applications
SG 17 Security and identity management
We will focus on IdM work in ITU-T based on•SG 17 Question 10/17 (Identity Management)•SG 13 Question 16/13 (NGN Security)
5
SG 17 Q10/17 Identity management (IdM)
Motivation IdM is a security enabler by providing
trust in the identity of both parties to an e-transaction
Provides network operators opportunity to increase revenues through advanced identity-based services
Focus on global trust and interoperability
Leveraging and bridging existing solutions
6
SG 17 Q10/17 Identity management (IdM)
Current Recommendations Identity management
X. 1250 Baseline capabilities for enhanced global identity management trust and interoperability
X. 1251 A framework for user control of digital identity X. 1252 Baseline identity management terms and definitions X.1253 (X.idmsg), Security guidelines for identity management systems X.eaa/ISO 29115, Entity authentication assurance framework (based on
NIST 800-63) X.atag, Attribute aggregation framework X.authi, Guideline to implement the authentication integration of the network layer
and the service layer X.discovery. Discovery of identity management information X.giim, Mechanisms to support interoperability across different IdM services X.idmcc, Requirement of IdM in cloud computing X.idmgen, Generic identity management framework X.idm-ifa, Framework architecture for interoperable identity management systems X.mob-id, Baseline capabilities and mechanisms of identity management for mobile
applications and environment X.oitf, Open identity trust framework X.priva, Criteria for assessing the level of protection for personally identifiable
information in identity management Working with OASIS SAML 2.0 and XACML and their equivalent ITU-T
Recommendations
7
ITU-T Joint coordination activity in IdM JCA-IdM
Q10/17 Coordination and collaboration
InternationalTelecommunicationUnion
Q10/17 IdM Focus
Interoperability of identity management X.giim, Generic IdM interoperability mechanisms X.idm-ifa, Framework architecture for interoperable identity
management systems X.idm-cloud, identity in the cloud
Trust of identity management X.authi, Authentication integration in IDM X.EVcert, Extended validation certificate X.eaa, Information technology – Security techniques – Entity
authentication assurance X. OITF, Open identity trust framework
Discovery of of identity management information X.discovery, Discovery of identity management information
Protection of personally identifiable information X.1275, Guidelines on protection of personally identifiable information
in the application of RFID technology X.priva, Criteria for assessing the level of protection for personally
identifiable information in identity management
ITU-T SG 13 Q16/13
Q16/13 Security and identity management
Motivation Address, in the context of NGN, IdM issues of concern to Includes assertion and assurance of entity identities (e.g.
user, device, service providers) noted in the following, non-exhaustive list:
International emergency and priority services Electronic government (e-Government) services Privacy/user control of personal information (i.e. protection of
personal identifiable information [PPII]) Security (e.g. confidence of transactions, protection from
identity (ID) theft) and protection of NGN infrastructure, resources (services and applications) and end users information
National security and critical infrastructure protection 9
SG 13 Q16/13Security and identity
management List of Recommendations in Progress Supplement to Y.2704, Y.NGN Certificate Management
Certificate management Y.2700-series supplement, NGN security planning and
operations guidelines Y.ETS-Sec, Minimum Security Requirements for
Interconnection of Emergency Telecommunications Service (ETS)
Y.NGN IdM Use-cases (Technical Report) Y.NGN trusted SP requirements, NGN Requirements and Use
Cases for Trusted Service Provider Identity Y.NGN-OAuth Support for OAuth in NGN Y.NGN-OOF, Framework for NGN Support and Use of OpenID
and OAuth Y.NGN-OpenID, Support for OpenID in NGN
10
Question 16/13 Work Program
Mobility Security
Framework in NGN
Y.2740 Security Requirements for Mobile Financial Transactions in
NGN
Y.2741 Architecture for Secure Mobile
Financial Transactions in NGN
Y.2704 NGN
Security Mechanism
s
NGN Certificate
Management
Y.2703 NGN AAA
Y.2720 NGN IdM
Framework
Y.2722 NGN IdM
Mechanisms
Y.2701 Security Requirements for NGN
Release 1
Y.2721 NGN IdM
Requirements and Use
Cases
Y.2702 NGN Authentication and
Authorization Requirements
Determined draft Recommendation
IdM and Security for
Cloud Services
Note: Recommendations produced by Q.16/13 are approved through the TAP.
SG 13 Q16/13NGN IdM Framework (ITU-T Rec. Y.2720, 1/2009)
Users & Subscribers
Organizations, Business Enterprises, Government Enterprises
User Devices
Network Elements and
Objects
Network and Service Providers
Virtual Objects
Entities
Identity Lifecycle ManagementCorrelation and Binding of Identity Information
Authentication, Assurance, and Assertionof Identity Information Discoveryand Exchangeof Identity Information
IdM Capabilities
Identifiers (e.g., User ID, email
address, telephone number, URI, IP address)
Credentials (e.g., digital certificates, tokens, and biometrics)
Attributes (e.g., roles, claims, context, privileges,
location)Identity
Information
Federated ServicesApplication Access Control (e.g., Multimedia and IPTV)
Single Sign-on/Sign-offRole-based Access to Resources
Protection of Personally-Identifiable InformationSecurity Protection of Information and Network Infrastructure
Business and Security Services
Iden
tity
Man
ag
em
en
t