Abbie Barbir ITU IIW-update


Published on

Preso from ITU-T liaison Abbie Barbir (from Bank of America) on standards relevant to e-identity: for IIW October 2011

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Abbie Barbir ITU IIW-update

  1. 1. Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question [email_address] ITU-T Identity Related Work Important to NSTIC IIW October 2011
  2. 2. ITU-T Objectives <ul><li>Develop and publish standards for global ICT interoperability </li></ul><ul><li>Identify areas for future standardization </li></ul><ul><li>Provide an attractive and effective forum for the development of international standards </li></ul><ul><li>Promote the value of ITU standards </li></ul><ul><li>Disseminate information and know-how </li></ul><ul><li>Cooperate and collaborate </li></ul><ul><li>Provide support and assistance </li></ul>
  3. 3. ITU-T Key Features <ul><li>Truly global public/private partnership </li></ul><ul><li>95% of work is done by private sector </li></ul><ul><li>Continuously adapting to market needs </li></ul><ul><li>Pre-eminent global ICT standards body </li></ul>
  4. 4. ITU-T Study groups (2009-2012) <ul><li>We will focus on IdM work in ITU-T based on </li></ul><ul><li>SG 17 Question 10/17 (Identity Management) </li></ul><ul><li>SG 13 Question 16/13 (NGN Security) </li></ul>SG 2 Operational aspects of service provision and telecommunications management SG 3 Tariff & accounting principles including related telecommunication economic & policy issues SG 5 Environment and climate change SG 9 Television and sound transmission and integrated broadband cable networks SG 11 Signalling requirements, protocols and test specifications SG 12 Performance, QoS and QoE SG 13 Future networks including mobile and NGN (NGN Identity management) SG 15 Optical transport networks and access network infrastructures SG 16 Multimedia coding, systems and applications SG 17 Security and identity management
  5. 5. SG 17 Q10/17 Identity management (IdM) <ul><li>Motivation </li></ul><ul><ul><li>IdM is a security enabler by providing trust in the identity of both parties to an e-transaction </li></ul></ul><ul><ul><li>Provides network operators opportunity to increase revenues through advanced identity-based services </li></ul></ul><ul><ul><li>Focus on global trust and interoperability </li></ul></ul><ul><ul><li>Leveraging and bridging existing solutions </li></ul></ul>
  6. 6. SG 17 Q10/17 Identity management (IdM) <ul><li>Current Recommendations </li></ul><ul><li>Identity management </li></ul><ul><ul><li>X. 1250 Baseline capabilities for enhanced global identity management trust and interoperability </li></ul></ul><ul><ul><li>X. 1251 A framework for user control of digital identity   </li></ul></ul><ul><ul><li>X. 1252 Baseline identity management terms and definitions   </li></ul></ul><ul><ul><li>X.1253 (X.idmsg), Security guidelines for identity management systems </li></ul></ul><ul><ul><li>X.eaa/ISO 29115, Entity authentication assurance framework (based on NIST 800-63) </li></ul></ul><ul><ul><li>X.atag, Attribute aggregation framework </li></ul></ul><ul><ul><li>X.authi, Guideline to implement the authentication integration of the network layer and the service layer </li></ul></ul><ul><ul><li>X.discovery. Discovery of identity management information </li></ul></ul><ul><ul><li>X.giim, Mechanisms to support interoperability across different IdM services </li></ul></ul><ul><ul><li>X.idmcc, Requirement of IdM in cloud computing </li></ul></ul><ul><ul><li>X.idmgen, Generic identity management framework </li></ul></ul><ul><ul><li>X.idm-ifa, Framework architecture for interoperable identity management systems </li></ul></ul><ul><ul><li>X.mob-id, Baseline capabilities and mechanisms of identity management for mobile applications and environment </li></ul></ul><ul><ul><li>X.oitf, Open identity trust framework </li></ul></ul><ul><ul><li>X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management </li></ul></ul><ul><ul><li>Working with OASIS SAML 2.0 and XACML and their equivalent ITU-T Recommendations </li></ul></ul>
  7. 7. ITU-T Joint coordination activity in IdM JCA-IdM Q10/17 Coordination and collaboration
  8. 8. Q10/17 IdM Focus <ul><li>Interoperability of identity management </li></ul><ul><ul><li>X.giim, Generic IdM interoperability mechanisms </li></ul></ul><ul><ul><li>X.idm-ifa, Framework architecture for interoperable identity management systems </li></ul></ul><ul><ul><li>X.idm-cloud, identity in the cloud </li></ul></ul><ul><li>Trust of identity management </li></ul><ul><ul><li>X.authi, Authentication integration in IDM </li></ul></ul><ul><ul><li>X.EVcert, Extended validation certificate </li></ul></ul><ul><ul><li>X.eaa, Information technology – Security techniques – Entity authentication assurance </li></ul></ul><ul><ul><li>X. OITF, Open identity trust framework </li></ul></ul><ul><li>Discovery of of identity management information </li></ul><ul><ul><li>X.discovery, Discovery of identity management information </li></ul></ul><ul><li>Protection of personally identifiable information </li></ul><ul><ul><li>X. 1275, Guidelines on protection of personally identifiable information in the application of RFID technology </li></ul></ul><ul><ul><li>X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management </li></ul></ul>
  9. 9. ITU-T SG 13 Q16/13 <ul><li>Q16/13 Security and identity management </li></ul><ul><li>Motivation </li></ul><ul><li>Address, in the context of NGN, IdM issues of concern to </li></ul><ul><li>Includes assertion and assurance of entity identities (e.g. user, device, service providers) noted in the following, non-exhaustive list: </li></ul><ul><li>International emergency and priority services </li></ul><ul><li>Electronic government (e-Government) services </li></ul><ul><li>Privacy/user control of personal information (i.e. protection of personal identifiable information [PPII]) </li></ul><ul><li>Security (e.g. confidence of transactions, protection from identity (ID) theft) and protection of NGN infrastructure, resources (services and applications) and end users information </li></ul><ul><li>National security and critical infrastructure protection </li></ul>
  10. 10. SG 13 Q16/13 Security and identity management <ul><li>List of Recommendations in Progress </li></ul><ul><li>Supplement to Y.2704, Y.NGN Certificate Management Certificate management </li></ul><ul><li>Y.2700-series supplement, NGN security planning and operations guidelines </li></ul><ul><li>Y.ETS-Sec, Minimum Security Requirements for Interconnection of Emergency Telecommunications Service (ETS) </li></ul><ul><li>Y.NGN IdM Use-cases (Technical Report) </li></ul><ul><li>Y.NGN trusted SP requirements, NGN Requirements and Use Cases for Trusted Service Provider Identity </li></ul><ul><li>Y.NGN-OAuth Support for OAuth in NGN </li></ul><ul><li>Y.NGN-OOF, Framework for NGN Support and Use of OpenID and OAuth </li></ul><ul><li>Y.NGN-OpenID, Support for OpenID in NGN </li></ul>
  11. 11. Question 16/13 Work Program Mobility Security Framework in NGN Y.2740 Security Requirements for Mobile Financial Transactions in NGN Y.2741 Architecture for Secure Mobile Financial Transactions in NGN Y.2704 NGN Security Mechanisms NGN Certificate Management Y.2703 NGN AAA Y.2720 NGN IdM Framework Y.2722 NGN IdM Mechanisms Y.2701 Security Requirements for NGN Release 1 Y.2721 NGN IdM Requirements and Use Cases Y.2702 NGN Authentication and Authorization Requirements IdM and Security for Cloud Services Note: Recommendations produced by Q.16/13 are approved through the TAP. Determined draft Recommendation
  12. 12. SG 13 Q16/13 NGN IdM Framework (ITU-T Rec. Y.2720, 1/2009) Users & Subscribers Organizations, Business Enterprises, Government Enterprises User Devices Network Elements and Objects Network and Service Providers Virtual Objects Entities Identity Lifecycle Management Correlation and Binding of Identity Information Authentication , Assurance , and Assertion of Identity Information Discovery and Exchange of Identity Information IdM Capabilities Identifiers (e.g., User ID, email address, telephone number, URI, IP address) Credentials (e.g., digital certificates, tokens, and biometrics) Attributes (e.g., roles, claims, context, privileges, location) Identity Information Federated Services Application Access Control (e.g., Multimedia and IPTV) Single Sign - on/Sign - off Role - based Access to Resources Protection of Personally - Identifiable Information Security Protection of Information and Network Infrastructure Business and Security Services Identity Management