This document proposes requirements for assigning business meaning to identity and access management (IAM) roles and permissions by developing an IAM taxonomy and ontology model. The taxonomy would semantically identify IAM processes and phases to represent the full IAM lifecycle. The ontology model would semantically define IAM role and permission types, their syntax and relationships. This aims to address issues like incorrectly assigned access rights and inability to implement separation of duties controls across applications due to the current lack of business context for IAM roles and permissions.
ITU Security in Telecommunications & Information TechnologyITU
The ITU-T Security Manual offers a comprehensive overview of ITU-T’s work to build confidence and security in the use of information and communication technologies (ICTs).
The manual documents ITU-T’s efforts to respond to global cybersecurity challenges with international standards, complementary guidance documents and outreach to build capacity in the application of advanced ICT security mechanisms.
Introductory chapters highlight high-priority areas of ITU-T security work and basic requirements for the protection of ICT applications, services and information. Central to this introduction is an examination of standards’ role in meeting the security requirements borne of prevalent threats and vulnerabilities.
The manual outlines foundational security architectures as a basis for the discussion of more specific security considerations, following an iterative structure addressing key aspects of ICT security:
Generic security architectures for open systems and end-to-end communications, as well as examples of application-specific architectures, which establish frameworks for the consistent application of multiple facets of security.
Information security management, risk management and asset management, including management activities relevant to securing network infrastructure and the data used to monitor and control the telecommunications network.
The Directory and its role in supporting authentication and other security services. Particular attention is paid to the cryptographic concepts that rely on Directory services, providing an introduction to public key infrastructures, digital signatures and privilege-management infrastructures.
Identity management – a topic of growing importance to connected things, objects and devices – and the related topic of telebiometrics, the use of biometric characteristics for personal identification and authentication in telecommunications environments.
Approaches to network security, including the security requirements for next-generation networks and mobile communications networks in transition from a single technologies (e.g. CDMA or GSM) to mobility across heterogeneous platforms using the Internet Protocol (IP). This section also tackles security provisions for home networks, cable television and ubiquitous sensor networks.
Cybersecurity and incident response, looking at how best to develop an effective response to cyber attacks, including the need to understand the source and nature of attacks when sharing associated information with monitoring agencies.
Application-specific security needs, emphasizing the security features defined in ITU-T standards for Voice over IP, Internet Protocol Television, Web services, and identification tags such as RFID tags.
Technical measures to counter common network threats such as spam, malicious code and spyware, including the importance of ti
ITU Security in Telecommunications & Information TechnologyITU
The ITU-T Security Manual offers a comprehensive overview of ITU-T’s work to build confidence and security in the use of information and communication technologies (ICTs).
The manual documents ITU-T’s efforts to respond to global cybersecurity challenges with international standards, complementary guidance documents and outreach to build capacity in the application of advanced ICT security mechanisms.
Introductory chapters highlight high-priority areas of ITU-T security work and basic requirements for the protection of ICT applications, services and information. Central to this introduction is an examination of standards’ role in meeting the security requirements borne of prevalent threats and vulnerabilities.
The manual outlines foundational security architectures as a basis for the discussion of more specific security considerations, following an iterative structure addressing key aspects of ICT security:
Generic security architectures for open systems and end-to-end communications, as well as examples of application-specific architectures, which establish frameworks for the consistent application of multiple facets of security.
Information security management, risk management and asset management, including management activities relevant to securing network infrastructure and the data used to monitor and control the telecommunications network.
The Directory and its role in supporting authentication and other security services. Particular attention is paid to the cryptographic concepts that rely on Directory services, providing an introduction to public key infrastructures, digital signatures and privilege-management infrastructures.
Identity management – a topic of growing importance to connected things, objects and devices – and the related topic of telebiometrics, the use of biometric characteristics for personal identification and authentication in telecommunications environments.
Approaches to network security, including the security requirements for next-generation networks and mobile communications networks in transition from a single technologies (e.g. CDMA or GSM) to mobility across heterogeneous platforms using the Internet Protocol (IP). This section also tackles security provisions for home networks, cable television and ubiquitous sensor networks.
Cybersecurity and incident response, looking at how best to develop an effective response to cyber attacks, including the need to understand the source and nature of attacks when sharing associated information with monitoring agencies.
Application-specific security needs, emphasizing the security features defined in ITU-T standards for Voice over IP, Internet Protocol Television, Web services, and identification tags such as RFID tags.
Technical measures to counter common network threats such as spam, malicious code and spyware, including the importance of ti
Wearables, IoT and consumer robotics are amongst the hottest topics highlighted at Startup Village 2014. They attract both younger generation teams and investors with international track, promising significant growth potential in future.
Insight into IoT Applications and Common Practice Challengesijtsrd
IoT caused a revolution in the technological world. Not only is the IoT related to computers, people or cell phones but also to various sensors, actuators, vehicles, and other modern appliances. There are around 14 billion interconnected digital devices across the globe i.e. almost 2 devices per human being on earth. The IoT serves as a medium to connect non living things to the internet to transfer information from one point to another in their community network which automates processes and ultimately makes the life of human beings convenient. The subsequent result of amalgamating internet connectivity with powerful data analysis is a complete change in the way we humans work and live. The most vital characteristics of IoT include connectivity, active engagement, sensors, artificial intelligence, and small device use. All of this creates many challenges that need to be solved to keep this technology to continue expanding. In this paper, we have identified various applications of IoT based on recent technological and business trends and highlighted the existing challenges faced by IoT which need to be addressed considering the exponential acceptance of the concept globally and the way those challenges had been addressed in the past. We have also made a few comments on the way such challenges are being attempted to be resolved now. This paper presents the current status Internet of Things IoT in terms of technical details, and applications. Also, this paper opens a window for future work on the historical approach to study and address IoT challenges. Lubna Alazzawi | Jamal Alotaibi "Insight into IoT Applications and Common Practice Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30286.pdf Paper Url :https://www.ijtsrd.com/engineering/computer-engineering/30286/insight-into-iot-applications-and-common-practice-challenges/lubna-alazzawi
Market Research Reports, Inc. has announced the addition of “Internet of Things (IoT) Service Level Agreements: Market Outlook and Forecast for IoT SLAs 2017 - 2022” research report to their offering. See more at - http://mrr.cm/3FL
Internet of things_by_economides_keynote_speech_at_ccit2014_finalAnastasios Economides
Internet of Things forecast, economics, applications, technology, research challenges, sensor networks security, attack models, countermeasures, network security visualization
Internet of Things Insights of Applications in Research and Innovation to Int...ijtsrd
In existing world IOT find a great attention from researchers, it becomes an vital technology that offers a well defined communications between objects and machines. That will offer immediate access to information about the real world and objects in it leading to innovative facilities and increase in effectiveness and output. The IoT developments address the whole IoT spectrum form the devices at the edge to cloud and data centres on the backend and everything in between through ecosystems are generated by industry, research and application stakeholders that enable real world use cases to quicken the in IoT and establish open interoperability standards and common architectures for IoT solutions. This paper studies the perception of many IoT applications and innovation of original connected technologies to the challenges that in front of the execution of the IoT. Deepika Bairagee | Aditya Sharma "Internet of Things: Insights of Applications in Research and Innovation to Integrated Ecosystem" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31213.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/31213/internet-of-things-insights-of-applications-in-research-and-innovation-to-integrated-ecosystem/deepika-bairagee
Analysis on IoT Challenges, Opportunities, Applications and Communication ModelsINFOGAIN PUBLICATION
Internet of Things (IoT) is a novel communication standard and it is researcher’s preferred topic, which integrates heterogeneous systems seamlessly. Designing a universal architecture for IoT is a challenging task due to the integration of wide variety of the devices. The main objective of this paper is to provide comprehensive knowledge on challenges, applications, Security issues, and different communication models of IoT. This paper also focuses on the marketing trends of IoT with respect to variety of application with the end users. This motivates the researchers to contribute more productive work in this field by analyzing various parameters.
Industrial Internet of Things: Recipe for Innovating the Businesses through...Eurotech
The search for business sustainability is pushing companies to become more efficient thought a strategic rethinking of the business process while the market is shifting from products to services. To truly transform the business model, organizations need to connect and collect actionable data from their assets and processes, and invest in IT tools and resources. To make this happen, Eurotech has designed and implemented an Industrial IoT solution that dramatically simplifies the transformation of a business into a smart business.
Internet of Things Corporate PresentationMomentumPR
Internet of Things Inc. (TSX-V: ITT) is an IoT software and solutions provider acquiring and implementing strategic disruptive solutions targeting the Industrial IoT markets including: manufacturing, agriculture, energy management, transportation.
Machine 2 Machine - Internet of Things - Real World InternetJack Brown
This document begins by discussing how M2M is causing an entire “Internet of Things”, or Internet of Intelligent Objects, to emerge. How IoT is extending its reach to the real world of RWI. It discusses and provides a neutral answer to the question of “What is M2M”. It defines and discusses M2M Drivers and the M2M Value Chain. It defines the M2M Communications Network and provides for a real world M2M Infrastructure HVAC example. It then defines and discusses M2M for the Enterprise – What Should be Looked for in an M2M Platform, the Multiple Players and various Connectivity Services that can be offered by the different and Emerging Partners. The document then starts discussing how LTE is driving growth in the M2M market and the Network Areas associated with M2M such as Subscriber Data Management, Multiple Access Domains, Scalability and Flexibility, Identity Management, Security, Messaging, Policy and Charging Rules. A summary is then provided in conclusion discussing topics such as: M2M’s Extensive Industry Value Chain: Trends Associated With M2M Infrastructure Deployment Relative To MNO’s/MVNO’s/ MMO’s; IPV6 Support For M2M Network Addressing; M2M and MNO’s; MVNO’s; ASP’s; Activation Rates Optimized for IoT; Network Initiated Data Session Activation, etc.
Evolution of Internet of Things (IoT) Ecosystem - Potential in IndiaJayanth Kolla
This is India's first, and one of the world's first market-specific industry analysis report on Internet of Things (IoT) domain.
This report evaluates the global developments in the IoT space. And, delves deeper into the current state, growth potential and future outlook of IoT ecosystem evolution in India. This report assesses India as a potential market and innovation hub for IoT based products and solutions.
This is the Executive Summary and ToC of the full report
In the recent years, Internet of Things (IoT) has acquired a remarkable attention. IoT projects a world where billions of smart, interacting things are able to offer various services to near and remote entities. This innovative technology enables users to identify and control services. Customers can benefit from the functional guidance. Therefore, the voice of customers is transmitted to manufacturers. The benefit and welfare that the IoT brings about are undeniable; on the other hand, there are some challenges to apply IoT. The main objective of this study is to reveal the usability challenges of IoT in developing countries through a detailed literature survey.
India Internet of Things (IoT) Market Forecast and Opportunities, 2020TechSci Research
Growing need for real-time monitoring, tracking and automation coupled with favorable government initiatives to drive Internet of Things (IoT) market in India
ITU Standardization of Telebiometric applications ITU
Our Goal at ITU-T SG17 is to develop telebiometric (remote life measurement) standards from sensor thru the gateway and into the cloud. The standards focus on how to acquire biological information and interaction, structure the data, encrypt, store, and authenticate.
Initially, biological data is acquired from a living entity e.g. a person. A Metric system is applied and the information is then structured and encrypted X. Implementing authentication standards ensures only the users permitted to view the telebiometric data have access.
Traditionally, biometrics has been a niche industry with a very limited scope. However at Q9/17, we have expanded the scope to all biological measurements combined with the necessary telecommunication infrastructure.
For more information on ITU-T SG17 – Security, please visit: http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...HCL Technologies
Internet became mainstream around 20 years ago and the rapid pace of technology development we have seen over these years is fascinating. We are now looking at the biggest revolution ever, in the world of connectivity - Internet of Things (IoT). Everything we can think of around us - at home, work, in the car, or at a retail store -- will be interconnected, exchanging data and information, thus leading to an extremely intelligent network of things. It will lead to richer user experience, improved efficiencies and higher collaboration across the ecosystem. Exciting times await us...
The years approaching 2020 will see Internet of Things (IoT) technologies enabling the interconnection of billions of devices, things and objects to achieve the efficiencies borne of innovations such as intelligent buildings and transportation systems, and smart energy and water networks.
IoT is contributing to the convergence of industry sectors, with utilities, healthcare and transportation among the many sectors with a stake in the future of IoT. The new ITU-T Study Group 20 established in June 2015 provides the specialized IoT standardization platform necessary for this convergence to rest on a cohesive set of international standards.
Today we are faced with the challenge of addressing the standardization requirements of the many vertical industries applying information and communication technologies (ICTs) as enabling technologies. This is particularly evident in the field of IoT, where IoT platforms are being developed independently, according to the specific needs of each sector. This divergence in IoT development and deployment has led to an urgent need for stakeholders to come together to mitigate the risk of data “silos” emerging in different industry sectors.
ITU-T Study Group 20 has taken up this challenge, providing government, industry and academia with a unique global platform to collaborate in the development of international IoT standards. One of the group’s primary objectives is to support the creation of an inclusive, interoperable IoT ecosystem capable of making full use of the data generated by IoT-enabled systems.
The Study Group is building on over ten years of ITU-T experience in IoT standardization, developing international standards to enable the coordinated development of IoT technologies, including radio-frequency identification, ubiquitous sensor networks and machine-to-machine communications. A central part of this study is the standardization of end-to-end architectures for IoT, and mechanisms for the interoperability of IoT applications and datasets employed by various vertical industries. An important aspect of the group’s work is the development of standards that leverage IoT technologies to address urban-development challenges.
This flipbook presents a compendium of the first set of ITU international standards for IoT, providing a resource of great value to standards experts interested in contributing to the work of ITU-T Study Group 20. This compendium is also expected to assist the wide variety of stakeholders interested in implementing these IoT standards or calling for adherence to standards in policy and regulatory frameworks relevant to IoT. This compendium will be updated continuously, according to the progress of IoT developments in ITU.
For more information on how to join ITU-T Study Group 20 on Internet of Things, please visit: http://www.itu.int/en/ITU-T/about/groups/Pages/sg20.aspx
Wearables, IoT and consumer robotics are amongst the hottest topics highlighted at Startup Village 2014. They attract both younger generation teams and investors with international track, promising significant growth potential in future.
Insight into IoT Applications and Common Practice Challengesijtsrd
IoT caused a revolution in the technological world. Not only is the IoT related to computers, people or cell phones but also to various sensors, actuators, vehicles, and other modern appliances. There are around 14 billion interconnected digital devices across the globe i.e. almost 2 devices per human being on earth. The IoT serves as a medium to connect non living things to the internet to transfer information from one point to another in their community network which automates processes and ultimately makes the life of human beings convenient. The subsequent result of amalgamating internet connectivity with powerful data analysis is a complete change in the way we humans work and live. The most vital characteristics of IoT include connectivity, active engagement, sensors, artificial intelligence, and small device use. All of this creates many challenges that need to be solved to keep this technology to continue expanding. In this paper, we have identified various applications of IoT based on recent technological and business trends and highlighted the existing challenges faced by IoT which need to be addressed considering the exponential acceptance of the concept globally and the way those challenges had been addressed in the past. We have also made a few comments on the way such challenges are being attempted to be resolved now. This paper presents the current status Internet of Things IoT in terms of technical details, and applications. Also, this paper opens a window for future work on the historical approach to study and address IoT challenges. Lubna Alazzawi | Jamal Alotaibi "Insight into IoT Applications and Common Practice Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30286.pdf Paper Url :https://www.ijtsrd.com/engineering/computer-engineering/30286/insight-into-iot-applications-and-common-practice-challenges/lubna-alazzawi
Market Research Reports, Inc. has announced the addition of “Internet of Things (IoT) Service Level Agreements: Market Outlook and Forecast for IoT SLAs 2017 - 2022” research report to their offering. See more at - http://mrr.cm/3FL
Internet of things_by_economides_keynote_speech_at_ccit2014_finalAnastasios Economides
Internet of Things forecast, economics, applications, technology, research challenges, sensor networks security, attack models, countermeasures, network security visualization
Internet of Things Insights of Applications in Research and Innovation to Int...ijtsrd
In existing world IOT find a great attention from researchers, it becomes an vital technology that offers a well defined communications between objects and machines. That will offer immediate access to information about the real world and objects in it leading to innovative facilities and increase in effectiveness and output. The IoT developments address the whole IoT spectrum form the devices at the edge to cloud and data centres on the backend and everything in between through ecosystems are generated by industry, research and application stakeholders that enable real world use cases to quicken the in IoT and establish open interoperability standards and common architectures for IoT solutions. This paper studies the perception of many IoT applications and innovation of original connected technologies to the challenges that in front of the execution of the IoT. Deepika Bairagee | Aditya Sharma "Internet of Things: Insights of Applications in Research and Innovation to Integrated Ecosystem" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31213.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/31213/internet-of-things-insights-of-applications-in-research-and-innovation-to-integrated-ecosystem/deepika-bairagee
Analysis on IoT Challenges, Opportunities, Applications and Communication ModelsINFOGAIN PUBLICATION
Internet of Things (IoT) is a novel communication standard and it is researcher’s preferred topic, which integrates heterogeneous systems seamlessly. Designing a universal architecture for IoT is a challenging task due to the integration of wide variety of the devices. The main objective of this paper is to provide comprehensive knowledge on challenges, applications, Security issues, and different communication models of IoT. This paper also focuses on the marketing trends of IoT with respect to variety of application with the end users. This motivates the researchers to contribute more productive work in this field by analyzing various parameters.
Industrial Internet of Things: Recipe for Innovating the Businesses through...Eurotech
The search for business sustainability is pushing companies to become more efficient thought a strategic rethinking of the business process while the market is shifting from products to services. To truly transform the business model, organizations need to connect and collect actionable data from their assets and processes, and invest in IT tools and resources. To make this happen, Eurotech has designed and implemented an Industrial IoT solution that dramatically simplifies the transformation of a business into a smart business.
Internet of Things Corporate PresentationMomentumPR
Internet of Things Inc. (TSX-V: ITT) is an IoT software and solutions provider acquiring and implementing strategic disruptive solutions targeting the Industrial IoT markets including: manufacturing, agriculture, energy management, transportation.
Machine 2 Machine - Internet of Things - Real World InternetJack Brown
This document begins by discussing how M2M is causing an entire “Internet of Things”, or Internet of Intelligent Objects, to emerge. How IoT is extending its reach to the real world of RWI. It discusses and provides a neutral answer to the question of “What is M2M”. It defines and discusses M2M Drivers and the M2M Value Chain. It defines the M2M Communications Network and provides for a real world M2M Infrastructure HVAC example. It then defines and discusses M2M for the Enterprise – What Should be Looked for in an M2M Platform, the Multiple Players and various Connectivity Services that can be offered by the different and Emerging Partners. The document then starts discussing how LTE is driving growth in the M2M market and the Network Areas associated with M2M such as Subscriber Data Management, Multiple Access Domains, Scalability and Flexibility, Identity Management, Security, Messaging, Policy and Charging Rules. A summary is then provided in conclusion discussing topics such as: M2M’s Extensive Industry Value Chain: Trends Associated With M2M Infrastructure Deployment Relative To MNO’s/MVNO’s/ MMO’s; IPV6 Support For M2M Network Addressing; M2M and MNO’s; MVNO’s; ASP’s; Activation Rates Optimized for IoT; Network Initiated Data Session Activation, etc.
Evolution of Internet of Things (IoT) Ecosystem - Potential in IndiaJayanth Kolla
This is India's first, and one of the world's first market-specific industry analysis report on Internet of Things (IoT) domain.
This report evaluates the global developments in the IoT space. And, delves deeper into the current state, growth potential and future outlook of IoT ecosystem evolution in India. This report assesses India as a potential market and innovation hub for IoT based products and solutions.
This is the Executive Summary and ToC of the full report
In the recent years, Internet of Things (IoT) has acquired a remarkable attention. IoT projects a world where billions of smart, interacting things are able to offer various services to near and remote entities. This innovative technology enables users to identify and control services. Customers can benefit from the functional guidance. Therefore, the voice of customers is transmitted to manufacturers. The benefit and welfare that the IoT brings about are undeniable; on the other hand, there are some challenges to apply IoT. The main objective of this study is to reveal the usability challenges of IoT in developing countries through a detailed literature survey.
India Internet of Things (IoT) Market Forecast and Opportunities, 2020TechSci Research
Growing need for real-time monitoring, tracking and automation coupled with favorable government initiatives to drive Internet of Things (IoT) market in India
ITU Standardization of Telebiometric applications ITU
Our Goal at ITU-T SG17 is to develop telebiometric (remote life measurement) standards from sensor thru the gateway and into the cloud. The standards focus on how to acquire biological information and interaction, structure the data, encrypt, store, and authenticate.
Initially, biological data is acquired from a living entity e.g. a person. A Metric system is applied and the information is then structured and encrypted X. Implementing authentication standards ensures only the users permitted to view the telebiometric data have access.
Traditionally, biometrics has been a niche industry with a very limited scope. However at Q9/17, we have expanded the scope to all biological measurements combined with the necessary telecommunication infrastructure.
For more information on ITU-T SG17 – Security, please visit: http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx
The Internet of Things. Wharton Guest Lecture by Sandeep Kishore – Corporate ...HCL Technologies
Internet became mainstream around 20 years ago and the rapid pace of technology development we have seen over these years is fascinating. We are now looking at the biggest revolution ever, in the world of connectivity - Internet of Things (IoT). Everything we can think of around us - at home, work, in the car, or at a retail store -- will be interconnected, exchanging data and information, thus leading to an extremely intelligent network of things. It will lead to richer user experience, improved efficiencies and higher collaboration across the ecosystem. Exciting times await us...
The years approaching 2020 will see Internet of Things (IoT) technologies enabling the interconnection of billions of devices, things and objects to achieve the efficiencies borne of innovations such as intelligent buildings and transportation systems, and smart energy and water networks.
IoT is contributing to the convergence of industry sectors, with utilities, healthcare and transportation among the many sectors with a stake in the future of IoT. The new ITU-T Study Group 20 established in June 2015 provides the specialized IoT standardization platform necessary for this convergence to rest on a cohesive set of international standards.
Today we are faced with the challenge of addressing the standardization requirements of the many vertical industries applying information and communication technologies (ICTs) as enabling technologies. This is particularly evident in the field of IoT, where IoT platforms are being developed independently, according to the specific needs of each sector. This divergence in IoT development and deployment has led to an urgent need for stakeholders to come together to mitigate the risk of data “silos” emerging in different industry sectors.
ITU-T Study Group 20 has taken up this challenge, providing government, industry and academia with a unique global platform to collaborate in the development of international IoT standards. One of the group’s primary objectives is to support the creation of an inclusive, interoperable IoT ecosystem capable of making full use of the data generated by IoT-enabled systems.
The Study Group is building on over ten years of ITU-T experience in IoT standardization, developing international standards to enable the coordinated development of IoT technologies, including radio-frequency identification, ubiquitous sensor networks and machine-to-machine communications. A central part of this study is the standardization of end-to-end architectures for IoT, and mechanisms for the interoperability of IoT applications and datasets employed by various vertical industries. An important aspect of the group’s work is the development of standards that leverage IoT technologies to address urban-development challenges.
This flipbook presents a compendium of the first set of ITU international standards for IoT, providing a resource of great value to standards experts interested in contributing to the work of ITU-T Study Group 20. This compendium is also expected to assist the wide variety of stakeholders interested in implementing these IoT standards or calling for adherence to standards in policy and regulatory frameworks relevant to IoT. This compendium will be updated continuously, according to the progress of IoT developments in ITU.
For more information on how to join ITU-T Study Group 20 on Internet of Things, please visit: http://www.itu.int/en/ITU-T/about/groups/Pages/sg20.aspx
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrumtechUK
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrum
This report presents the findings of a study commissioned from Plum Consulting for the UK Spectrum Policy Forum to assess the current and future use of frequency bands which may be used by licence exempt wireless applications in the UK and Europe. Its main purpose was to identify any actions that may need to be taken to maintain the economic value of licence exempt bands and to ensure equitable co-existence between new and existing licence exempt technologies and applications.
More information is available at: http://www.techuk.org/about/uk-spectrum-policy-forum
All rights reserved
Review of the Introduction and Use of RFIDEditor IJCATR
We live in an age where technology is an integral part of human daily life. The aim of the technology is secure, accurate,
correct use of time for mankind and nature brings it may also have disadvantages and challenges. In this paper we describe the RFID
technology. Today, this technology in hospitals, shops, airports, tracking birds are used. It can be used in hospital intensive care unit
for monitoring and remote patient care, which causes it to print patients and physicians are not required to comply with very close
distance, the result of which can cause safety Patients and physicians should be. The security technology implementation is a
challenge. This paper introduces the applications, the challenges we have this technology.
Review of the Introduction and Use of RFIDEditor IJCATR
We live in an age where technology is an integral part of human daily life. The aim of the technology is secure, accurate, correct use of time for mankind and nature brings it may also have disadvantages and challenges. In this paper we describe the RFID technology. Today, this technology in hospitals, shops, airports, tracking birds are used. It can be used in hospital intensive care unit for monitoring and remote patient care, which causes it to print patients and physicians are not required to comply with very close distance, the result of which can cause safety Patients and physicians should be. The security technology implementation is a challenge. This paper introduces the applications, the challenges we have this technology.
Review of the Introduction and Use of RFIDEditor IJCATR
We live in an age where technology is an integral part of human daily life. The aim of the technology is secure, accurate, correct use of time for mankind and nature brings it may also have disadvantages and challenges. In this paper we describe the RFID technology. Today, this technology in hospitals, shops, airports, tracking birds are used. It can be used in hospital intensive care unit for monitoring and remote patient care, which causes it to print patients and physicians are not required to comply with very close distance, the result of which can cause safety Patients and physicians should be. The security technology implementation is a challenge. This paper introduces the applications, the challenges we have this technology.
Review of the Introduction and Use of RFIDEditor IJCATR
We live in an age where technology is an integral part of human daily life. The aim of the technology is secure, accurate,
correct use of time for mankind and nature brings it may also have disadvantages and challenges. In this paper we describe the RFID
technology. Today, this technology in hospitals, shops, airports, tracking birds are used. It can be used in hospital intensive care unit
for monitoring and remote patient care, which causes it to print patients and physicians are not required to comply with very close
distance, the result of which can cause safety Patients and physicians should be. The security technology implementation is a
challenge. This paper introduces the applications, the challenges we have this technology.
Smart buildings will revolutionize the way companies manage facilities, employee's experience while at work. Unlocking efficiencies, cost savings and improved productivity using the Internet Of Things.
Do we need a wakeup call to keep driver-less cars protected? ITU
Do we need a wakeup call to keep driver-less cars protected? This presentation was given at a Symposium on the Future Networked Car 2018 (FNC-2018) in Geneva, Switzerland on 8 March 2018. Find more information on this symposium here: https://www.itu.int/en/fnc/2018/Pages/programme.aspx
Global Virtual Mobile Network for Car manufacturersITU
This presentation discussed Global Virtual Mobile Network for Car manufacturers. The presentation was given at was given at a Symposium on the Future Networked Car 2018 (FNC-2018) in Geneva, Switzerland on 8 March 2018. Find more information on this symposium here: https://www.itu.int/en/fnc/2018/Pages/programme.aspx
Coordination of Threat Analysis in ICT EcosystemsITU
This presentation discussed Coordination of Threat Analysis in ICT Ecosystems. The presentation was given at ITU Workshop on 5G Security in Geneva, Switzerland, on 19 March 2018. Find more information about this workshop here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Pages/programme.aspx
Learning from the past: Systematization for Attacks and Countermeasures on Mo...ITU
This presentation discussed Learning from the past: Systematization for Attacks and Countermeasures on Mobile Networks. The presentation was given at ITU Workshop on 5G Security in Geneva, Switzerland, on 19 March 2018. Find more information about this workshop here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Pages/programme.aspx
Trustworthy networking and technical considerations for 5GITU
This presentation discussed Trustworthy networking and technical considerations for 5G. The presentation was given at ITU Workshop on 5G Security in Geneva, Switzerland, on 19 March 2018. Find more information about this workshop here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Pages/programme.aspx
The role of Bicycles and E-Bikes in the future development of Intelligent Tra...ITU
This presentation discussed the role of Bicycles and E-Bikes in the future development of Intelligent Transport Systems. It was given at was given at a Symposium on the Future Networked Car 2018 (FNC-2018) in Geneva, Switzerland on 8 March 2018. Find more information on this symposium here: https://www.itu.int/en/fnc/2018/Pages/programme.aspx
This presentation discusses connected cars & 5G and was given at a Symposium on the Future Networked Car 2018 (FNC-2018) in Geneva, Switzerland on 8 March 2018. Find more information on this symposium here: https://www.itu.int/en/fnc/2018/Pages/programme.aspx
This presentation discusses 5G for Connected and Automated Driving and was given at a Symposium on the Future Networked Car 2018 (FNC-2018) in Geneva, Switzerland on 8 March 2018. Find more information on this symposium here: https://www.itu.int/en/fnc/2018/Pages/programme.aspx
This presentation discusses securing the future of Automotive and was presented at a Symposium on the Future Networked Car 2018 (FNC-2018) in Geneva, Switzerland on 8 March 2018.
Find more information on this symposium here: https://www.itu.int/en/fnc/2018/Pages/programme.aspx
The Connected Vehicle - Challenges and Opportunities. ITU
This presentation discusses challenges and opportunities of the connected vehicle. The presentation was given at a Symposium on the Future Networked Car 2018 (FNC-2018)
held in Geneva, Switzerland on 8 March 2018. More information on the symposium can be found here: https://www.itu.int/en/fnc/2018/Pages/default.aspx
Machine learning for decentralized and flying radio devicesITU
This presentation discusses matters of machine learning for decentralized and flying radio devices. This presentation was given during the ITU-T workshop on Machine Learning for 5G and beyond, held at ITU HQ in Geneva, Switzerland on 29 Jan 18. More information on the workshop can be found here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180129/Pages/default.aspx
Join our upcoming forums and workshops here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/Pages/default.aspx
https://www.slideshare.net/ITU/ai-and-machine-learning
This presentation discusses matters of AI and machine learning. This presentation was given during the ITU-T workshop on Machine Learning for 5G and beyond, held at ITU HQ in Geneva, Switzerland on 29 Jan 18. More information on the workshop can be found here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180129/Pages/default.aspx
Join our upcoming forums and workshops here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/Pages/default.aspx
This presentation discusses matters of machine learning for 5G and beyond, towards a reliable and efficient reconstruction of radio maps. This presentation was given during the ITU-T workshop on Machine Learning for 5G and beyond, held at ITU HQ in Geneva, Switzerland on 29 Jan 18. More information on the workshop can be found here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180129/Pages/default.aspx
This presentation consist of models and explanations of deep learning, artificial intelligence and today's systems and communications. This was presented at the ITU-T Workshop on Machine Learning for 5G held at the ITU HQ in Geneva, Switzerland on 29 January 2018. More information on this workshop can be found here: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180129/Pages/default.aspx
Driven by the rapid progress in Artificial Intelligence (AI) research, intelligent machines are gaining the ability to learn, improve and make calculated decisions in ways that will enable them to perform tasks previously thought to rely solely on human experience, creativity, and ingenuity. As a result, we will in the near future see large parts of our lives influenced by AI.
AI innovation will also be central to the achievement of the United Nations' Sustainable Development Goals (SDGs) and will help solving humanity's grand challenges by capitalizing on the unprecedented quantities of data now being generated on sentiment behavior, human health, commerce, communications, migration and more.
With large parts of our lives being influenced by AI, it is critical that government, industry, academia and civil society work together to evaluate the opportunities presented by AI, ensuring that AI benefits all of humanity. Responding to this critical issue, ITU and the XPRIZE Foundation organized AI for Good Global Summit in Geneva, 7-9 June, 2017 in partnership with a number of UN sister agencies. The Summit aimed to accelerate and advance the development and democratization of AI solutions that can address specific global challenges related to poverty, hunger, health, education, the environment, and others.
The Summit provided a neutral platform for government officials, UN agencies, NGO's, industry leaders, and AI experts to discuss the ethical, technical, societal and policy issues related to AI, offer reccommendations and guidance, and promote international dialogue and cooperation in support of AI innovation.
Please visit the AI for Good Global Summit page for more resources: https://www.itu.int/en/ITU-T/AI/Pages/201706-default.aspx
If you would like to speak, partner or sponsor the 2018 edition of the summit, please contact: ai@itu.int
Join ITU today and apply for an International Mobile Subscriber Identity (IMSI) ranges signified by the shared Mobile Country Code ‘901’, which has no ties to any single country. ‘Global SIMs’ are important for enabling cross-border global M2M & IoT connectivity, helping manufacturers to build once and sell anywhere.
For more information contact: membership@itu.int
Report on the progress made by least developed countries towards universal + affordable Internet with recommendations to achieve Sustainable Development Goal 9C https://www.itu.int/en/ITU-D/LDCs/Pages/ICTs-for-SDGs-in-LDCs-Report.aspx
Collection Methodology for Key Performance Indicators for Smart Sustainable C...ITU
These indicators have been developed to provide cities with a consistent and standardised method to collect
data and measure performance and progress to:
achieving the Sustainable Development Goals (SDGs)
becoming a smarter city
becoming a more sustainable city
The indicators will enable cities to measure their progress over time, compare their performance to other
cities and through analysis and sharing allow for the dissemination of best practices and set standards for
progress in meeting the Sustainable Development Goals (SDGs) at the city level.
For more information visit: https://www.itu.int/en/ITU-T/ssc/united/Pages/default.aspx
Enhancing innovation and participation in smart sustainable citiesITU
The United for Smart Sustainable Cities (U4SSC) initiative was launched by the International Telecommunication
Union (ITU) and United Nations Economic Commission for Europe (UNECE) in May 2016. The first phase of this initiative, which was conducted via three Working Groups, was completed in April 2017. This flipbook brings together the work done in Working Group 3 (WG3) for Enhancing Innovation and Participation in Smart Sustainable Cities. WG3 is formed of a group of global experts and practitioners to facilitate knowledge sharing and partnership building on smart cities, with the aim of formulating strategic guidelines and case studies for enhancing innovation and participation in smart sustainable cities. More specifically, WG3 addresses various topics on smart governance, smart economy and smart people with the aim of achieving strong and symbiotic governance, economics and society.
For more information visit: https://www.itu.int/en/ITU-T/ssc/united/Pages/default.aspx
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
New ITU Standard on Identity & Access Management
1. I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n
ITU-T X.1257
TELECOMMUNICATION
STANDARDIZATION SECTOR
OF ITU
(03/2016)
SERIES X: DATA NETWORKS, OPEN SYSTEM
COMMUNICATIONS AND SECURITY
Cyberspace security – Identity management
Identity and access management taxonomy
Recommendation ITU-T X.1257
2. ITU-T X-SERIES RECOMMENDATIONS
DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY
PUBLIC DATA NETWORKS X.1–X.199
OPEN SYSTEMS INTERCONNECTION X.200–X.299
INTERWORKING BETWEEN NETWORKS X.300–X.399
MESSAGE HANDLING SYSTEMS X.400–X.499
DIRECTORY X.500–X.599
OSI NETWORKING AND SYSTEM ASPECTS X.600–X.699
OSI MANAGEMENT X.700–X.799
SECURITY X.800–X.849
OSI APPLICATIONS X.850–X.899
OPEN DISTRIBUTED PROCESSING X.900–X.999
INFORMATION AND NETWORK SECURITY
General security aspects X.1000–X.1029
Network security X.1030–X.1049
Security management X.1050–X.1069
Telebiometrics X.1080–X.1099
SECURE APPLICATIONS AND SERVICES
Multicast security X.1100–X.1109
Home network security X.1110–X.1119
Mobile security X.1120–X.1139
Web security X.1140–X.1149
Security protocols X.1150–X.1159
Peer-to-peer security X.1160–X.1169
Networked ID security X.1170–X.1179
IPTV security X.1180–X.1199
CYBERSPACE SECURITY
Cybersecurity X.1200–X.1229
Countering spam X.1230–X.1249
Identity management X.1250–X.1279
SECURE APPLICATIONS AND SERVICES
Emergency communications X.1300–X.1309
Ubiquitous sensor network security X.1310–X.1339
PKI related Recommendations X.1340–X.1349
CYBERSECURITY INFORMATION EXCHANGE
Overview of cybersecurity X.1500–X.1519
Vulnerability/state exchange X.1520–X.1539
Event/incident/heuristics exchange X.1540–X.1549
Exchange of policies X.1550–X.1559
Heuristics and information request X.1560–X.1569
Identification and discovery X.1570–X.1579
Assured exchange X.1580–X.1589
CLOUD COMPUTING SECURITY
Overview of cloud computing security X.1600–X.1601
Cloud computing security design X.1602–X.1639
Cloud computing security best practices and guidelines X.1640–X.1659
Cloud computing security implementation X.1660–X.1679
Other cloud computing security X.1680–X.1699
For further details, please refer to the list of ITU-T Recommendations.
3. Rec. ITU-T X.1257 (03/2016) i
Recommendation ITU-T X.1257
Identity and access management taxonomy
Summary
Recommendation ITU-T X.1257 develops a specification to ensure that the necessary business
meaning is assigned to identity and access management (IAM) roles and permissions, and that this
business meaning is traceable and referenceable throughout the IAM process lifecycle. This means
that that permissions can be efficiently assigned to users, separation of duties (SoD) controls can be
successfully implemented across applications, and access review and reconciliation processes can be
carried out efficiently.
History
Edition Recommendation Approval Study Group Unique ID*
1.0 ITU-T X.1257 2016-03-23 17 11.1002/1000/12608
Keywords
Access management, IAM lifecycle, identity and access management, role, permission, business
meaning, business taxonomy, business task.
* To access the Recommendation, type the URL http://handle.itu.int/ in the address field of your web
browser, followed by the Recommendation's unique ID. For example, http://handle.itu.int/11.1002/1000/11
830-en.
4. ii Rec. ITU-T X.1257 (03/2016)
FOREWORD
The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of
telecommunications, information and communication technologies (ICTs). The ITU Telecommunication
Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical,
operating and tariff questions and issuing Recommendations on them with a view to standardizing
telecommunications on a worldwide basis.
The World Telecommunication Standardization Assembly (WTSA), which meets every four years,
establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on
these topics.
The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1.
In some areas of information technology which fall within ITU-T's purview, the necessary standards are
prepared on a collaborative basis with ISO and IEC.
NOTE
In this Recommendation, the expression "Administration" is used for conciseness to indicate both a
telecommunication administration and a recognized operating agency.
Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain
mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the
Recommendation is achieved when all of these mandatory provisions are met. The words "shall" or some
other obligatory language such as "must" and the negative equivalents are used to express requirements. The
use of such words does not suggest that compliance with the Recommendation is required of any party.
INTELLECTUAL PROPERTY RIGHTS
ITU draws attention to the possibility that the practice or implementation of this Recommendation may
involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence,
validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others
outside of the Recommendation development process.
As of the date of approval of this Recommendation, ITU had not received notice of intellectual property,
protected by patents, which may be required to implement this Recommendation. However, implementers
are cautioned that this may not represent the latest information and are therefore strongly urged to consult the
TSB patent database at http://www.itu.int/ITU-T/ipr/.
ITU 2016
All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the
prior written permission of ITU.
5. Rec. ITU-T X.1257 (03/2016) iii
Table of Contents
Page
1 Scope............................................................................................................................. 1
2 References..................................................................................................................... 1
3 Definitions .................................................................................................................... 1
3.1 Terms defined elsewhere................................................................................ 1
3.2 Terms defined in this Recommendation......................................................... 2
4 Abbreviations and acronyms ........................................................................................ 3
5 Conventions.................................................................................................................. 3
6 Introduction................................................................................................................... 4
7 Approach overview....................................................................................................... 4
8 IAM role semantic and syntax requirements................................................................ 6
Annex A .................................................................................................................................. 8
Appendix I – IAM taxonomy process lifecycle....................................................................... 9
Appendix II – SCIM 2.0 extension profile proposal................................................................ 12
Appendix III – Suggested extension to XACML 3.0 profile................................................... 14
Appendix IV – Task based access management use cases ...................................................... 16
Appendix V – Possible mechanisms for implementation of business taxonomy interface ..... 17
Appendix VI – Business process taxonomy standards ............................................................ 18
Appendix VII – IAM ontology domain model ........................................................................ 19
Bibliography............................................................................................................................. 25
6.
7. Rec. ITU-T X.1257 (03/2016) 1
Recommendation ITU-T X.1257
Identity and access management taxonomy
1 Scope
This Recommendation specifies requirements for assigning business meaning to identity and access
management (IAM) roles and user permissions by leveraging [ITU-T X.1252], [ITU-T X.1254] and
[b-ITU-T X.1255], and extending them to propose the following:
• An IAM taxonomy to semantically identify and organize IAM phases and processes to
represent a comprehensive IAM process lifecycle.
• An IAM ontology model to semantically identify IAM role and permission types, their
syntax and corresponding type relationships.
2 References
The following ITU-T Recommendations and other references contain provisions which, through
reference in this text, constitute provisions of this Recommendation. At the time of publication, the
editions indicated were valid. All Recommendations and other references are subject to revision;
users of this Recommendation are therefore encouraged to investigate the possibility of applying the
most recent edition of the Recommendations and other references listed below. A list of the
currently valid ITU-T Recommendations is regularly published. The reference to a document within
this Recommendation does not give it, as a stand-alone document, the status of a Recommendation.
[ITU-T X.1252] Recommendation ITU-T X.1252 (2010), Baseline identity management terms
and definitions.
[ITU-T X.1254] Recommendation ITU-T X.1254 (2012), Entity authentication assurance
framework.
3 Definitions
3.1 Terms defined elsewhere
3.1.1 access control [ITU-T X.1252]: A procedure used to determine if an entity should be
granted access to resources, facilities, services, or information based on pre-established rules and
specific rights or authority associated with the requesting party.
3.1.2 attribute [ITU-T X.1252]: Information bound to an entity that specifies a characteristic of
the entity.
3.1.3 context [ITU-T X.1252]: Environment with defined boundary conditions in which entities
exist and interact.
3.1.4 credential [ITU-T X.1252]: Set of data presented as evidence of a claimed identity and/or
entitlements.
3.1.5 entity [ITU-T X.1252]: Something that has separate and distinct existence and that can be
identified in a context.
3.1.6 identifier [ITU-T X.1254]: One or more attributes that uniquely characterize an entity in a
specific context.
3.1.7 identity [b-ISO/IEC 24760-1]: Set of attributes related to an entity.
NOTE – Within a particular context, an identity may have one or more identifiers to allow an entity to be
uniquely recognized within that context.
8. 2 Rec. ITU-T X.1257 (03/2016)
3.1.8 role [ITU-T X.1252]: A set of properties or attributes that describe the capabilities or the
functions performed by an entity.
NOTE – Each entity can have/play many roles. Capabilities may be inherent or assigned.
3.1.9 user [ITU-T X.1252]: Any entity that makes use of a resource, e.g., system, equipment,
terminal, process, application, or corporate network.
3.2 Terms defined in this Recommendation
This Recommendation defines the following terms:
3.2.1 access assignment: A process of assigning access rights to user(s).
3.2.2 access change request management: A process for managing access change requests.
3.2.3 access constraints: A set of access constraints based on user location, temporary restricted
tasks and temporary restricted resources.
3.2.4 access engineering: A process of creating and maintaining access rights.
3.2.5 access operation: A process of evaluating user access rights for the purpose of executing
certain business tasks.
3.2.6 access policy: An access control constraining mechanism (i.e., what business permissions
a user can execute during run-time).
3.2.7 access reconciliation: A process of changing user access rights according to stated access
rights requirements to avoid over (or under) privileged user access.
3.2.8 access review: A process of reviewing user access rights for the purpose of subsequent
access reconciliation and certification.
3.2.9 assign policy: A permissions assignment constraining mechanism (i.e., what tasks can be
assigned to a user).
3.2.10 authorization logic engineering: A process of developing and maintaining authorization
logic across related applications.
3.2.11 browser: An application running on a device used by users to interact with a service
provider.
3.2.12 business role: A collection of tasks (with or without permissions) that a user can be
entitled to perform.
3.2.13 business task access logging: A process of logging successfully completed task execution
or user not authorized to perform certain task(s).
3.2.14 business task execution authorization: A process for authorizing a user to perform a
specific business task on a specific resource.
3.2.15 business task execution: A process of executing specific business task(s).
3.2.16 business taxonomy engineering: A process of creating and maintaining a business
process and business product taxonomy.
3.2.17 business process taxonomy: A taxonomy that semantically identifies and organizes
business processes and sub-processes into a hierarchical structure.
3.2.18 channel: A communication method a user chooses to interact with a service provider.
3.2.19 device: A mechanism a user uses to enable the interaction with a service provider.
3.2.20 entitlement: A set of tasks and permissions assigned to a user.
9. Rec. ITU-T X.1257 (03/2016) 3
3.2.21 IAM process lifecycle: A life cycle of identity and access management (IAM) processes
and sub processes.
3.2.22 IAM role engineering: A process of creating and maintaining IAM roles and permissions.
3.2.23 intent: The user reason or purpose for initiating the interaction with a service provider.
3.2.24 permission: A set of task(s) accessing business resources constrained by corresponding
access control policies.
3.2.25 resource: A leaf node of a business product taxonomy also known as business product.
3.2.26 session: A container of runtime authentication and authorization attributes.
3.2.27 task: A leaf node of a business process taxonomy also known as business task.
3.2.28 team: A human resource container of business roles each team member has in common.
4 Abbreviations and acronyms
This Recommendation uses the following abbreviations and acronyms:
APQC American Productivity and Quality Center
CPC Central Product Classification
eTOM enhanced Telecom Operations Map
HTTP Hypertext Transfer Protocol
IAM Identity and Access Management
IP Internet Protocol
IT Information Technology
JSON JavaScript Object Notation
JSON-LD JSON-based serialization for Linked Data
MAC Media Access Control
PCF Process Classification Framework
RBAC Role Based Access Control
REST Representational State Transfer
SCIM System for Cross-domain Identity Management
SDLC Software Development Life Cycle
SKOS Simple Knowledge Organization System
SOAP Simple Object Access Protocol
SoD Separation of Duties
URL Uniform Resource Locator
XACML extensible Access Control Markup Language
5 Conventions
The following conventions are used in this Recommendation:
First letter word capitalization in the middle of the sentence denotes the use of a term that is part of
a model (i.e., IAM ontology model or IAM taxonomy model) such as "Business Role" or "IAM
Role Engineering" and it can be also be found in corresponding diagrams. The term "business task"
10. 4 Rec. ITU-T X.1257 (03/2016)
and "task" are used interchangeably for readability purposes. The term "business resource" and
"resource" are used interchangeably for readability purposes.
6 Introduction
The lack of business meaning in current identity and access management (IAM) roles and user
permissions negatively impacts the entire IAM lifecycle. Even though IAM roles such as
"SuperAdmin", "SuperUpdate" and "XYZSystemSpecialAccess" are ambiguous, overly-technical
and cryptic they are common in many enterprises. Naturally, instead of reusing such ambiguous
roles an IAM role engineer time and time again would create new roles. This however eventually
leads to a large amount of hard to manage system specific IAM roles that do not convey the
intended business meaning.
Such a large number of roles as well as their poor semantic quality negatively impacts key IAM
lifecycle phases such as Access Assignment, Access Authorization, Access Review and Access
Reconciliation. During Access Assignment an access management specialist that does not
understand the meaning of existent roles could assign wrong privileges to user. To compensate for
the lack of business meaning in IAM roles application developers have to hard code authorization
logic into their applications. Synchronizing the maintenance of such authorization logic source code
across applications is problematic and error prone. Furthermore, it is difficult (if not impossible) to
implement separation of duties (SoD) controls across many applications. During Access Review
due to the same lack of business meaning in IAM roles as well as the pressure to meet compliance
deadlines access reviewers erroneously certify (or revoke) user access rights. The high rate of such
access review errors and error prone authorization logic implementation increases the risk of
reputational harm and financial loss, poses regulatory concerns, negatively impacts the productivity
of the IAM operations team, and hinders the ability to deliver large scale enterprise solutions such
as process, application and role rationalization.
Since current standard access control specifications do not define the semantics for IAM roles and
permissions a complementary set of access management requirements needs to be specified. Such
requirements would ensure that necessary business meaning is assigned to IAM roles and
permissions and that this business meaning is traceable and referenceable throughout the IAM
process lifecycle so that permissions can be efficiently assigned to users, SoD controls successfully
implemented across applications and access review and reconciliation processes can be carried out
efficiently.
7 Approach overview
Given that the scope of this Recommendation is to develop a set of requirements for assigning
business meaning to IAM roles, the following approach is described in detail below. As it was
noted in clause 6, an IAM role engineering team needs to assign a required business meaning to
new IAM roles. But where would such business meaning originate and who can produce it? Today
business architects are given a business strategy and are tasked to develop a business process and
business product taxonomy.
A business process taxonomy semantically identifies and organizes business processes and
sub-processes into a hierarchical (for process inventory browsing purposes) structure that starts with
Industry as its root and decomposes into Business Area, Business Process, Business Action and
Business Tasks (see Appendix VI – Business process taxonomy standards for more details). A
business taxonomy would also include a hierarchy of business products and is usually maintained
by business product architects in a large spread sheet or a document file.
During software development life cycle (SDLC) fragments of such hierarchy content are copied and
pasted by business analysts to create business requirements documents that are handed to the IAM
role engineering team and to the application development team for further implementation. Since a
11. Rec. ITU-T X.1257 (03/2016) 5
role engineer cannot reference specific business tasks by its identifier he usually creates IAM roles
with or without a definition according to his dated interpretation of the business tasks a user can
perform. In the end the business meaning of the IAM role gets lost or misinterpreted by the
application developer. How can this problem be solved?
To solve this problem the business meaning in IAM roles should be referenceable and traceable to
the corresponding current business tasks throughout the IAM process lifecycle. This is the key
foundational quality characteristic that can improve the quality of the entire IAM process lifecycle.
How can this quality characteristic be implemented? A number of semantic representation
approaches exist for implementing an application programming interface for a business taxonomy
(see Appendix V – Possible mechanisms for implementation of business taxonomy interface).
However it is not enough to have the business meaning referenceable and traceable throughout the
IAM process lifecycle. It is also required to specify a semantic syntax for IAM roles.
Currently the syntax for IAM roles syntax is specified by a widely used standard access control
mechanism called role based access control (RBAC) and this is illustrated in Figure 1.
Figure 1 – Traditional RBAC model
The following role syntax can be observed:
• Roles can contain other roles, i.e., forming a role hierarchy.
• Roles are made of permissions.
However such a traditional RBAC mechanism has a known limitation, it does not specify the
semantics of the permissions (i.e., the "nature of permissions"). Instead, the specification says that
permission semantics is left open for interpretation, "permissions can be defined in terms of
primitive operations such as read and write, or abstract operations, such as credit and debit"
[b-NIST-RBAC 2000]. However in practice as shown in clause 6, ambiguous IAM roles are created
without a reference to the corresponding business tasks.
In order to assign business meaning to IAM roles it is required to specify a semantic syntax for IAM
roles. The meaning would have to come from the most granular business taxonomy leaf nodes,
tasks and resources. Figure 2 depicts the semantic syntax of the IAM role.
12. 6 Rec. ITU-T X.1257 (03/2016)
Figure 2 – Task based access management, conceptual diagram
The following can be observed:
• Roles can (still) contain other roles via "subRole" relationship, i.e., forming a role
hierarchy.
• IAM roles key semantic syntax:
– A business role entitles a user to perform business task(s) via an "entitlesToPerform"
relationship. This enables any IAM role to implicitly inherit its business meaning from
corresponding business tasks.
– A business task (not the user or the role) accesses a specific resource (i.e., "Business
Product"). The "accesses" relationship is an optional one and needed for situations
where a more granular access control is required.
– Task and resource as leaf nodes of the business taxonomy serve as perquisite building
blocks during IAM role engineering and are referenced throughout the IAM process
lifecycle.
For reasons of simplicity, the parent types of task and resource product in Figure 2 are not shown.
Table 1 shows a few entitlement examples of the above syntax that will help illustrate these points:
Table 1 – Entitlement examples
Business role Task Resource
Teller Set up account Advanced checking account
Doctor Review patient history Patient history
System administrator Update system environment System environment
The above semantic syntax for IAM roles will achieve the main goal of assigning business meaning
to IAM roles. The following clause will express the proposed approach in a requirements format.
8 IAM role semantic and syntax requirements
The following recommendations are set forth for IAM roles to have the necessary business
meaning:
1) Business taxonomy serves as a pre-requisite input into IAM process lifecycle to provide for
business meaning in IAM roles and user permissions throughout entire lifecycle.
2) Business meaning in IAM roles is reference-able and traceable to the corresponding
business tasks of the business taxonomy throughout IAM process lifecycle.
13. Rec. ITU-T X.1257 (03/2016) 7
3) IAM roles to have the following semantic syntax:
3.1)IAM role is composed of business tasks a user is entitled to perform.
3.2)IAM role is composed of business tasks optionally accessing specific business
resources if there is a need for a more granular access control.
4) Successful execution of business tasks as well as unauthorized business task execution
requests are to be logged by referencing corresponding business tasks identifiers.
14. 8 Rec. ITU-T X.1257 (03/2016)
Annex A
(This annex forms an integral part of this Recommendation.)
This annex is left blank and is intended for providing possible future implementation scenarios of
IAM task based access management.
15. Rec. ITU-T X.1257 (03/2016) 9
Appendix I
IAM taxonomy process lifecycle
(This appendix does not form an integral part of this Recommendation.)
Figure I.1 emphasizes the fact that the entire IAM process lifecycle is primarily influenced by
changes originated in business taxonomy. These business taxonomy changes would be subscribed
by and consumed by IAM role engineering and authorization logic engineering teams. Changes
would contain Business Task identifiers in corresponding artefacts such as IAM roles,
Authorization Logic source code, and Business Task execution and authorization log files.
Figure I.1 – IAM process lifecycle dependencies
16. 10 Rec. ITU-T X.1257 (03/2016)
The second source of changes is human resource events such as hire, on-leave, move and other
events of these types. These events are processed by the Access Change Request Management
process and corresponding user entitlements would be provisioned to user entitlements directories.
Notably, these entitlements would contain identifier references to business tasks that provide a
business meaning and they would then be referenced during application runtime authorization.
Once the user is authenticated (process not shown for simplicity sake) preventive SoD controls
would block execution of conflicting business tasks during runtime authorization. During the
Business Task Execution Authorization process a user is either authorized to perform a task and the
task gets executed or the user is not authorized to perform a task. In both cases the application
would log these events by referencing corresponding business task identifiers. Below is a possible
example of such a logging format:
2016-02-08 22:20:02,165 ait:AppID1 192.168.0.1 UserID123 btt:TaskID1 btr:456:355
bttes:200 “Task successfully completed.”
2016-02-08 22:24:02,165 ait:AppID1 192.168.0.1 UserID123 btt:TaskID2 bttes:401
“User Not Authorized to execute Task”
where:
• btt – is a namespace name that resolves to an HTTP URL prefix such as
http://example.com/mylob/businesstaxonomy/task/
• btt:TaskID1 – is a business task identifier. When such a business task identifier is
appended to a btt namespace it can be used to retrieve additional business task information
such as task name, task description and task usage statistics.
• bttes – is a namespace name that resolves to an HTTP URL prefix such as
http://example.com/mylob/businesstaxonomy/task/execution/state
• bttes:200 – is a task execution status code indicating successful task execution.
• bttes:401 – is a task execution status code indicating task execution not authorized.
Since business tasks are semantically referenced in the log files it would be possible for an access
reviewer to analyse historical user access as well as potential user access in terms of business task
execution. Once user access is comprehensively analysed and reviewed corresponding
reconciliation changes are sent back to Access Change Request Management for correcting any
over (or under) privileged user access rights. These reconciliation changes are an important
loopback mechanism that characterizes any process as a lifecycle, i.e., IAM process lifecycle.
However not all the phases would be required for small or medium size enterprises. For example
Application Authorization Logic Engineering is left out or implemented by a user directory
component. Figure I.1 contains only the key portions of the entire IAM process lifecycle.
The following hierarchical bulleted list is a textual representation of the IAM process lifecycle.
Each taxonomy node is also defined in clause 3.2. For a codified representation please see the
simple knowledge organization system (SKOS) schema [b-Antonie].
1. Business Change Management
1.1 Business Taxonomy Engineering
1.1.1 Business Process Change
1.1.2 Business Product Change
2. Access Engineering
2.1 IAM role Engineering
2.2 Authorization Logic Engineering
3. Entity Identity Management
3.1 ITU-T X.1254 "Enrolment Phase" (Entity enrolment)
3.1.1 Application and initiation
18. 12 Rec. ITU-T X.1257 (03/2016)
Appendix II
SCIM 2.0 extension profile proposal
(This appendix does not form an integral part of this Recommendation.)
The following extension profile is a suggested system for cross-domain identity management
(SCIM) 2.01 representational state transfer (REST) web service protocol as a base [b-SCIM REST].
Figure II.1 illustrates the proposed profile extension. The lines and shapes in black represent the
core parts of the current SCIM 1.0 specification [b-IETF SCIM 1.0]. The two shapes in blue
("roles" and "entitlements") are the SCIM extension points. The lines and shapes in solid orange
represent proposed extensions. Since SCIM specification leaves the semantic nature of "roles" and
"entitlements" open for interpretation and definition by implementations2 it is possible to further
specify the extensions points to be become part of the core standard.
To be able to assign business meaning to IAM roles the following recommendations are proposed
as an extension profile to the current SCIM specification:
• SCIM "roles" extension point serves a container of business roles and a business role is
composed of one or more business tasks.
• SCIM "entitlements" extension point serves as a container of additional business tasks a
user can perform (in addition to the business tasks a user can perform via assigned business
roles).
1 "System for Cross-domain Identity Management (SCIM) specification is designed to make managing user
identities in cloud-based applications and services easier." From http://www.simplecloud.info/
2 SCIM leaves the following open for interpretation and definition by implementations:
"entitlements
A list of entitlements for the user that represent a thing the user has. That is, an entitlement is an additional
right to a thing, object or service. No vocabulary or syntax is specified and service providers/consumers
are expected to encode sufficient information in the value so as to accurately and without ambiguity
determine what the user has access to. This value has NO canonical types though type may be useful as a
means to scope entitlements.
roles
A list of roles for the user that collectively represent who the user is; e.g., 'Student', 'Faculty'. No
vocabulary or syntax is specified though it is expected that a role value is a string or label representing a
collection of entitlements. This value has NO canonical types."
From https://tools.ietf.org/html/draft-ietf-scim-core-schema-22
19. Rec. ITU-T X.1257 (03/2016) 13
Figure II.1 – SCIM profile extension
The example on the right in orange colour illustrates how a user can have a business role "Teller"
that consists of two tasks: "Set up Account" and "Activate Card". The other task – "Enrol Special
Service" is a direct additional entitlement for which a role does not need to be created yet.
20. 14 Rec. ITU-T X.1257 (03/2016)
Appendix III
Suggested extension to XACML 3.0 profile
(This appendix does not form an integral part of this Recommendation.)
In order to achieve IAM data quality objectives outlined in this work item the following extension
profile is proposed:
The proposal is to introduce a new XACML 3.0 [b-OASIS XACML 3.0] policy type, Assign Policy
(circled in with a red solid line), a policy evaluated during Access Request time. An example is an
access policy to enforce separation of duties (SoD) rules during access assign time. On the other
hand the Access Policy (circled with a red dashed line) is a policy evaluated during run time and it
is usually more complex (fine grained). Figure III.1 shows an IAM schema fragment emphasizing
the proposed Assign Policy.
Figure III.1 – IAM schema fragment emphasizing Assign Policy
Enable business semantics for the extensible access control markup language (XACML) model:
a) Reference resource attributes via a business resource concept id. Business resource is the
leaf node of the business product taxonomy.
21. Rec. ITU-T X.1257 (03/2016) 15
b) Reference action attributes via a Task and Action concept id. Task is the leaf node of the
business process taxonomy. Action is the operation performed by task on the business
resource.
c) Reference Environment attributes via a Business Context and Session Context concept id.
Business Context could provide fine grain business attributes such as an account number
filter. Session Context that is aware of an Authentication state (credentials and device meta-
data) could provide information such as an Internet protocol (IP) address and a media
access control (MAC) device address for technical fine grain authorization.
Figure III.2 shows the proposed semantic extension to the XACML model.
Figure III.2 – Proposed semantic extension to XACML model
22. 16 Rec. ITU-T X.1257 (03/2016)
Appendix IV
Task based access management use cases
(This appendix does not form an integral part of this Recommendation.)
The following relevant use cases illustrate the usefulness of this Recommendation:
1) Access policy:
a) User A is entitled to perform business tasks A, B and C via business role A.
b) User A is additionally entitled to perform business task D via direct entitlements.
c) Policy A specifies that task B and task D are mutually exclusive for the same account
number.
d) Evaluate policy A and yield a deny decision for the above given scenario.
2) Access (Entitlements) reporting:
a) Leverage task concepts to improve readability and meaning of the current business
language entitlements description effort.
b) Leverage business resource concepts to improve readability and meaning of the current
business language entitlements description effort.
3) Business task usage
a) Leverage an existent reference web application and:
i) Configure application logging template to use business task ids.
ii) Generate log files during application runtime.
b) Consume app log files with an analytical tool to:
i) Report on the business tasks being used during production runtime.
ii) Update business taxonomy with the above statistical information.
4) Entitlements usage
a) Leverage an existent reference web application and:
i) Configure application logging template to use business task ids.
ii) Generate log files during application runtime.
b) Consume app log files with an analytical tool to:
i) Correlate business task execution events based on task identifier.
ii) Correlate authorizations deny events based on task identifier.
iii) Produce analytical reports indicating SoD conflicting scenarios going back in time.
23. Rec. ITU-T X.1257 (03/2016) 17
Appendix V
Possible mechanisms for implementation of business
taxonomy interface
(This appendix does not form an integral part of this Recommendation.)
Standard based solutions such as a SKOS3 [b-Antonie] controlled vocabulary or a metadata registry
mechanism can provide business taxonomy concept identification and registration. SKOS is
particularly useful for representing hierarchical relationships.
Another possible solution is to use JavaScript object notation (JSON)-based serialization for linked
data (JSON-LD) [b-W3C JSON-LD] otherwise known as JSON-Linked Data. While JSON-LD
allows various controlled vocabularies to be mixed and is able to represent complex graph
relationships there is no standard for a taxonomy interface. There are neither REST nor simple
object access protocol (SOAP) implementations at this point in time.
3 SKOS provides basic hierarchical relationships such as broader and narrower however it does not allow
more specific ontological relationships that may be required to express IAM data element syntax and
meaning.
24. 18 Rec. ITU-T X.1257 (03/2016)
Appendix VI
Business process taxonomy standards
(This appendix does not form an integral part of this Recommendation.)
This Recommendation referenced at least two types of business taxonomies: Business process
taxonomy and business product taxonomies. These terms are coined by business process
management standard bodies such as TeleManagement Forum enhanced Telecom Operations Map
(eTOM) and central product classification (CPC) [b-CPC].
The next example in Figure VI.1 shows a process classification framework (PCF) from American
Productivity and Quality Center (APQC) [b-APQC-PCF] and it illustrates how processes can be
classified.
Figure VI.1 – PCF business process taxonomy structure definitions
25. Rec. ITU-T X.1257 (03/2016) 19
Appendix VII
IAM ontology domain model
(This appendix does not form an integral part of this Recommendation.)
The entire IAM ontology domain model is depicted by Figure VII.5. To ease the reader into the
IAM domain the following IAM subject areas are introduced first:
• Figure VII.1, IAM domain model – User subject area
• Figure VII.2, IAM domain model – Access assignment subject area
• Figure VII.3, IAM domain model – Access control subject area
• Figure VII.4, IAM domain model – Business domain subject area.
Finally, the above subject areas will be merged into the entire IAM domain model in Figure VII.5.
The first subject area deals with user concept types. As per [ITU-T X.1252] and [ITU-T X.1254]
the user is represented by an Entity from a few perspectives such as being or existence of a subject.
An Entity has one or more Identities. An Identity has one or more Identifiers.
Figure VII.1 – IAM domain model – User subject area
26. 20 Rec. ITU-T X.1257 (03/2016)
Example: A living human being has an Entity characterized by name, date of birth, etc. This human
being can be both an employee and a customer at the same time and therefore can have at least two
identities. Subsequently the employee will have an EmployeeID and a customer will have a
CustomerID as identifiers.
NOTE – In some cases the role of the human being can be played by a device that acts on behalf of the
human being.
In Figure VII.2 the illustrated subject area is Access Assignment. Access Assignment deals with
assigning access rights to a user via its identifier(s). Access rights can be assigned to user via
Team(s) he or she is a member of. Team in this context is a container of human resource driven
access rights. The user can get its access rights via a business role he or she could have in addition
to team member access rights. Finally as an exception the user can be entitled to perform certain
business tasks. In the end the access rights are a collection of tasks the user can perform. However
all user to task assignment is evaluated through certain applicable entitlements called "Assign
Policies" that both rule out toxic entitlement combinations as well as enforce separation of duties
(SoD) rules.
Figure VII.2 – IAM domain model – Access assignment subject area
27. Rec. ITU-T X.1257 (03/2016) 21
Example: User A is member of team X. Each member of team X who is located at the headquarters
location (i.e., Region=main, Desk=main) has five business roles and each business role entitles the
user to perform ten tasks. So by default any team X member can perform 50 tasks. Additionally
user A is assigned three more business roles that entitle the user to perform 5 more tasks. User A is
also entitled to perform one more task directly as an exception. In the end user A is entitled to
perform 66 distinct tasks. However team members that are not located in the headquarters would
have only three business roles, i.e., 30 business tasks less.
The next subject area, Access control, carries out policy and task based authorization based on user
entitlements and session context. A particular task accesses certain resource(s) if a corresponding
Access Policy allows this access to happen. The Access Policy will evaluate its rules having Session
context and corresponding user Access Constraints. Session context will have user authentication
metadata such as Channel, Device, Intent, Credential and Identifier.
Figure VII.3 – IAM domain model – Access control subject area
Example: User A intends to perform a "Set up Account" task. This task will access (i.e., create) an
"Advantage Checking Account" business resource. This access will occur if corresponding access
policy evaluates to true. Access Policy will ensure that a certain user must use a proper Channel for
this transaction and that the IP addresses are within a valid range of IP addresses. A policy may also
consult a transient store of non-permitted tasks at this point in time since it is past business hours.
28. 22 Rec. ITU-T X.1257 (03/2016)
The last subject area, business taxonomy, illustrates how the IAM domain and the business domain
interconnect. A business taxonomy is composed of business processes and products. It can be seen
(from right to left) that Industry and Business Areas are the first two levels of this taxonomy. To the
left of Business Area two related hierarchical structures, business process taxonomy and business
product taxonomy are presented. Usually Task is a leaf node in a business process taxonomy and
business resource is a leaf node in a business product taxonomy. Application is implementing
corresponding tasks and performs resource access on behalf of the user.
Figure VII.4 – IAM domain model – Business domain subject area
Example: Industry is financial. Business area is customer service. Business Process is Origination.
Activity is Account Activity. Task is "Set up Account." From the business product taxonomy
perspective, Product Group is Account, Product Class is Checking Account and Business Resource
is "Advantage Checking Account."
Finally the entire IAM domain model is represented by Figure VII.5 below which merges the four
subject areas mentioned above.
29. 23 Rec. ITU-T X.1257 (03/2016)
Figure VII.5 – IAM domain model
30. 24 Rec. ITU-T X.1257 (03/2016)
The domain model displayed in Figure VII.5 is modelling relationships between concepts according
to requirements set forth in the corresponding section. The following key principles are
communicated by this diagram:
• A user is represented by its Entity, Identities, Identifiers, as well as other characteristics.
During an Entitlements Assignment process a user can be entitled to perform specific tasks
via Team and role (usually the case in 80% of the time) or can be directly assigned to
perform specific tasks (as an exception in 20% of the time).
• A Team is a human resource container of roles. The main purpose of the Team and
Business Role types is to speed up and simplify the Entitlement Assignment and Approval
process.
• Business roles should inherit the business meaning from corresponding business tasks.
NOTE – Currently IAM roles are created and maintained by IT and therefore do not have a direct traceable
business meaning. In many cases relying a on a role name alone to convey the business meaning is not
sufficient to successfully review access rights.
• Tasks are the leaf nodes of the business process taxonomy created and maintained by
business architects and business modellers.
• Tasks are usually more granular than the applications that implement them.
• Tasks are implemented by corresponding application(s).
• Tasks represent the Duties as in separation of duties (SoD) use cases.
NOTE – It is impossible to implement SoD without underlying business tasks.
• A user does not have a direct access to a Business Resource. Instead the user is entitled to
perform a Business Task and the Business Task accesses Business Resource(s) on behalf of
the user.
• A Process-Activity-Task is a logical structure and part of a business process taxonomy for
identifying and organizing business processes in a standard way [b-APQC PCF 5.0.1] and
usually is maintained by business architects and business process modellers.
• Product Group-Product Class-Business Resource is a logical structure and part of a
business product taxonomy for identifying and organizing business products in a standard
way [b-CPC Ver 2] and usually maintained is by business architects and business process
modellers.
• Assign policy is an entitlement assignment constraint mechanism used during the
Entitlement Assignment phase for preventing fraud and static toxic business task
combinations.
• Access Policy is an Access Operation Constraint mechanism used during Runtime Access
phase for preventing fraud and dynamic runtime toxic combinations.
• Business Resources are concepts such as patient records, loan account and checking
account. They enable fine-grain resource level entitlement assignment and access control.
• Business entitlements are task(s) a user is entitled to perform (i.e., coarse-grain business
entitlements).
• Business permissions are task(s) that access specific business resources and that are
constrained by a policy.
• During user entitlements provisioning, business entitlements can be mapped to a
corresponding system permissions if necessary.
• System permissions deal with system resources such as database, table, column, file, or
mainframe data set.
31. Rec. ITU-T X.1257 (03/2016) 25
Bibliography
[b-ITU-T X.1255] Recommendation ITU-T X.1255 (2013), Framework for discovery of
identity management information.
[b-ISO/IEC 24760-1] ISO/IEC 24760-1:2011, Information technology – Security techniques –
A framework for identity management – Part 1: Terminology and
concepts.
[b-Antonie] Antoine Isaac, E.S. (2009, August 18), SKOS simple knowledge
organization system primer.
http://www.w3.org/TR/skos-primer/ (Retrieved May 18, 2016)
[b-APQC-PCF] Tesmer, John (2014, March), Process Classification Framework 6.1.1.
http://www.apqc.org/process-classification-framework (Retrieved May 18, 2016)
[b-APQC PCF 5.0.1] APQC PCF. (2011, June), Banking Process Classification Framework.
http://www.apqc.org/knowledge-base/download/33193/PCF_Banking_Ver_5.0.1_2011.pdf
(Retrieved May 18, 2016)
[b-CPC] http://en.wikipedia.org/wiki/Central_Product_Classification.
[b-CPC Ver 2] CPC Workgroup. (2008, December 31), Central Product Classification,
Ver.2, Detailed structure and explanatory notes.
http://unstats.un.org/unsd/cr/registry/regcst.asp?Cl=25 (Retrieved May 18, 2016)
[b-example] http://www.apqc.org/knowledge-base/documents/apqc-process-
classification-framework-pcf-banking-excel-version-501
[b-IETF SCIM 1.0] C. Mortimore, Ed. (2013, April 15), System for Cross-Domain Identity
Management: Core Schema.
http://tools.ietf.org/html/draft-ietf-scim-core-schema-01 (Retrieved May 18, 2016)
[b-IETF SCIM 2.0] Hunt, e.a. (2015, June 8), System for Cross-Domain Identity
Management: Core Schema.
https://tools.ietf.org/html/draft-ietf-scim-core-schema-22 (Retrieved May 18, 2016)
[b-NIST-RBAC 2000] Sandhu, R., David, F., & Khun, R. (2000), The NIST Model for Role-
Based Access Control: Towards A Unified Standard.
[b-OASIS XACML 3.0] Erik Rissanen. (2013, January 22), eXtensible Access Control Markup
Language (XACML) Version 3.0.
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html (Retrieved May 18, 2016)
[b-OBAC] Mohammad, A. (2011, March 7), Ontology-Based Access Control Model
for Semantic Web.
http://www.worldacademicunion.com/journal/1746-7659JIC/jicvol6no3paper03.pdf (Retrieved
May 18, 2016)
[b-schema.org 2011] Google, Yahoo, Bing, Yandex. (2011), schema.org.
http://schema.org (Retrieved May 18, 2016)
[b-SCIM REST] SCIM 2.0 REST web service protocol, C. Mortimore, Ed., 2013;
http://www.simplecloud.info/ (Retrieved May 18, 2016)
[b-W3C JSON-LD] Manu Sporny. (2013, August 6), JSON-LD 1.0, A JSON-based
Serialization for Linked Data.
http://json-ld.org/spec/latest/json-ld/ (Retrieved May 18, 2016)
32.
33.
34. Printed in Switzerland
Geneva, 2016
SERIES OF ITU-T RECOMMENDATIONS
Series A Organization of the work of ITU-T
Series D General tariff principles
Series E Overall network operation, telephone service, service operation and human factors
Series F Non-telephone telecommunication services
Series G Transmission systems and media, digital systems and networks
Series H Audiovisual and multimedia systems
Series I Integrated services digital network
Series J Cable networks and transmission of television, sound programme and other multimedia
signals
Series K Protection against interference
Series L Environment and ICTs, climate change, e-waste, energy efficiency; construction, installation
and protection of cables and other elements of outside plant
Series M Telecommunication management, including TMN and network maintenance
Series N Maintenance: international sound programme and television transmission circuits
Series O Specifications of measuring equipment
Series P Terminals and subjective and objective assessment methods
Series Q Switching and signalling
Series R Telegraph transmission
Series S Telegraph services terminal equipment
Series T Terminals for telematic services
Series U Telegraph switching
Series V Data communication over the telephone network
Series X Data networks, open system communications and security
Series Y Global information infrastructure, Internet protocol aspects and next-generation networks,
Internet of Things and smart cities
Series Z Languages and general software aspects for telecommunication systems