InternationalTelecommunicationUnion

Abbie Barbir, Ph.D.Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int

ITU-T Identity Related WorkImportant to NSTIC

IIW October 2011

2

ITU-T Objectives Develop and publish

standards for global ICT interoperability

Identify areas for future standardization

Provide an attractive and effective forum for the development of international standards

Promote the value of ITU standards

Disseminate information and know-how

Cooperate and collaborate

Provide support and assistance

3

ITU-T Key Features

Truly global public/private partnership

95% of work is done by private sector

Continuously adapting to market needs

Pre-eminent global ICT standards body

4

ITU-T Study groups (2009-2012)

SG 2 Operational aspects of service provision and telecommunications management

SG 3Tariff & accounting principles including related telecommunication economic & policy issues

SG 5 Environment and climate change

SG 9 Television and sound transmission and integrated broadband cable networks

SG 11 Signalling requirements, protocols and test specifications

SG 12 Performance, QoS and QoE

SG 13 Future networks including mobile and NGN (NGN Identity management)

SG 15 Optical transport networks and access network infrastructures

SG 16 Multimedia coding, systems and applications

SG 17 Security and identity management

We will focus on IdM work in ITU-T based on•SG 17 Question 10/17 (Identity Management)•SG 13 Question 16/13 (NGN Security)

5

SG 17 Q10/17 Identity management (IdM)

Motivation IdM is a security enabler by providing

trust in the identity of both parties to an e-transaction

Provides network operators opportunity to increase revenues through advanced identity-based services

Focus on global trust and interoperability

Leveraging and bridging existing solutions

6

SG 17 Q10/17 Identity management (IdM)

Current Recommendations Identity management

X. 1250 Baseline capabilities for enhanced global identity management trust and interoperability

X. 1251 A framework for user control of digital identity   X. 1252 Baseline identity management terms and definitions   X.1253 (X.idmsg), Security guidelines for identity management systems X.eaa/ISO 29115, Entity authentication assurance framework (based on

NIST 800-63) X.atag, Attribute aggregation framework X.authi, Guideline to implement the authentication integration of the network layer

and the service layer X.discovery. Discovery of identity management information X.giim, Mechanisms to support interoperability across different IdM services X.idmcc, Requirement of IdM in cloud computing X.idmgen, Generic identity management framework X.idm-ifa, Framework architecture for interoperable identity management systems X.mob-id, Baseline capabilities and mechanisms of identity management for mobile

applications and environment X.oitf, Open identity trust framework X.priva, Criteria for assessing the level of protection for personally identifiable

information in identity management Working with OASIS SAML 2.0 and XACML and their equivalent ITU-T

Recommendations

7

ITU-T Joint coordination activity in IdM JCA-IdM

Q10/17 Coordination and collaboration

InternationalTelecommunicationUnion

Q10/17 IdM Focus

Interoperability of identity management X.giim, Generic IdM interoperability mechanisms X.idm-ifa, Framework architecture for interoperable identity

management systems X.idm-cloud, identity in the cloud

Trust of identity management X.authi, Authentication integration in IDM X.EVcert, Extended validation certificate X.eaa, Information technology – Security techniques – Entity

authentication assurance X. OITF, Open identity trust framework

Discovery of of identity management information X.discovery, Discovery of identity management information

Protection of personally identifiable information X.1275, Guidelines on protection of personally identifiable information

in the application of RFID technology X.priva, Criteria for assessing the level of protection for personally

identifiable information in identity management

ITU-T SG 13 Q16/13

Q16/13 Security and identity management

Motivation Address, in the context of NGN, IdM issues of concern to Includes assertion and assurance of entity identities (e.g.

user, device, service providers) noted in the following, non-exhaustive list:

International emergency and priority services Electronic government (e-Government) services Privacy/user control of personal information (i.e. protection of

personal identifiable information [PPII]) Security (e.g. confidence of transactions, protection from

identity (ID) theft) and protection of NGN infrastructure, resources (services and applications) and end users information

National security and critical infrastructure protection 9

SG 13 Q16/13Security and identity

management List of Recommendations in Progress Supplement to Y.2704, Y.NGN Certificate Management

Certificate management Y.2700-series supplement, NGN security planning and

operations guidelines Y.ETS-Sec, Minimum Security Requirements for

Interconnection of Emergency Telecommunications Service (ETS)

Y.NGN IdM Use-cases (Technical Report) Y.NGN trusted SP requirements, NGN Requirements and Use

Cases for Trusted Service Provider Identity Y.NGN-OAuth Support for OAuth in NGN Y.NGN-OOF, Framework for NGN Support and Use of OpenID

and OAuth Y.NGN-OpenID, Support for OpenID in NGN

10

Question 16/13 Work Program

Mobility Security

Framework in NGN

Y.2740 Security Requirements for Mobile Financial Transactions in

NGN

Y.2741 Architecture for Secure Mobile

Financial Transactions in NGN

Y.2704 NGN

Security Mechanism

s

NGN Certificate

Management

Y.2703 NGN AAA

Y.2720 NGN IdM

Framework

Y.2722 NGN IdM

Mechanisms

Y.2701 Security Requirements for NGN

Release 1

Y.2721 NGN IdM

Requirements and Use

Cases

Y.2702 NGN Authentication and

Authorization Requirements

Determined draft Recommendation

IdM and Security for

Cloud Services

Note: Recommendations produced by Q.16/13 are approved through the TAP.

SG 13 Q16/13NGN IdM Framework (ITU-T Rec. Y.2720, 1/2009)

Users & Subscribers

Organizations, Business Enterprises, Government Enterprises

User Devices

Network Elements and

Objects

Network and Service Providers

Virtual Objects

Entities

Identity Lifecycle ManagementCorrelation and Binding of Identity Information

Authentication, Assurance, and Assertionof Identity Information Discoveryand Exchangeof Identity Information

IdM Capabilities

Identifiers (e.g., User ID, email

address, telephone number, URI, IP address)

Credentials (e.g., digital certificates, tokens, and biometrics)

Attributes (e.g., roles, claims, context, privileges,

location)Identity

Information

Federated ServicesApplication Access Control (e.g., Multimedia and IPTV)

Single Sign-on/Sign-offRole-based Access to Resources

Protection of Personally-Identifiable InformationSecurity Protection of Information and Network Infrastructure

Business and Security Services

Iden

tity

Man

ag

em

en

t