Upload
abarbir
View
218
Download
0
Embed Size (px)
Citation preview
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
1/12
International
TelecommunicationUnion
Abbie Barbir, Ph.D.Rapporteur, Q10/17Identity Management [email protected]
ITU-T Identity Related WorkImportant to NSTIC
IIW October 2011
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
2/12
2
ITU-T Objectives
Develop and publishstandards for global ICTinteroperability
Identify areas for future
standardization Provide an attractive and effective forum
for the development of internationalstandards
Promote the value of ITU standards
Disseminate information and know-how
Cooperate and collaborate
Provide support and assistance
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
3/12
3
ITU-T Key Features
Truly globalpublic/privatepartnership
95% of work is doneby private sector
Continuouslyadapting to market
needs
Pre-eminent globalICT standards body
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
4/12
4
ITU-T Study groups (2009-2012)
SG 2 Operational aspects of service provision and telecommunications management
SG 3Tariff & accounting principles including related telecommunication economic & policyissues
SG 5 Environment and climate change
SG 9 Television and sound transmission and integrated broadband cable networks
SG 11 Signalling requirements, protocols and test specifications
SG 12 Performance, QoS and QoE
SG 13 Future networks including mobile and NGN (NGN Identity management)
SG 15 Optical transport networks and access network infrastructures
SG 16 Multimedia coding, systems and applications
SG 17 Security and identity management
We will focus on IdM work in ITU-T based on SG 17 Question 10/17 (Identity Management)
SG 13 Question 16/13 (NGN Security)
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
5/12
5
SG 17 Q10/17 Identity
management (IdM)Motivation
IdM is a security enabler by providing
trust in the identity of both parties toan e-transaction
Provides network operators opportunityto increase revenues through advancedidentity-based services
Focus on global trust andinteroperability
Leveraging and bridging existingsolutions
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
6/12
6
SG 17 Q10/17 Identity management(IdM)
Current Recommendations Identity management
X. 1250 Baseline capabilities for enhanced global identity managementtrust and interoperability
X. 1251 A framework for user control of digital identity X. 1252 Baseline identity management terms and definitions X.1253 (X.idmsg), Security guidelines for identity management systems X.eaa/ISO 29115, Entity authentication assurance framework (based on
NIST 800-63) X.atag, Attribute aggregation framework X.authi, Guideline to implement the authentication integration of the network layer
and the service layer X.discovery. Discovery of identity management information
X.giim, Mechanisms to support interoperability across different IdM services X.idmcc, Requirement of IdM in cloud computing
X.idmgen, Generic identity management framework X.
idm-ifa, Framework architecture for interoperable identity management systems X.mob-id, Baseline capabilities and mechanisms of identity management for mobileapplications and environment
X.oitf, Open identity trust framework X.priva, Criteria for assessing the level of protection for personally identifiable
information in identity management
Working with OASIS SAML 2.0 and XACML and their equivalent ITU-TRecommendations
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
7/12
7
ITU-T Joint coordination activity in
IdM JCA-IdM
Q10/17 Coordination and collaboration
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
8/12
International
TelecommunicationUnion
Q10/17 IdM Focus
Interoperability of identity managementX.giim, Generic IdM interoperability mechanismsX.idm-ifa, Framework architecture for interoperable identity
management systemsX.idm-cloud, identity in the cloud
Trust of identity managementX.
authi, Authentication integration in IDMX.EVcert, Extended validation certificateX.eaa, Information technology Security techniques Entity
authentication assuranceX. OITF, Open identity trust framework
Discovery of of identity management informationX.discovery, Discovery of identity management information
Protection of personally identifiable informationX.1275, Guidelines on protection of personally identifiable information
in the application of RFID technologyX.priva, Criteria for assessing the level of protection for personally
identifiable information in identity management
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
9/12
ITU-T SG 13 Q16/13
Q16/13 Security and identity management
Motivation
Address, in the context of NGN, IdM issues of concern to
Includes assertion and assurance of entity identities (e.g.
user, device, service providers) noted in the following, non-exhaustive list:
International emergency and priority services
Electronic government (e-Government) services
Privacy/user control of personal information (i.e. protection
of personal identifiable information [PPII]) Security (e.g. confidence of transactions, protection from
identity (ID) theft) and protection of NGN infrastructure,resources (services and applications) and end usersinformation
National security and critical infrastructure protection 9
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
10/12
SG 13 Q16/13Security and identity management
List of Recommendations in Progress
Supplement to Y.2704, Y.NGN Certificate ManagementCertificate management
Y.2700-series supplement, NGN security planning andoperations guidelines
Y.ETS-Sec, Minimum Security Requirements forInterconnection ofEmergency Telecommunications Service(ETS)
Y.NGN IdM Use-cases (Technical Report)
Y.NGN trusted SP requirements, NGN Requirements and Use
Cases for Trusted Service Provider Identity
Y.NGN-OAuth Support for OAuth in NGN
Y.NGN-OOF, Framework for NGN Support and Use ofOpenID and OAuth
Y.NGN-OpenID, Support for OpenID in NGN10
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
11/12
Question 16/13 Work Program
Mobility Security
Framework in
NGN
Y.2740 Security
Requirements for
Mobile Financial
Transactions in NGN
Y.2741 Architecture for
Secure Mobile
Financial Transactions
in NGN
Y.2704 NGNSecurity
Mechanisms
NGNCertificate
Management
Y.2703
NGN AAA
Y.2720 NGN IdM
Framework
Y.2722 NGN IdM
Mechanisms
Y.2701 SecurityRequirements
for NGN Release 1
Y.2721 NGN IdM
Requirements
and Use Cases
Y.2702 NGN
Authentication and
Authorization
Requirements
Determined draftRecommendation
IdM and
Security for
Cloud Services
Note: Recommendations produced by Q.16/13 are approved through the TAP.
8/3/2019 Abbiebarbiritu Iiw Update 111018022049 Phpapp02
12/12
SG 13 Q16/13
NGN IdM Framework (ITU-T Rec. Y.2720, 1/2009)
Users &Subscribers
Organizations, Business Enterprises,Government Enterprises
UserDevices
NetworkElements and
Objects
Network andService Providers
VirtualObjects
Entities
Identity Lifecycle Management
Correlation and Binding of Identity Information
Authentication , Assurance , and Assertion of Identity Information
Discovery and Exchange of Identity Information
IdM Capabilities
Identifiers
(e.g., User ID, emailaddress, telephone number,
URI, IP address)
Credentials
(e.g., digital certificates,tokens, and biometrics)
Attributes
(e.g., roles, claims,context, privileges,
location)
IdentityInformation
Federated Services
Application Access Control (e.g., Multimedia and IPTV)
Single Sign -on/Sign-off
Role-based Access to Resources
Protection of Personally -Identifiable Information
Security Protection of Information and Network Infrastructure
Business and Security Services
IdentityManagement