1 / 14

Identity Management

Identity Management. Jianyong CHEN SG 17 Vice Chairman. Global Standards Collaboration (GSC) GSC-15. Identity Management (IdM) for Telecom is an Essential Part of IP-based Networks and Services.

bert
Download Presentation

Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identity Management Jianyong CHEN SG 17 Vice Chairman Global Standards Collaboration (GSC) GSC-15

  2. Identity Management (IdM) for Telecom is an Essential Part of IP-based Networks and Services • Identity-based services are exponentially increasing and available on many different mobile platforms • Internet is a part of telecommunication infrastructure • Next-Generation business model for network operators demands subscriber-centric data consolidation

  3. Highlight of IdM Current Activities (1/2) • Per GSC-14/04 Resolution, ITU-T is progressing the development of a publically available Wiki-based inventory of major IdM initiatives and activities. • ITU-T works collaboratively with other key bodies including: ISO/IEC JTC 1/SC 27, ETSI, Kantara Initiative, FIDIS, OASIS • The focus of ITU-T’s IdM work is on global trust and interoperability of diverse IdM capabilities in telecommunications to include leveraging and bridging existing solutions. It is not in the development of standards for new IdM solutions. • ITU-T’s JCA-IdM (Joint Coordination Activity) coordinates IdM activities within ITU-T and amongst other major IdM standards bodies.

  4. Highlight of IdM Current Activities (2/2) • First ITU-T IdM Recommendation published early 2009: • Y.2720,NGN identity management framework • Joint ITU-T | ISO/IEC common text Recommendation | International Standard on Entity Authentication Assurance is approaching a stable document. • Three ITU-T Recommendations were published and available for free download • X.1250, Baseline capabilities for enhanced global identity management trust and interoperability • X.1251, A framework for user control of digital identity • X.1252, Basic IdM terms and definitions

  5. Challenges for IdM • Identity Federations based on standardized trust frameworks and global interoperability of diverse identity management solutions are major inhibitors to wide scale deployment of IdM capabilities • Discovery of identity resources on a global level vs within an enterprise environment. • Common IdM terminology • Interoperability of Assurance Levels that are based on the risk assessment associated with the on-line transaction • Privacy services

  6. Next Step/Action for IdM 13 Recommendations are in developing. Among them, X.evcert plan to be determined in December meeting.

  7. Basic Concepts of Object Identifiers (OIDs) • One of many identification schemes • Basically very simple: A tree • Arcs are numbered and may have an associated alphanumeric identifier (beginning with a lowercase) • Can also have Unicode labels (any language, any characters) • Infinitely many arcs from each node (except at the root) • Objects are identified by the path (OID) from the root to a node • A Registration Authority (RA) allocates arcs beneath its node to subordinate RAs, and so on, to an infinite depth • The OID tree is a hierarchical structure of RAs • Standardized in the ITU-T X.660 | ISO/IEC 9834 series (ITU-T SG 17 and ISO/IEC JTC 1/SC 6) • Originated in 1985, still in use, and still developing! • Recent developments are use of the DNS to provide information about the node identified by an OID.

  8. Next Step/Action for OIDOID Resolution system • Provides information associated with any object identified by an OID: • access information • child node information • OID-IRI canonical form • Joint work between ITU-T SG 17 and ISO/IEC JTC 1/SC 6 since Oct. 2008 (draft Rec. ITU-T X.672 (ex X.oid-res) | ISO/IEC 29168-1) • Get an OID identifier arc assigned for identifying cybersecurity organizations, information, and policies • Specifies: • OID resolution architecture • OID resolution protocol (based on DNS) • operation of the OID resolution service • security and trust of the OID resolution process • etc. • Associated is another joint work on procedures for the OID-RES operational agency Rec. ITU-T X.673 | ISO/IEC 29168-2

  9. Conclusions • Developers can bet on identity as a capability • User acceptance will gate success • Privacy is not opposed to security – it is a precondition of security • GSC-15 should continue GSC14/04 Resolution with some necessary editorial updates

  10. Supplementary Slides

  11. Weblinks ITU-T • SG17 - http://www.itu.int/ITU-T/studygroups/com17/index.asp • Identity Management web page - http://www.itu.int/ITU-T/studygroups/com17/idm.html • Join coordination activity for identity management http://www.itu.int/ITU-T/jca/idm/

  12. Top of the OID Tree root joint-iso-itu-t(2) itu-t(0) iso(1) tag-based(27) recommendation(0) identified-organisation(3) member-body(2) country(16) ISO 3166 country codes ISO 6523 ICD codes ISO 3166 country codes Example: {joint-iso-itu-t(2) tag-based(27) mcode(1)} Note: The name of the 3 top-level arcs does not imply a hierarchical dependency to ISO or ITU-T.

  13. Some Advantages of using OID • Human-readable notation: {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)} • Dot notation: 1.2.840.113549.1 • URN notation: urn:oid:1.2.840.113549.1 • Internationalized notation (IRI): oid:/ISO/Member-Body/US/RSADSI/PKCS • Used in a lot of ISO standards, ITU-T Recommendations and IETF RFCs, but not only! • Very good take up: 120,000+ OIDs described athttp://www.oid-info.com; much more exist • Compact binary encoding (normally used in all computer communications) • Allows transmission over constrained networks

  14. Challenge for OIDUse of OIDs for the Internet of Things • ITU-T X.668 | ISO/IEC 9834-9 (2008) is a way to unify the many identification schemes used for the Internet of Things (RFID, bar codes, ISBN, etc.) • Does not cause existing tags to become obsolete • Use case example: a tag placed on a billboard poster can be read with a mobile phone and make it easy for the user to get additional multimedia (text, graphics, even voice or video) information about the content of the poster • Other use cases in Rec. ITU-T F.771

More Related