1 / 12

ITU-T Identity Management Update

Learn about the latest activities in ITU-T's Joint Coordination for Identity Management (JCA-IdM) and their focus on developing better authentication assurance frameworks and interoperable identity management capabilities. Discover the published ITU-T IdM recommendations and ongoing work in enhancing global identity management trust and protection of personally identifiable information (PII).

carlsen
Download Presentation

ITU-T Identity Management Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur

  2. Highlight of IdM Current Activities • ITU-T Joint Coordination for IdM (JCA IdM) is now under SG 17 umbrella. • JCA IdM has developed an inventory of major national, regional and international Identity Management initiatives • ITU-T works collaboratively with other key bodies including: OASIS,ETSI; Kantara Initiative, OMA, NIST,ISO/IEC JTC 1/SC 27, ISO/IEC JTC 1/SC 38, etc.. • ITU-T’s IdM focus work is on enhancing identity identification and enrolment through the development of better authentication assurance frameworks. Enhanced trust through open trust Frameworks, Identity in the Cloud, identity based services for mobile and finances and interoperability of diverse IdM capabilities in telecommunications. • The JCA-IdM analyzes IdM standardization items and coordinate an associated roadmap

  3. Coordination and collaboration ITU-T Joint coordination activity in IdM JCA-IdM

  4. Highlight of IdM Current Activities • Published ITU-T IdM Recommendation • Y.2720, NGN identity management framework • Supplement to Y.2704, Y.NGN Certificate Management Certificate management • Y.NGN IdM Use-cases (Technical Report) • X.1250, Baseline capabilities for enhanced global identity management trust and interoperability • X.1251, A framework for user control of digital identity • X. 1252 Baseline identity management terms and definitions   • Recommendation in Advanced Stages • X.1253 (X.idmsg), Security guidelines for identity management systems, approved September 2011 • X.eaa/ISO 29115, Entity authentication assurance framework. • Working with OASIS on synchronizing with SAML 2.0 and XACML 3.0 and their equivalent ITU-T Recommendations • Y.NGN trusted SP requirements, NGN Requirements and Use Cases for Trusted Service Provider Identity

  5. Highlight of IdM Current Activities • Draft Recommendation in progress • Y.NGN-OAuth Support for OAuth in NGN • Y.NGN-OOF, Framework for NGN Support and Use of OpenID and OAuth • Y.NGN-OpenID, Support for OpenID in NGN • X.atag, Attribute aggregation framework • X.authi, Guideline to implement the authentication integration of the network layer and the service layer • X.discovery. Discovery of identity management information • X.giim, Mechanisms to support interoperability across different IdM services • X.idmcc, Requirement of IdM in cloud computing • X.idmgen, Generic identity management framework • X.idm-ifa, Framework architecture for interoperable identity management systems • X.mob-id, Baseline capabilities and mechanisms of identity management for mobile applications and environment • X.oitf, Open identity trust framework • X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management

  6. Current Q10/17 IdM Focus • Interoperability of identity management • X.giim, Generic IdM interoperability mechanisms • X.idm-ifa, Framework architecture for interoperable identity management systems • X.idm-cloud, identity in the cloud • Trust of identity management • X.authi, Authentication integration in IDM • X.EVcert, Extended validation certificate • X.eaa, Information technology – Security techniques – Entity authentication assurance • X. OITF, Open identity trust framework • Discovery of of identity management information • X.discovery, Discovery of identity management information • Protection of personally identifiable information • X.1275, Guidelines on protection of personally identifiable information in the application of RFID technology • X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management

  7. Challenges for IdM • Trend is towards the support of strong authentication in online transaction. A major challenge is how to enable the use of strong authentication techniques and best practices in an interoperable and secure fashion. • Identity Federations based on standardized trust model and global interoperability of diverse identity management schemas are major inhibitors to wide scale deployment of IdM capabilities • Development of just in time secure cloud standards for identity provisioning, de-provisioning and the control of fine grain authorizations. • Enhance online trust, reducing fraud and identity theft while protecting PII.

  8. Conclusions • Identity based services is a key technology for cloud based SaaS • Online transaction requires means for identification of all parties involved in a transaction • There need for open interoperable trust frameworks for IdM • Identity Management continue to be a key security enabler for mobile and wireless interactions • Protection of Personally Identifiable Identifiers (PII) is a required capability for IdM systems

  9. Q&A Discussion

  10. Backup

  11. OID Resolution system • Provides information associated with any object identified by an OID: • access information • child node information • OID-IRI canonical form • Joint work between ITU-T SG 17 and ISO/IEC JTC 1/SC 6 since Oct. 2008 (draft Rec. ITU-T X.oid-res | ISO/IEC 29168) • Get an OID identifier arc assigned for identifying cybersecurity organizations, information, and policies • Will specify: • OID resolution architecture • OID resolution protocol (probably based on DNS) • operation of the OID resolution service • security and trust of the OID resolution process • etc.

  12. Object Identifiers (OIDs) • One of many identification schemes • Basically very simple: A tree • Arcs are numbered and may have an associated alphanumeric identifier (beginning with a lowercase) • Infinitely many arcs from each node (except at the root) • Objects are identified by the path (OID) from the root to a node • A Registration Authority (RA) allocates arcs beneath its node to subordinate RAs, and so on, to an infinite depth • The OID tree is a hierarchical structure of RAs • Standardized in the ITU-T X.660 | ISO/IEC 9834 series (ITU-T SG 17 and ISO/IEC JTC 1/SC 6) • Originated in 1985, still in use!

More Related