trend in user centric identity management technology and its standards n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Trend in User-Centric Identity Management Technology and its Standards PowerPoint Presentation
Download Presentation
Trend in User-Centric Identity Management Technology and its Standards

Loading in 2 Seconds...

play fullscreen
1 / 24

Trend in User-Centric Identity Management Technology and its Standards - PowerPoint PPT Presentation


  • 168 Views
  • Uploaded on

ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009. Trend in User-Centric Identity Management Technology and its Standards. Sangrae Cho( sangrae@etri.re.kr ) Digital ID Security Research Team ETRI. Contents. 1. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Trend in User-Centric Identity Management Technology and its Standards' - kenley


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
trend in user centric identity management technology and its standards

ITU-T Workshop on“New challenges for Telecommunication Security Standardizations"Geneva, 9(pm)-10 February 2009

Trend in User-Centric Identity Management Technology and its Standards

Sangrae Cho(sangrae@etri.re.kr)

Digital ID Security Research Team

ETRI

slide2

Contents

1. Introduction

2. User-Centric IdM Technology

3. Digital Identity Wallet

4. Conclusion

identity definition
Identity Definition

Identity

  • The attributes by which an entity is described, recognized or known (ITU-T)
  • The fundamental concept of uniquely identifying an object (person, computer, etc.) within a context. (OpenGroup)
  • A set of claims made by one party about another party. Claims are typically conveyed in Signed Security Tokens (Microsoft)
  • The essence of an entity. One's identity is often described by one's characteristics, among which may be any number of identifiers [Liberty & OASIS]

Source: ITU-T Report on the Definition of the Term “Identity” 2008

identity management
Identity Management

Identity Management

Audit

Audit

Authentication

User Management

Accounts & Policies

Access Management

Audit

Audit

Infrastructure that supports for authentication, authorization, audit and identity lifecycle including creation, update and termination of identity

Registration/

Creation

Propagation

Termination

Maintenance/

Management

Architecture Template for IDM

Source: Burton Group 2006

purpose of idm
Purpose of IdM
  • Increase in personal identity as web services are increased: Improve usability 27 websites join, 7.5 account on average in Korea [Digital News, ’05.2.23]
  • IdM requirement in inter-domain organization as business relationship has been diversified: Increase in efficiency and productivity Increase of demand in SSO &EAM&IAM , Intranet-> Internet[DigitalIDWorld Newsletter,’05.3.31]
  • Increase in personalized service requirements: Create new IT service & increase in personal privacy Need privacy protection when new service is provided in web 2.0[ZDNet, ‘06.12]
evolution of idm
Evolution of IdM

Domain-centric

Unidirectional

User-centric

Bidirectional

.com

.org

.net

.org

.com

.net

.com

.org

.net

’08 Present

Human

System

User-Centric

Silo

Centralized

Federated

Subject for IdM

Identity

Interchange

User-Centric: The user is in the middle of a data transaction and the data always flows through the user’s identity agent. This gives user control of his identity

user centric identity concept
User-Centric Identity Concept

User consent

User control

User-centered

Source : OASIS, The Core Concept of Identity 2.0

User always can allow or deny whether information about them is released or not (reactive consent management)

User has ability to policy-control all exchanges of identity information (proactive consent management)

User delegates decisions to identity agents controlled through policy

Core subset of the previous two as ‘People in the protocol’

User is actively involved in information disclosure policy decisions at run time

main user centric idm technology
Main User-CentricIdM Technology

User-Centric Characteristics in each technology

OpenID

URL based user identifier &

Select user’s IdP

Liberty

Alliance

Card Space

Permission-based

attribute exchange

Select User’s IdP

using Identity Selector

trend in standardization
Trend in Standardization

Current View of IdM Landscape

Source: Report on Identity Management Use Cases and Gap Analysis, ITU-T FG IdM

ongoing standard projects in itu t sg17
Ongoing Standard Projectsin ITU-T SG17
  • X.1250(X.idmreq): Capabilities for global identity management trust and interoperability
    • Requirement for global interoperability among IdM systems
    • Currently in TAP after re-determined in September 2008
  • X.1251(X.idif): A Framework for User Control of Digital Identity
    • User control enhanced digital identity interchange framework
    • Currently in TAP after determined in September 2008
  • X.idm-dm: Common Identity Data Model
    • Develop common identity data model to express identity information between IdM systems
ongoing standard projects in itu t
Ongoing Standard Projectsin ITU-T
  • NGN Identity Management
    • SG13 Q15 NGN Security is responsible    
    • Developing standards based on the result of IdM Focus Group
  • Y.ngnIdMuse: NGN identity management use cases
    • Study use cases when IdM is applied in NGN environment
  • Y.ngnIdMreq: NGN identity management requirements
    • IdM Requirements in NGN
  • Y.idmFramework: NGN identity management framework
    • Global interoperability framework among IdM systems in NGN
ongoing standard projects in iso
Ongoing Standard Projects in ISO

ISO

  • Identity Management & Privacy Standard in ISO/IEC JTC1 SC27 WG5

ITU-T / ISO Joint Workshop on identity

management, Lucerne Sept. 2007

WGs within ISO/IEC JTC1/SC27 – IT Security Technologies

  • A Framework for Identity Management (ISO/IEC 24760, WD)
  • A Privacy Framework (ISO/IEC 29100, CD)
  • A Privacy Reference Architecture (ISO/IEC 29101, WD)
  • Entity Authentication Assurance ( ISO/IEC 29115, WD)
  • A Framework for Access Management (ISO/IEC 29146, WD)
the identity landscape
The Identity Landscape

“Increase in the interest of User-Centric IdM technology

and collaborations between technologies”

  • “MS, announce to support for OpenID.”
    • CardSpace supports for Open ID, Plan to support for interoperability with CardSpace in Open ID(‘07.02)

Convenience+ Trust

Convenience+ Trust

+ Privacy Protection+ Identity Interchange

User-Centric

URL-based

(OpenID)

“ETRI, Research collaboration with MS for digital ID Wallet”(‘07.05)

Digital

Identity

Card-based

(WS-Trust)

Invisible

(SAML/Liberty)

The Identity Landscape 2006 Reconstruct

Johannes Ernst, CEO of NetMesh

Digital ID Security Research Team, ETRI

user requirements
User Requirements

Cumbersome every time personal information is typed in to join a website.

Especially, worrying to enter national resident number

Inconvenient when logging in to use web service, harder when mobile web is used in mobile phone

Not secure to enter ID/PWD in public places

Secure way to identify the phishing sites

Hard to remember which websites I have joined

Not easy to update personal information when it is changed

Hard to move my information from A site to B site for better services

overview
Overview
  • What is Digital Identity Wallet?
  • A digital wallet that helps users to use easily and keep securely their personal identity and authentication information distributed in the cyber space; Digital Identity Wallet is just like a real wallet we use in our daily life to keep ID cards and cash
  • System where users can have control over disclosure of their personal information by deciding whether he or she would provide data or not; unwanted disclosure or misuse of personal data can be prevented

Secure Internet usage with

Digital Identity Wallet

Issue authentication

information

Registration

& login

Website C

Website A

Input personal data

Issue link data

Purchase

& payment

Internet

Shopping mall

Website B

Issue identity

verification data

Data share

Digital Identity Wallet

Issue payment

information

Identity

verification organization

Backup,

roaming,

consistency

WebsiteD

  • Main functions of Digital Identity Wallet
  • Site registration and authentication
  • Identity share and synchronization
  • User privacy protection
  • Mobile Digital Identity Wallet

Privacy protection

server

Identity

verification

data

Website

registration

information

Personal

data

Payment

organization

Authentication information

Payment

history

Link

data

services
Services

Site registration service

Identity authentication & verification service

Support of various authentication methods

One-click site registration

One-click! Mobile authentication

Registered site management

Replacement of national resident no. for ID verification

Phishing site avoidance

Credit card and point card utilization and reference

Idopen.net

Secure identity sharing between sites

abcd.com

Authentication on a web interoperating with home device

Automatic synchronization of updated personal data

Personalized mash-up service

Connection with cyber world

Other applications

Share and synchronization service

use case for identity interchange
Use Case for Identity Interchange

Personal Finance Management Service

savings, loans info

Bank

Financial info

Stock info

Digital

Identity Wallet

Stock

Financial

Management

Estate info

Real Estate

conclusion
Conclusion
  • User-Centric is essential technology
    • Convenience    
    • Privacy aware security for user
    • Convergence between IdM technologies
  • Full User Control
    • Provide user with full power to control his identity
    • Enhance privacy
  • Efficient Identity Interchange
    • Scalability
    • Independency
    • Seamless