GSC13-PLEN-37

Download Report

Transcript GSC13-PLEN-37

DOCUMENT #:
GSC13-PLEN-37
FOR:
Presentation
SOURCE:
ATIS
AGENDA ITEM:
Plenary; IdM and Identification Systems; 6.4
CONTACT(S):
Wayne Zeuch ([email protected])
ATIS Identity Management
Standards Development
Submission Date:
July 1, 2008
Highlight of Current Activities (1)
ATIS PTSC is actively developing the following IdM-related standards:
• Identity Management (IdM) Requirements for NGN
– Deliverable: ATIS NGN IdM Requirements Standard
•
•
Develops NGN IdM system requirements (based on the high-level trust model),
security requirements, and interoperability requirements (based on Use Cases).
Target Date: 3Q 2008
• Identity Management (IdM) Framework for NGN
– Deliverable: ATIS NGN IdM Framework Standard
•
•
Describes the fundamental concepts associated with NGN IdM (including threats
and risks), defines NGN IdM entities, their roles, and the interactions among them
within the IdM trust model, and specifies relationships between the IdM trust
model and NGN interfaces for interoperability.
Target Date: 4Q 2008
2
Highlight of Current Activities (1)
• Identity Management (IdM) Use Cases for NGN
– Deliverable: ATIS NGN IdM Use Cases Technical Report
•
•
Derives informative examples illustrating NGN IdM capabilities, functions and
concepts. Use Cases will be used to derive and specify requirements.
Target Date: 4Q 2008
• Identity Management (IdM) Mechanisms for NGN
– Deliverable: ATIS NGN IdM Mechanisms Standard
•
•
Describes the specific IdM mechanisms and suites of options that should be used
to satisfy the ATIS IdM Requirements Standard.
Target Date: 4Q 2008
• Identity Management (IdM) Use Cases and Requirements for
Service Provider Identity (SPID)
– Deliverable: ATIS IdM SPID Use Cases and Requirements Standard
•
•
Describes use cases to illustrate service scenarios where SPID is utilized,
including assumptions on security, authentication, and discovery. SPID
requirements are derived from these Use Cases.
Target Date: 2Q 2009
3
Strategic Direction
• Leverage User-Centric solutions where possible, while identifying
deltas to meet the needs of NGN providers
– NGN service providers need to address both real-time and near-real
time applications
– Solution for real-time applications (e.g., exchange of IdM information
for SIP communication sessions) would be different
• Provide structured and standard means to discover and exchange
identity information across network domains/federations
– Bridge different technology dependent systems including existing
network infrastructure systems (e.g., use of existing resources such
as LIDB where appropriate)
– Address new and emerging applications and services (e.g., IPTV and
convergence)
– Address unique security needs
• Define value added use cases that will derive requirements
4
Challenges
• Un-trusted identity information as a result of migration to IP packet
networks, emergence of new service providers (e.g., 3rd party
providers) and other changes over the past decade (e.g., smart
terminals, and open internet environment)
– Historically, trusted information was provided by closed and fixed
network environment operating under regulatory conditions
– Resulting in operations, accounting, settlements, security and
infrastructure protection problems
• Silo solutions
– Focusing on web services and electronic commerce
– Available standards focuses mainly on web services (e.g. OASIS, WS*,
Liberty, SAML) and human identities
– Vendor specific solutions/products (e.g., Microsoft Cardspace,
PayPal, iNames)
• No standard means for user control of Personal Identification
Information (PII) and providing consent
• No standard solution for interoperability/bridging
5
Next Steps/Actions
• Continue to leverage User-Centric IdM solutions
– Avoid duplication and redundancy
• Leverage, use, enhance and adapt existing work and technology
solutions where appropriate managed networks
• Enhance and customize existing IP/web services capabilities and work of
other industry groups (e.g., Liberty Alliance, OASIS, 3GPP, ITU-T) as
appropriate
– Allow for the use of existing (e.g., LIDB) and new (e.g., IPTV)
resources and capabilities
• Continue to solicit IdM Use Case/Requirements Input from all the
ATIS committees
• Contribute ATIS IdM requirements and solutions to the ITU-T
6
Proposed Resolution
• N/A
7
Supplemental Slides
8
Identity Management (IdM)
• Identity Management (IdM) involves secure management of the
identity life cycle and the exchange of identity information (e.g.,
identifiers, attributes and assertions) based on applicable policy
of entities such as:
•
•
•
•
Users/groups
Organizations/federations/enterprise/service providers
Devices/network elements/systems
Objects (Application Process, Content, Data)
9
Value Added for NGN Provider
• Dynamic/automatic IdM means between multiple partners (e.g., end
users, visited and home networks) compared to pair-wise
arrangements to
– Establish service arrangements
– Exchange identity information
– Exchange policy information and enforce policy
• Enabler of new applications and services (e.g., IPTV and
convergence) including identity services
• Leverage existing and expanding customer base
• Common IdM infrastructure supporting multiple applications and
services
• Standard API and data scheme for application design
• Multi-vendor/platforms solutions
• Inter-network/federations interoperability
• Security protection of application services, network infrastructure and
resources
10
Value Added for the User
• Privacy/user control
– Protection of Personal Identifiable Information [PPII]
– Ability to control who is allow access (i.e., providing consent) to
personal information and how it is used
• Ease of use and single sign-on / sign-off (multiple
application/services across multiple service providers/federations)
• Enabler of Social Networking
• Security (e.g., confidence of transactions, and Identity (ID) Theft
protection)
11
Government Motivations
• Infrastructure Protection (i.e., against cyber threats)
• Protection of Global Interests (e.g., business and commerce)
• Provide assurance capabilities (e.g., trusted assertions about
digital identities [credentials, identifiers, attributes and
reputations]) to enable
• National Security/Emergency Preparedness (NS/EP)
• Early Warning Services
• Electronic Government (eGovernment) Services (e.g., web-based
transactions)
• Public Safety Services (e.g., Emergency 911 services)
• Law Enforcement Services (e.g., Lawful Interceptions)
• National/Homeland Security
• Intelligence Services
12
ATIS PTSC IdM Issues
PTSC
Issue
Issue Title
Issue Description
• Requirements for handling identities in a secured and
S0051
S0058
S0059
S0060
ATIS NGN IdM Requirements
ATIS NGN IdM Framework
ATIS NGN IdM Use Cases
ATIS NGN IdM Mechanisms
authenticated manner in a multi-network, multiple service
provider environment
• Harmonized approach to address IdM issues in the ATIS
NGN architecture
• Framework for handling identities in a secured and
authenticated manner in a multi-network, multiple service
provider environment
• Develop Use Cases illustrating IdM applications in a multinetwork, multiple service provider environment defined by the
ATIS NGN architecture
• Develop IdM mechanisms (e.g., registration, authorization,
authentication, attribute sharing, discovery) to be used in a
harmonized approach for the ATIS NGN architecture
• Develop an ATIS NGN SPID standard that derives
proposed
New Issue
ATIS Service Provider ID
(SPID)
requirements from Use Cases applicable to managed NGN
deployments. These requirements will be used to define
industry solutions.
13
ATIS PTSC IdM Documents
Document
Scope
Editors
Target Date
ATIS IdM Framework Standard
[PTSC Issue S0058]
Framework for NGN Identity
Management
Martin Dolly (AT&T)
Ray Singh (Telcordia)
4Q 2008
ATIS IdM Use Cases Technical
Report
[PTSC Issue S0059]
Identity Management Use
Case examples for NGN
Martin Dolly (AT&T)
Ray Singh (Telcordia)
4Q 2008
ATIS IdM Requirements Standard
[PTSC Issue S0051]
NGN Identity Management
Requirements
Martin Dolly (AT&T)
Ray Singh (Telcordia)
3Q 2008
ATIS IdM Mechanisms Standard
[PTSC Issue S0060]
NGN Identity Management
Mechanisms and Procedures
Martin Dolly (AT&T)
Ray Singh (Telcordia)
4Q 2008
ATIS Service Provider Identity
(SPID) Use Cases and
Requirements Standard
Define ATIS Use Cases and
Requirements for SPID
Martin Dolly (AT&T)
Ray Singh (Telcordia)
2Q 2009
Note: parallel documents exist in ITU-T SG13, Q15
14