Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

ITU - T Focus Group on Identity Management (FG

advertisement 
International Telecommunication Union
ITU-T
ITU-T Focus Group on
Identity Management (FG
IdM): IdM Tutorial Part II
Ray P. Singh
Telcordia Technologies
732-699-6105
rsingh@telcordia.com
ITU-T FG IdM
Overview
ITU-T
o IdM Landscape Today
o Telcom Provider Context
o NGN and IdM
o NGN Example Use Cases
• Use of Common IdM System to Support Multiple Applications
in NGN
• Obtaining and Correlating Cross Layer Information for IdM
o Role of ITU-T
o Relationship between SG17 (including the FG IdM)
and SG13 work
ITU-T FG IdM
2
IdM Landscape Today
ITU-T
o A large number of industry groups and standards organizations
are working on standardizing aspects of Identity Management
• IdM models, frameworks and protocols have been defined by some of
these organizations and further developments building on previous
work are continuing.
• Different groups tend to optimize their solutions for the specific
market segments and perspectives with which they are associated
— Resulted in Identity Management islands with interoperability issues
o Most solutions today are mainly user centric solutions focusing on
web services and electronic commerce
o Telecom providers are currently involved with IdM (e.g., E.164
identifiers and mobile device identifiers) and will continue to have
important role in the NGN environment
ITU-T FG IdM
3
ITU-T
o
o
o
Telecom providers have to
accommodate a broader perspective
Telecom Network/Service Providers’ Perspectives
• Use of common IdM infrastructure to support multiple applications and services for
efficiency
• Assertion and Assurance of Entities (e.g., user, device, other providers) for:
— Subscriber Services (e.g., NGN services) and as Service to 3rd Party Providers (e.g.,
web-based transactions services)
— Security and Fraud preventions
— National Emergency and Public Safety Services (e.g., 911 services in the US and
community notification).
— Protection of Resources and Network Infrastructure
Government Perspectives
• Assertion and Assurance of Entities (e.g., users, device other governments) for:
— Electronic Government (eGovernment) Services (e.g., web-based transactions
services)
— National/local Emergency Services and Public Safety (e.g., 911 services in the US
and community notification)
— Law Enforcement (e.g., Lawful Interceptions)
— National Security and Fraud preventions
— National Emergency Telecommunications Service (ETS) and International
Telecommunication Disaster Relief (TDR)
The User/subscriber perspectives:
• Ease of use
• Single sign-on / sign-off
• Privacy/User Control of Personal Information (i.e., Protection of Personal Identifiable
Information [PPII])
• Security (e.g., confidence of transactions, protection from Identity (ID) Theft)
ITU-T FG IdM
4
IdM and NGN
ITU-T
o Certain aspects of IdM are included as integrated components of
the NGN architecture specified in Recommendation Y.2012
o However, because of the use of different terminologies, some of
these IdM functions might not be obvious.
o In addition, NGN requirements are defined or are being defined
for subscription management and device management which are
also aspects of IdM.
o Examples of FEs that are considered to be IdM related include:
• Network Access Control Functions:
— T-12 - User Profile FE
— T-11 – Authentication and Authorization
• Service Control Functions:
— S-5: User Profile FE
— S-4: Subscription Location FE
— S-6: Authentication and Authorization FE
o Although certain aspects of IdM are included in the ITU-T NGN
architecture, there is lack of a structured and integrated IdM
approach.
ITU-T FG IdM
5
Integration of IdM in NGN Architecture
ITU-T
Managing NGN Identities
User Identity
Data
Identities in common
components for
applications and service
support
Applications
Identities in
NACF
Identities in common
components for
applications
Service Stratum
Application Support
Functions and
Service Support Functions
Application
Functions
S. User
Profile
Functions
Other NGN Service
Components
Service
Control
Functions
IP Multimedia
Component
IP Multimedia
&PSTN/ISDN
Simulation
Service Component
Legacy
Terminals
User and
terminal
identities
Legacy
Terminals
GW
GW
Network Access
T.User
User Network Attachment
Control Functions
Profile
Profile Attachment
Functions
(NACF)
Functions
Functions
Customer
Networks
Access
Network
Access Transport
Functions
Functions
NGN
Terminals
Edge
Functions
Resource and Admission
Control Functions
(RACF)
Other Networks
PSTN / ISDN Emulation
Service Component
Identities in IMS
and PES
Identity
Interoperability
Identities in
RACF
Core
Transport
Core
transport
Functions
Functions
Transport Stratum
End-User
Functions
* Note: Gateway (GW) may exist in either Transport Stratum
or End-User Functions.
ITU-T FG IdM
6
Integration of IdM in NGN Architecture
(Identity Plane)
ITU-T
Applications
ANI
Application Support Functions & Service Support Functions
Service User
Profiles
Service Control
Functions
Service stratum
IdM
The IdM
functional block
shown in “red”
represents the
need to specify a
structured IdM
approach,
bridging the
various layers
and distributed
systems of the
NGN.
Management Functions
o
Network Attachment
Control Functions
TransportUser
Profiles
End-User
Functions
Resource and
Admission
Control Functions
Other
Networks
Transport Control Functions
Transport Functions
UNI
NNI
Transport stratum
Control
Media
Management
ITU-T FG IdM
7
Example Use Case: Use of Common IdM System to Support
Multiple Applications in NGN
ITU-T
o This example
illustrates the
need to specify a
common IdM
infrastructure to
support multiple
applications /
services in NGN
User
Relying App A
(e.g., IPTV)
(1) User requests
access to App A
Relying App B
(e.g., Data)
Identity
System
(2) App A sends requests to Identity System
(3) Identity System prompts User for authentication
(4) User provides authentication information
(5) Identity System asserts User identity
(6) User is authorized for
access to App A
(7) User requests access to App B
(8) App B sends requests to
identity System
(10) User is authorized for
access to App B
ITU-T FG IdM
(9) identity System asserts
User identity
8
Example Use Case: Obtaining and Correlating Cross
Layer Information for IdM
ITU-T
o
o
Example
illustrates
discovery and
correlation of
identity
information
located in
different
systems and
layers of the
NGN
In general, IdM
functions and
information will
be located in
different
systems,
domains and
layers of the
NGN.
User
Identity
System
Relying
Application
(1) User requests
access to Application
(2) Application sends
request to Identity System
(5) Device identity information
request
(6) Device identity information
response
(3) User prompted for authentication information
(4) User provides authentication information
Network
Control System
(Device Information)
(7) Location information request
(8) Location information response
(9) Information
correlation
(10) Response asserting,
user, device and location
Transport
Control System
(Location Information)
(10) User is authorized
for access
ITU-T FG IdM
9
ITU-T Role
ITU-T
o GSC-12 resolution (Global Standards Collaboration)
calls for an ITU global coordinating role across array
of standards bodies
o TSB and ITU organs are expected to respond to global
IdM needs at World Telecommunication
Standardization Assembly (WTSA) and other venues
o Almost every ITU-T Study Groups may have Identity
Management related action items
• Specific work already in progress in some SGs (e.g., SG 13 and
SG 17)
• Coordination across SGs important
• Coordination with other SDOs and Forums working on IdM
also important
o Actions essential for network/cyber security
ITU-T FG IdM
10
ITU-T
o
o
o
Relationship between SG17 (including
the FG IdM) and SG13 work
SG13
• Address NGN specific
IdM issues based on the
SG13 definition and
scope of NGN
• Includes internal and
external interfaces to
IdM systems
SG 17
• Address issues related
to global
SG 17
interoperability,
Generic
bridging and
Framework
harmonization
• For example, develop (suggested)
generic framework
similar to X.805 for IdM
ITU-T SG17 FG IdM
• Feed results as
appropriate into all
relevant SGs in a timely
manner
• Each SG can use as
appropriate to progress
their own work on IdM
3rd Party
Providers and
IdPs
Internet and
Web Services
Other IdM solutions
SG 13
Scope:
NGN
IdM
ANI and NNI
NGN (IdP)
Application Servers
Other
Service Stratum
NGN (IdP)
UNI
NNI
Softswitch
Access
CSCF
Transport
Stratum
Other
Networks
(e.g., PSTN)
NNI
User Device
ITU-T FG IdM
11
Related documents
Chae Sub LEE
Chae Sub LEE
GSC15-CL-11 RESOLUTION GSC-15/04: (Plenary) Identity Management (revised)
GSC15-CL-11 RESOLUTION GSC-15/04: (Plenary) Identity Management (revised)
RESOLUTION GSC-17/04: (Plenary) Identity Management and Identification Systems (Reaffirmed)
RESOLUTION GSC-17/04: (Plenary) Identity Management and Identification Systems (Reaffirmed)
Download
advertisement