Global Standards Collaboration (GSC) 14
DOCUMENT #:
GSC14-PLEN-011
FOR:
Presentation
SOURCE:
ATIS
AGENDA ITEM:
Plenary; 6.4
CONTACT(S):
James McEachern (jmce@nortel.com)
ATIS Identity Management
Standards Development
James McEachern,
Manager – Application Enabler
Standards, Nortel
Geneva, 13-16 July 2009
Fostering worldwide interoperability
Highlight of Current Activities (1)
ATIS’ Packet Technologies and Systems Committee
(PTSC) is actively developing the following IdMrelated standards:
• Identity Management (IdM) Framework for NGN
– Deliverable: ATIS NGN IdM Framework Standard
•
•
Describes the fundamental concepts associated with NGN IdM
(including threats and risks), defines NGN IdM entities, their roles, and
the interactions among them within the IdM trust model, and specifies
relationships between the IdM trust model and NGN interfaces for
interoperability.
Completed as ATIS-1000035.2009
• Identity Management (IdM) Use Cases for NGN
– Deliverable: ATIS NGN IdM Use Cases Technical Report
•
•
Derives informative examples illustrating NGN IdM capabilities,
functions and concepts. Use Cases will be used to derive and specify
requirements.
Target Date: 4Q 2009
Geneva, 13-16 July 2009
Fostering worldwide interoperability
2
Highlight of Current Activities (2)
• Identity Management (IdM) Requirements for NGN
– Deliverable: ATIS NGN IdM Requirements Standard
•
•
Develops NGN IdM system requirements (based on the high-level trust
model), security requirements, and interoperability requirements
(based on Use Cases).
Target Date: 4Q 2009
• Identity Management (IdM) Mechanisms for NGN
– Deliverable: ATIS NGN IdM Mechanisms Standard
•
•
Describes the specific IdM mechanisms and suites of options that
should be used to satisfy the ATIS IdM Requirements Standard.
Target Date: 1Q 2010
Geneva, 13-16 July 2009
Fostering worldwide interoperability
3
Highlight of Current Activities (3)
• Identity Management (IdM) Use Cases and Requirements
for Service Provider Identity (SPID)
– Deliverable: ATIS IdM SPID Use Cases and Requirements
Standard
•
•
Describes use cases to illustrate service scenarios where SPID is
utilized, including assumptions on security, authentication, and
discovery. SPID requirements are derived from these Use Cases.
Target Date: 1Q 2010
Geneva, 13-16 July 2009
Fostering worldwide interoperability
4
Strategic Direction
Leverage User-Centric solutions where possible, while
identifying deltas to meet the needs of NGN providers
NGN service providers need to address both real-time and nearreal time applications
Solution for real-time applications (e.g., exchange of IdM
information for SIP communication sessions) would be distinct
Provide structured and standard means to discover and
exchange identity information across network
domains/federations
Bridge different technology dependent systems including existing
network infrastructure systems (e.g., use of existing resources such
as Line Information DataBase (LIDB) where appropriate)
Address new and emerging applications and services (e.g., IPTV
and convergence)
Address unique security needs
Define value added use cases that will derive requirements
Geneva, 13-16 July 2009
Fostering worldwide interoperability
5
Challenges
Un-trusted identity information as a result of migration to IP
packet networks, emergence of new service providers (e.g.,
3rd party providers) and other changes over the past decade
(e.g., smart terminals, and open internet environment)
Historically, trusted information was provided by closed and fixed
network environment operating under regulatory conditions
Resulting in operations, accounting, settlements, security and
infrastructure protection problems
Overcoming silo solutions
Focusing on web services and electronic commerce
Available standards focus mainly on web services (e.g. OASIS, WS*,
Liberty, SAML) and human identities
Vendor specific solutions/products (e.g., Microsoft Cardspace,
PayPal, iNames)
Impact of Kantara Initiative needs to be assessed
No standard means for user control of Personal Identification
Information (PII) and providing consent
No standard solution for interoperability/bridging
Geneva, 13-16 July 2009
Fostering worldwide interoperability
6
Next Steps/Actions
Continue to leverage User-Centric IdM solutions
Avoid duplication and redundancy
Leverage, use, enhance and adapt existing work and
technology solutions where appropriate managed networks
Enhance and customize existing IP/web services
capabilities and work of other industry groups (e.g., Liberty
Alliance, Kantara, OASIS, 3GPP, ITU-T) as appropriate
Allow for the use of existing (e.g., LIDB) and new (e.g.,
IPTV) resources and capabilities
Continue to solicit IdM Use Case/Requirements
inputs from all ATIS committees
Contribute ATIS IdM requirements and solutions
to the ITU-T to obtain global solutions
Geneva, 13-16 July 2009
Fostering worldwide interoperability
7
Proposed Resolution
N/A
Geneva, 13-16 July 2009
Fostering worldwide interoperability
8
Supplemental Slides
Geneva, 13-16 July 2009
Fostering worldwide interoperability
9
Identity Management (IdM)
Identity Management (IdM) involves secure
management of the identity life cycle and the
exchange of identity information (e.g., identifiers,
attributes and assertions) based on applicable
policy of entities such as:
Users/groups
Organizations/federations/enterprise/service
providers
Devices/network elements/systems
Objects (Application Process, Content, Data)
Geneva, 13-16 July 2009
Fostering worldwide interoperability
10
Value Added for NGN Provider
Dynamic/automatic IdM means between multiple partners
(e.g., end users, visited and home networks) reduce costs
(compared to pair-wise arrangements) compared to pairwise arrangements to
Establish service arrangements
Exchange identity information
Exchange policy information and enforce policy
Enabler of new applications and services (e.g., IPTV and
convergence) including identity services
Leverage existing and expanding customer base
Common IdM infrastructure enables support of multiple
applications and services
Enables
standard API and data schema for application design
multi-vendor/platforms solutions
inter-network/federations interoperability
Security protection of application services, network
infrastructure and resources
Geneva, 13-16 July 2009
Fostering worldwide interoperability
11
Value Added for the User
Privacy/user control
Protection of Personal Identifiable Information [PPII]
Ability to control who is allowed access (i.e., providing
consent) to personal information and how it is used
Ease of use and single sign-on / sign-off (multiple
application/services across multiple service
providers/federations)
Enabler of Social Networking
Security (e.g., confidence of transactions, and
Identity (ID) Theft protection)
Geneva, 13-16 July 2009
Fostering worldwide interoperability
12
Government Motivations
Infrastructure Protection (i.e., against cyber threats)
Protection of Global Interests (e.g., business and
commerce)
Provide assurance capabilities (e.g., trusted assertions
about digital identities [credentials, identifiers, attributes
and reputations]) to enable
National Security/Emergency Preparedness (NS/EP)
Early Warning Services
Electronic Government (eGovernment) Services (e.g., webbased transactions)
Public Safety Services (e.g., Emergency 911 services)
Law Enforcement Services (e.g., Lawful Interceptions)
National/Homeland Security
Intelligence Services
Geneva, 13-16 July 2009
Fostering worldwide interoperability
13
ATIS PTSC IdM Documents
Document
Scope
Issue Description
Target Date
ATIS NGN IdM
Framework Standard
[PTSC Issue S0058]
Framework for
NGN Identity
Management
Framework for handling identities in a secured
and authenticated manner in a multi-network,
multiple service provider environment
Published as
ATIS1000035.2009
ATIS IdM Use Cases
Technical Report
[PTSC Issue S0059]
Identity
Management Use
Case examples
for NGN
Develop Use Cases illustrating IdM
applications in a multi-network, multiple service
provider environment defined by the ATIS NGN
architecture
4Q 2009
ATIS IdM
Requirements
Standard
[PTSC Issue S0051]
NGN Identity
Management
Requirements
Requirements for handling identities in a
secured and authenticated manner in a multinetwork, multiple service provider environment
Harmonized approach to address IdM issues in
the ATIS NGN architecture
4Q 2009
ATIS IdM Mechanisms
Standard
[PTSC Issue S0060]
NGN Identity
Management
Mechanisms and
Procedures
Develop IdM mechanisms (e.g., registration,
authorization, authentication, attribute sharing,
discovery) to be used in a harmonized approach
for the ATIS NGN architecture
1Q 2010
ATIS Service Provider
Identity (SPID)
[PTSC Issue S0067]
Define ATIS Use
Cases and
Requirements for
SPID
Develop an ATIS NGN SPID standard that
derives requirements from Use Cases applicable
to managed NGN deployments. These
requirements will be used to define industry
solutions.
1Q 2010
Note: parallel documents exist in ITU-T SG13, Q15
Geneva, 13-16 July 2009
Fostering worldwide interoperability
14