Global Standards Collaboration (GSC) 14
DOCUMENT #:
GSC14-PLEN-75
FOR:
Presentation
SOURCE:
ITU-T
AGENDA ITEM:
PLEN 6.4
CONTACT(S):
kremer@rans.ru
IdM and Identification Systems
Arkadiy Kremer
ITU-T SG 17 Chairman
Geneva, 13-16 July 2009
Fostering worldwide interoperability
Highlight of IdM Current Activities
Per GSC-13/04 Resolution the ITU-T Joint Coordination
for IdM (JCA IdM) has begun to develop an inventory of
major national, regional and international initiatives and
activities in the area of Identity Management
ITU-T works collaboratively with other key bodies
including
ISO/IEC JTC 1/SC 27, Liberty Alliance, FIDIS, OASIS
The focus of ITU-T’s IdM work is on global trust and
interoperability of diverse IdM capabilities in
telecommunications. It is not in the development of
standards for new IdM solutions. Rather it is focused on
leveraging and bridging existing solution
The JCA-IdM analyzes IdM standardization items and
coordinate an associated roadmap
Geneva, 13-16 July 2009
Fostering worldwide interoperability
2
Highlight of IdM Current Activities
First ITU-T IdM Recommendation published early 2009:
Y.2720, NGN identity management framework
Two ITU-T Recommendations are in their final approval
step
X.1250, Baseline capabilities for enhanced global
identity management trust and interoperability
X.1251, A framework for user control of digital
identity
Terms and definitions alignment across members of
GSC
Work underway to develop an ITU-T
Recommendation X.idmdef on IdM terms and
definitions
Geneva, 13-16 July 2009
Fostering worldwide interoperability
3
Challenges for IdM
Identity Federations based on standardized trust model and
global interoperability of diverse identity management
schemas are major inhibitors to wide scale deployment of
IdM capabilities
Create a high level data base of IdM standards activities,
accumulate the consumer standards, which have issues and
are in flux
Create of identity framework and increase the opportunities
for related and specialized products and services (e.g.
provide network operators an opportunity to increase
revenues by offering advanced identity-based services)
Geneva, 13-16 July 2009
Fostering worldwide interoperability
4
Basic Concepts of Object
Identifiers (OIDs)
One of many identification schemes
Basically very simple: A tree
Arcs are numbered and may have an associated
alphanumeric identifier (beginning with a lowercase)
Infinitely many arcs from each node (except at the
root)
Objects are identified by the path (OID) from the root
to a node
A Registration Authority (RA) allocates arcs beneath its
node to subordinate RAs, and so on, to an infinite
depth
The OID tree is a hierarchical structure of RAs
Standardized in the ITU-T X.660 | ISO/IEC 9834 series
(ITU-T SG 17 and ISO/IEC JTC 1/SC 6)
Originated in 1985, still in use!
Geneva, 13-16 July 2009
Fostering worldwide interoperability
5
Next Step/Action for OID
OID Resolution system
Provides information associated with any object identified by an
OID:
access information
child node information
OID-IRI canonical form
Joint work between ITU-T SG 17 and ISO/IEC JTC 1/SC 6 since
Oct. 2008 (draft Rec. ITU-T X.oid-res | ISO/IEC 29168)
Get an OID identifier arc assigned for identifying cybersecurity
organizations, information, and policies
Will specify:
OID resolution architecture
OID resolution protocol (probably based on DNS)
operation of the OID resolution service
security and trust of the OID resolution process
etc.
Geneva, 13-16 July 2009
Fostering worldwide interoperability
6
Q&A
Discussion
Geneva, 13-16 July 2009
Fostering worldwide interoperability
7
Conclusions
Developers can bet on identity as a capability
User acceptance will gate success
Privacy is not opposed to security – it is a
precondition of security
GSC-14 should continue GSC13/04 Resolution
Geneva, 13-16 July 2009
Fostering worldwide interoperability
8
Supplementary Slides
Geneva, 13-16 July 2009
Fostering worldwide interoperability
9
Top of the OID Tree
root
itu-t(0)
joint-iso-itu-t(2)
iso(1)
tag-based(27)
recommendation(0)
memberbody(2)
ISO 3166 country codes
identified-organisation(3)
country(16)
ISO 6523 ICD codes
ISO 3166 country codes
Example: {joint-iso-itu-t(2) tag-based(27) mcode(1)}
Note: The name of the 3 top-level arcs does not imply a hierarchical dependency to ISO or ITU-T.
Geneva, 13-16 July 2009
Fostering worldwide interoperability
10
Some Advantages of using OID
Human-readable notation:
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)}
Dot notation:
1.2.840.113549.1
URN notation:
urn:oid:1.2.840.113549.1
Internationalized notation (IRI):
oid:/ISO/Member-Body/US/RSADSI/PKCS
Used in a lot of ISO standards, ITU-T
Recommendations and IETF RFCs, but not only!
Very good take up: 95,000+ OIDs described at
http://www.oid-info.com; much more exist
Compact binary encoding (normally used in all
computer communications)
Allows transmission over constrained networks
Geneva, 13-16 July 2009
Fostering worldwide interoperability
11
Challenge for OID
Use of OIDs for the Internet of Things
ITU-T X.668 | ISO/IEC 9834-9 (2008) is a way to
unify the many identification schemes used for
the Internet of Things (RFID, bar codes, ISBN,
etc.)
Does not cause existing tags to become obsolete
Use case example: a tag placed on a billboard
poster can be read with a mobile phone and
make it easy for the user to get additional
multimedia (text, graphics, even voice or video)
information about the content of the poster
Other use cases in Rec. ITU-T F.771
Geneva, 13-16 July 2009
Fostering worldwide interoperability
12