Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Virtual Identities in a Heterogeneous Environment Joao Girao NEC Europe Ltd.

advertisement 
International Telecommunication Union
ITU-T
Virtual Identities in a
Heterogeneous Environment
Joao Girao
NEC Europe Ltd.
on behalf of Daidalos
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
Overview
ITU-T
o Introduction to Daidalos
o Virtual Identities (VIDs)
• Motivation
• Concept
o So, how does VID relate to ID management?
o Cross layer design
o Some focus areas in the project
• Identity Brokerage and Access Control
• Mobility / Location privacy
• Privacy in Context (ex. through obfuscation)
o Take home ideas
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
2
Introduction to Daidalos (1)
- Overview
ITU-T
o EU IST 6th Framework Research Project
• Beyond 3G Area
o Volume ~ 50 M€ over 5 years and 2 phases
• November 2003 – December 2008
o Currently 36 Partners
o Lead: Deutsche Telekom AG
o Goal: Integrate mobile and broadcast communications
following a scenario-based approach to deliver
ubiquitous end-to-end services across heterogeneous
technologies
o Contributions to standards an important aspect
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
3
Introduction to Daidalos (2)
- Daidalos 5 Key Concepts
ITU-T
o MARQS (Integrating Mobility
o
o
o
o
Management, AAA, Resource
Management, QoS and Security)
VID (Virtual Identities –
personalisation at all levels)
USP (Ubiquitous and Seamless
Pervasiveness – includes context
awareness),
SIB (Seamless Integration of
Broadcast – both technology and
service levels)
Federation (in terms of multiple
market players, “comperation”:
competitors in cooperation”)
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
4
Virtual Identities (VIDs) (1)
- Motivation
ITU-T
o Growing numbers of communication services burden users with
increasingly complex authentication effort
o Users want a limited number of operators enabling universal
access to everything – ideally “single sign-on”
o Identity solutions need to support multiple (virtual) identities
for several profiles, roles and contexts, the maintenance of
these identities, respecting privacy, and all available services,
networks, content, ... wherever the user may be.
o The trusted operator becomes a proxy for
Operator
uses the service
John Doe
billing which is a business in itself.
o Improved security through VIDs acting as
pseudonyms
• the service provider delivers without
knowing the user.
• the trusted operator (e.g. operator or
bank) knows the user but not the service.
Service Provider
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
5
Virtual Identities (VIDs) (2)
- Concepts
ITU-T
Virtual
Id
Virtual
Id
Virtual
Id
Virtual
Id
Service
Service end
end point
point
identification
identification
Privacy and/or Federation
Work Identity
(employee Id)
Customer Identity
(C.C. number)
User Identity
(userid, password,
email address)
Driver’s
License
Contract-alike
Contract-alike
relationships
relationships
Federation
Relational (“Issued”) Identity
Personal (Experiential) Identity
(Attributes: Mood, Location, Behaviour)
Physical Identity (Attributes: DNA, Fingerprint)
o
o
Privacy
Unified and Uniform
Namespaces
• Contractual
• Context
• Personalization
o Access Control
o Billing and Charging
o Lawful Interception
The
The
physical
physical
person
person
Linking the real world with the
digital world
o User’s data should be under his
control
o Service providers must make use
of federation to enhance the
user-experience but this should
be a user-oriented mechanism
o
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
6
Virtual Identities (VIDs)? (3)
- Concepts
ITU-T
1
1
1
entity
*
EPP
EPP
*
*
1
EP
*
1
*
EPV 1 = VID
Templates
E…Entity: User and/or Group
EPVIdentifier=VIDIdentifier
Entity: Any body capable of performing a legal binding (individual, company,
service provider, etc).
o Entity Profile Part (EPP): The minimum coherent piece, part of the entity’s
data (contractual, context, network related, personalization).
o Entity Profile (EP): The union of all EPPs knowledge coming directly from the
entity. EP is an abstract concept which does not exist in the network.
o Entity Profile View (EPV) or Virtual Identity: The result of the entity’s
selection and aggregation of some of its EPPs. Provides a limited view on the
profile of the entity.
o
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
7
So, how does VID relate to ID management?
ITU-T
o VID is a framework which abstracts from the entity
information management mechanism
o It makes use of the hooks provided by IDm platforms
and integrates its functionality with that already
present in lower layers
o VID also enforces an analysis on where entity data can
be correlated at different layers and network domains
o It is based on the fact that a user may want to show
different unrelated faces to the network and services.
(the same holds for the service, groups, ...)
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
8
Cross layer design
ITU-T
o Uniform namespaces (one ID
for all purposes)
• For network identification
• To obtain information about a
user/service/group
• Under which to authenticate
to the network and to the
services
o To maintain pseudonimity at a
higher level, a top-down
protocol design is required
o ID must be independent of the
application, service, interface
and even terminal
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
9
Some focus areas in the project
ITU-T
Content
Application Networks Access &
& Services & Devices Facilities
Accounting
Contacts
Context Sources
Context
Manager
aggregate
Rules
DB
Identity
Provider
AAA
filter
Identity
Broker
Identity Management
Context Management
Layer
Profile DB
Administration
Context DB
Policy
Repository
Personal.
Agent
Personalization
Context
Request
VID
VID
Context
Personalization
Layer
Response
User
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
10
Take home ideas
ITU-T
o Identity Management is maturing quite fast, however we
need to pay more attention to how identity affects the
lower layers
o The information on the user/service should be handled
consistently and integrated into Internet management
and transport protocols
o The potential of a digital identity goes far beyond
services, it can be used to enhance network protocols
such as mobility or QoS
o Identity Management permeates the complete network
architecture. Understanding the SDO's role and reaching
consensus is essential to achieve a single solution
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
11
International Telecommunication Union
ITU-T
END
ITU-T Workshop on “Digital Identity for NGN“
Geneva, 5 December 2006
Related documents
ITU-T Workshop “Opportunities and Challenges in Home Networking” Abstract
ITU-T Workshop “Opportunities and Challenges in Home Networking” Abstract
Chae Sub LEE
Chae Sub LEE
Download
advertisement