DOCUMENT #:
GSC15-PLEN-27
FOR:
Presentation
SOURCE:
ETSI
AGENDA ITEM:
PLEN 6.4
CONTACT(S):
Amardeo Sarma, ISG INS Chair
Identity & Access Management
activities in ETSI
Presenter: Adrian Scrase,
ETSI VP IPP
Global Standards Collaboration (GSC)
GSC-15
1
ETSI ISG INS
(Identity & Access Management for NW and Services)
 A new Industry Specification Group (ISG) active since September '09.
 Scope: Specifications for the application of identity and access
management to networks and services with focus on protocols and
APIs, as well as profiles of existing standards
• Support convergence between networks, services and applications,
emphasizing the need for privacy and user-centrism
• Develop specifications for interoperability and federation at all
levels including networks Seek capabilities to
Seek capabilities that
 The target is to bridge the
different worlds and world
views  converge IdM silos
allow user control of
personal identifiers,
roles and privacy
attributes
User
Centric
Network
Operator
Centric
Application
Service Provider
Centric
maximize and protect
network assets
Solutions for Network
and Service Providers
often neglected
Seek capabilities that
maximize and protect
application assets
Source : Report on Identity Management Use Cases and Gap Analysis, ITU-T FG IdM
2
ISG INS: activity
 Separate roles of Authentication
and Identity Provisioning for
more flexibility in solutions
and business models
 Roles are assigned depending
on privacy, trust and commercial considerations
 Six Work Items:
• WI-1: Inter-operability Operators / ISP with Enterprise
• WI-2: Distributed Access Control for Telecommunications √
• WI-3: Distributed User Profile Management (√)
• WI-4: Dynamic Federation (√)
• WI-5: Enforcement Framework in a Distributed Environment (new)
• WI-6: Study need for Global, Distributed Discovery Mechanism
(new)
• WI-2 is awaiting publication, WI-3 and WI-4 are up for approval
3
Supplementary Slides
4
ISG Work Items
1: IdM Inter-operability between Operators or ISPs with Enterprise
• This work item will analyze, describe and provide mechanisms,
interfaces and protocols allowing third party service providers to
perform authentication and attributes retrieval through the operator.
2: Distributed Access Control for Telecommunications
• This work item will provide requirements on the use and application
of distributed policy management, decision and enforcement in a
hybrid environment (operator and services domains).
3: Distributed User Profile Management
• This work item will analyze the telecommunication operator's role
acting as Identity Broker to facilitate the anchor functionalities for
the management of distributed user profile information. It will also
define the protocol and data model required to access to the user
profile information via Identity Broker.
5
ISG Work Items
4: Dynamic Federation & Trust Management
• This WI will analyze mechanisms, protocols and procedures to
allow federation establishment based on dynamic SLA negotiations.
The work item will then identify gaps regarding definition of formal
SLA exchange, attributes and privacy issues associated, dynamic
negotiation protocols .
5: Requirements of an Enforcement Framework in a Distributed
Environment
• Complementary to Distributed Access Control this work item will
provide the requirements on the enforcement of policies in a
distributed environment supporting interoperability between
different players.
6: Study to Identify the need for a Global, Distributed Discovery
Mechanism
• This study will focus on gap analysis for global distributed discovery
of identifiers, providers and capabilities.
6