DOCUMENT #: GSC15-PLEN-27 FOR: Presentation SOURCE: ETSI AGENDA ITEM: PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities in ETSI Presenter: Adrian Scrase, ETSI VP IPP Global Standards Collaboration (GSC) GSC-15 1 ETSI ISG INS (Identity & Access Management for NW and Services) A new Industry Specification Group (ISG) active since September '09. Scope: Specifications for the application of identity and access management to networks and services with focus on protocols and APIs, as well as profiles of existing standards • Support convergence between networks, services and applications, emphasizing the need for privacy and user-centrism • Develop specifications for interoperability and federation at all levels including networks Seek capabilities to Seek capabilities that The target is to bridge the different worlds and world views converge IdM silos allow user control of personal identifiers, roles and privacy attributes User Centric Network Operator Centric Application Service Provider Centric maximize and protect network assets Solutions for Network and Service Providers often neglected Seek capabilities that maximize and protect application assets Source : Report on Identity Management Use Cases and Gap Analysis, ITU-T FG IdM 2 ISG INS: activity Separate roles of Authentication and Identity Provisioning for more flexibility in solutions and business models Roles are assigned depending on privacy, trust and commercial considerations Six Work Items: • WI-1: Inter-operability Operators / ISP with Enterprise • WI-2: Distributed Access Control for Telecommunications √ • WI-3: Distributed User Profile Management (√) • WI-4: Dynamic Federation (√) • WI-5: Enforcement Framework in a Distributed Environment (new) • WI-6: Study need for Global, Distributed Discovery Mechanism (new) • WI-2 is awaiting publication, WI-3 and WI-4 are up for approval 3 Supplementary Slides 4 ISG Work Items 1: IdM Inter-operability between Operators or ISPs with Enterprise • This work item will analyze, describe and provide mechanisms, interfaces and protocols allowing third party service providers to perform authentication and attributes retrieval through the operator. 2: Distributed Access Control for Telecommunications • This work item will provide requirements on the use and application of distributed policy management, decision and enforcement in a hybrid environment (operator and services domains). 3: Distributed User Profile Management • This work item will analyze the telecommunication operator's role acting as Identity Broker to facilitate the anchor functionalities for the management of distributed user profile information. It will also define the protocol and data model required to access to the user profile information via Identity Broker. 5 ISG Work Items 4: Dynamic Federation & Trust Management • This WI will analyze mechanisms, protocols and procedures to allow federation establishment based on dynamic SLA negotiations. The work item will then identify gaps regarding definition of formal SLA exchange, attributes and privacy issues associated, dynamic negotiation protocols . 5: Requirements of an Enforcement Framework in a Distributed Environment • Complementary to Distributed Access Control this work item will provide the requirements on the enforcement of policies in a distributed environment supporting interoperability between different players. 6: Study to Identify the need for a Global, Distributed Discovery Mechanism • This study will focus on gap analysis for global distributed discovery of identifiers, providers and capabilities. 6