DOCUMENT #: GSC15-PLEN-28 FOR: Presentation SOURCE: ISACC AGENDA ITEM: Opening Plenary (6.4) CONTACT(S): Colman Ho Progress on Identity Management: A Canadian Perspective on GSC Resolution 14/4 Colman Ho ISACC Global Standards Collaboration (GSC) GSC-15 Background GSC Resolution 14/4 recognized the growing importance of Identity Management (IdM): • Requested the ITU and PSOs, to develop a comprehensive inventory of national, regional and international initiatives and activities in the area of Identity Management; • Encouraged the ITU to explore the possibility of global harmonized Identity schema, including the development of an internationally recognized definition of IdM • Encouraged PSOs and Observer Organizations to: evaluate and enhance existing and evolving new standards, Recommendations, and administrative practices relating to Identity Management that promote trusted discovery and interoperability of identity resources; and participate in global, regional, and national Identity Management collaborative activities, and to adopt common standards and administrative practices that enhance global Identity 2 Management interoperability. Canadian Response In 2009, ISACC established the National Committee on Identity Management (NCIM) as part of the national standards system. NCIM has responsibility for coordinating national positions on IdM to ensure consistent Canadian input to international standards activities and policy fora. 3 NCIM Actions Relating to Res 14/4 NCIM has followed the IdM work of ITU-T and ISO/IEC JTC1 closely. It has noted the ITU-T’s Joint Coordination Activity for Identity Management (JCA-IdM) and the SG 17 IdM Landscape document which respond to part (i) of the resolution. NCIM has monitored and contributed to both of these activities. • Made a major contribution to the development of X.1252, Baseline identity management terms and definitions which was approved in April 2010. • Closely followed and contributed to the development of the collaborative standard ITU-T X.eaa | ISO/IEC JTC1 29115 (Entity Authentication Assurance) and ISO/IEC JTC1 24760-1 (Framework for Identity Management – Terminology and Framework). 4 Observations on the Progress of the IdM Work (1) Definition of “global harmonized Identity schema” unclear Progress has been made in a number of areas that may be considered to be pre-requisites to progress in IdM: • X.1252 - Baseline identity management terms and definitions Approved after extensive discussion about the precise nature and meaning of the concepts Being used and referenced extensively in organizations outside the ITU-T (e.g. Kantara; and national initiatives including US strategies for trusted identities in cyberspace) • X.1250 - Baseline capabilities for enhanced global identity management and interoperability Provides an overall model and requirements for global, interoperable IdM systems. • ISO/IEC JTC1 24760-1 - Framework for Identity Management – Terminology and Framework will also help solidify the concepts. 5 Observations on the Progress of the IdM Work (2) ISO/ITU-T collaborative efforts have a long and successful history but we have detected some frictions in the work on ITU-T X.eaa | ISO/IEC JTC1 29115, largely due to failure to follow the Guide for ITU-T and ISO/IEC JTC1 Cooperation. We have prepared contributions to both JTC1 and ITU-T urging the standards developers to ensure they are fully conversant with the requirements of this Guide and to make sure that these provisions are adhered to in developing collaborative standards. 6 Next Steps Working with NCIM and our national shadow JTC1 SC 27 and ITU-T SG17 committees we will continue to follow the IdM work closely. ISACC is particularly anxious to see the work on the Entity Authentication Framework (ITU-T X.eaa | ISO/IEC JTC1 29115) completed as soon as possible. ISACC will continue to monitor other international initiatives on the progress of the IdM. 7 Proposed Resolution 8