ITU Workshop on “ICT Security Standardization
for Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
ITU-T SG 17
Identity management (IdM)
Progress Report
Abbie Barbir Ph.D.,
ITU-T Study Group 17
Q10/17 (Identity Management) Rapporteur
Abbie.Barbir@ties.itu.int
Geneva, Switzerland, 15-16 September 2014
Q10/17 Identity management (IdM)
Motivation
Question is dedicated to vision setting and the coordination and
organization of entire range of IdM activities within ITU-T
Focus on global trust and interoperability
Focus on leveraging and building on existing solutions
Coordination with all key players in IdM (JCA-IdM)
Some examples of current focus include:
2
Developing of Identity Roadmap
Work with OASIS
Enhancing Trust and step up authentication
Work on Identity Based Attestation and Open Exchange
Protocol
Developing identity in cloud uses cases and security
requirements from a Telecom prospective (Auth as a Service)
Mechanisms for the discovery of identifiers in large distributed
systems
Exposing of network level Authentication to Higher level
Applications
IdM taxonomy and Ontology
SCIM for telecom use cases
Coordination and Collaboration
ITU-T Joint coordination activity in
IdM JCA-IdM
3
IdM Current State
Current Situation
1. Diverse mix of applications, operating systems, databases,
platforms, and other technology
2. Explosion of Roles and hard problems for meeting compliance
(SoD, least privileges access)
3. Privileged access (hard to ensure proper governance)
4. Explosion of identities across diverse systems
5. Problems made harder through tactical solutions
6. Access review is hard
Drivers for change
1. Migration to Cloud
2. Cost Reduction
3. DDoS and other attacks
4. Reduced budgets
5. Mobility (BYOD, Smart devices etc)
Drivers for Future Direction
Desired Future State
1.Risk reduction
• Risk and behavioral driven, business centric
2.User experience
• Clear business language for informed decision making
• SSO with enhancements to the user login flow and session management
•
3.Operational efficiency
• Standardized and integrated operations
4.Governance and business enablement
• Clear and consistent standards
• End-to-end governance structure with effective metrics and controls
• Consistent authentication operating model that provides a one-stop
security service solution
Towards Strong Identity and Enhanced Trust
Need for Better Identity Assurance and
Trust Frameworks
Technology Standards
and Guidelines
Business and Privacy
Guidelines
An Ecosystem of
Interoperable Products &
Services
Identity Assurance
Framework & Assessors
Assurance
Future focus
Passwords are Dead
Industry is taking notice
FIDO specifications maturing
Step up authentication is gaining steam
Mobility is a driver
Mobile SSO need to mature
Mobile AssS need to mature
Mobile payments.
Q10 will work with key industry leaders
in this area
Geneva, Switzerland, 15-16 September 2014
7