ITU-T T Focus Group on Identity Management (FG IdM):

Transcription

1 Internatinal Telecmmunicatin Unin ITU-T ITU-T T Fcus Grup n Identity Management (FG IdM): IdM Tutrial Part II Ray P. Singh Telcrdia Technlgies rsingh@telcrdia.cm ITU-T FG IdM

2 Overview IdM Landscape Tday Telcm Prvider Cntext NGN and IdM NGN Example Use Cases Use f Cmmn IdM System t Supprt Multiple Applicatins in NGN Obtaining and Crrelating Crss Layer Infrmatin fr IdM Rle f ITU-T Relatinship between SG17 (including the FG IdM) and SG13 wrk ITU-T FG IdM 2

3 IdM Landscape Tday A large number f industry grups and standards rganizatins are wrking n standardizing aspects f Identity Management IdM mdels, framewrks and prtcls have been defined by sme f these rganizatins and further develpments building n previus wrk are cntinuing. Different grups tend t ptimize their slutins fr the specific market segments and perspectives with which they are assciated Resulted in Identity Management islands with interperability issues Mst slutins tday are mainly user centric slutins fcusing n web services and electrnic cmmerce Telecm prviders are currently invlved with IdM (e.g., E.164 identifiers and mbile device identifiers) and will cntinue t have imprtant rle in the NGN envirnment ITU-T FG IdM 3

4 Telecm prviders have t accmmdate a brader perspective Telecm Netwrk/Service Prviders Perspectives Use f cmmn IdM infrastructure t supprt multiple applicatins and services fr efficiency Assertin and Assurance f Entities (e.g., user, device, ther prviders) fr: Subscriber Services (e.g., NGN services) and as Service t 3 rd Party Prviders (e.g., web-based transactins services) Security and Fraud preventins Natinal Emergency and Public Safety Services (e.g., 911 services in the US and cmmunity ntificatin). Prtectin f Resurces and Netwrk Infrastructure Gvernment Perspectives Assertin and Assurance f Entities (e.g., users, device ther gvernments) fr: Electrnic Gvernment (egvernment) Services (e.g., web-based transactins services) Natinal/lcal Emergency Services and Public Safety (e.g., 911 services in the US and cmmunity ntificatin) Law Enfrcement (e.g., Lawful Interceptins) Natinal Security and Fraud preventins Natinal Emergency Telecmmunicatins Service (ETS) and Internatinal Telecmmunicatin Disaster Relief (TDR) The User/subscriber perspectives: Ease f use Single sign-n / sign-ff Privacy/User Cntrl f Persnal Infrmatin (i.e., Prtectin f Persnal Identifiable Infrmatin [PPII]) Security (e.g., cnfidence f transactins, prtectin frm Identity (ID) Theft) ITU-T FG IdM 4

5 IdM and NGN Certain aspects f IdM are included as integrated cmpnents f the NGN architecture specified in Recmmendatin Y.2012 Hwever, because f the use f different terminlgies, sme f these IdM functins might nt be bvius. In additin, NGN requirements are defined r are being defined fr subscriptin management and device management which are als aspects f IdM. Examples f FEs that are cnsidered t be IdM related include: Netwrk Access Cntrl Functins: T-12 - User Prfile FE T-11 Authenticatin and Authrizatin Service Cntrl Functins: S-5: User Prfile FE S-4: Subscriptin Lcatin FE S-6: Authenticatin and Authrizatin FE Althugh certain aspects f IdM are included in the ITU-T NGN architecture, there is lack f a structured and integrated IdM apprach. ITU-T FG IdM 5

6 Integratin f IdM in NGN Architecture ITU-T User Identity Data Identities in NACF Managing NGN Identities Service Stratum Applicatins Applicatin Functins Applicatin Supprt Functins and Service Supprt Functins Identities in cmmn cmpnents fr applicatins Identities in cmmn cmpnents fr applicatins and service supprt User and terminal identities Legacy Terminals Legacy Terminals GW GW S. User Prfile Functins Access T. User Netwrk Attachment Prfile Cntrl Functins Attachment (NACF) Functins Functins Other NGN Service Cmpnents PSTN / ISDN Emulatin Service Cmpnent IP Multimedia IP Multimedia Cmpnent &PSTN/ISDN Service Cmpnent Simulatin Resurce and Admissin Cntrl Functins (RACF) Service Cntrl Functins Other Netwrks Identities in IMS and PES Identity Interperability Identities in RACF Custmer Netwrks NGN Terminals End-User Functins * Access Transprt Netwrk Functins Edge Functins Cre Cre transprt Transprt Functins Functins Transprt Stratum Nte: Gateway (GW) may exist in either Transprt Stratum r End-User Functins. ITU-T FG IdM 6

7 Integratin f IdM in NGN Architecture (Identity Plane) The IdM functinal blck shwn in red represents the need t specify a structured IdM apprach, bridging the varius layers and distributed systems f the NGN. Management Functins End-User Functins UNI IdM Service User Prfiles Service stratum Netwrk Attachment Cntrl Functins TransprtUser Prfiles Transprt stratum Applicatins Service Cntrl Functins Transprt Cntrl Functins ANI Applicatin Supprt Functins & Service Supprt Functins Transprt Functins Resurce and Admissin Cntrl Functins NNI Other Netwrks Cntrl Media Management ITU-T FG IdM 7

8 Example Use Case: Use f Cmmn IdM System t Supprt Multiple Applicatins in NGN This example illustrates the need t specify a cmmn IdM infrastructure t supprt multiple applicatins / services in NGN User (1) User requests access t App A Relying App A (e.g., IPTV) (3) Identity System prmpts User fr authenticatin (4) User prvides authenticatin infrmatin (6) User is authrized fr access t App A (7) User requests access t App B Relying App B (e.g., Data) (2) App A sends requests t Identity System (5) Identity System asserts User identity Identity System (8) App B sends requests t identity System (10) User is authrized fr access t App B (9) identity System asserts User identity ITU-T FG IdM 8

9 Example illustrates discvery and crrelatin f identity infrmatin lcated in different systems and layers f the NGN In general, IdM functins and infrmatin will be lcated in different systems, dmains and layers f the NGN. Example Use Case: Obtaining and Crrelating Crss Layer Infrmatin fr IdM User (1) User requests access t Applicatin Relying Applicatin (2) Applicatin sends request t Identity System (3) User prmpted fr authenticatin infrmatin (4) User prvides authenticatin infrmatin (10) User is authrized fr access (9) Infrmatin crrelatin (10) Respnse asserting, user, device and lcatin Identity System (5) Device identity infrmatin request (6) Device identity infrmatin respnse Netwrk Cntrl System (Device Infrmatin) (7) Lcatin infrmatin request (8) Lcatin infrmatin respnse Transprt Cntrl System (Lcatin Infrmatin) ITU-T FG IdM 9

10 ITU-T Rle GSC-12 reslutin (Glbal Standards Cllabratin) calls fr an ITU glbal crdinating rle acrss array f standards bdies TSB and ITU rgans are expected t respnd t glbal IdM needs at Wrld Telecmmunicatin Standardizatin Assembly (WTSA) and ther venues Almst every ITU-T Study Grups may have Identity Management related actin items Specific wrk already in prgress in sme SGs (e.g., SG 13 and SG 17) Crdinatin acrss SGs imprtant Crdinatin with ther SDOs and Frums wrking n IdM als imprtant Actins essential fr netwrk/cyber security ITU-T FG IdM 10

11 Relatinship between SG17 (including the FG IdM) and SG13 wrk SG13 Address NGN specific IdM issues based n the SG13 definitin and scpe f NGN Includes internal and external interfaces t IdM systems SG 17 Address issues related t glbal interperability, bridging and harmnizatin Fr example, develp generic framewrk similar t X.805 fr IdM ITU-T SG17 FG IdM Feed results as apprpriate int all relevant SGs in a timely manner Each SG can use as apprpriate t prgress their wn wrk n IdM SG 17 Generic Framewrk (suggested) SG 13 Scpe: NGN IdM User Device UNI 3 rd Party Prviders and IdPs Applicatin Servers Service Stratum Access NGN (IdP) Sftswitch CSCF Transprt Stratum Internet and Web Services Other IdM slutins ANI and NNI NNI NNI Other NGN (IdP) Other Netwrks (e.g., PSTN) ITU-T FG IdM 11