The Identity Management Ecosystem: minding the gaps Tony Rutkowski VP – Regulatory-Standards, VeriSign mailto:[email protected]Editor: ITU-T SG17 draft Rec. X.IdM Distinguished Senior Research Fellow, Center for International Strategy Technology and Policy, Georgia Institute of Technology 1 Workshop on Identity Management Trondheim, Norway, 8-9 May 2007 V. 1.3 Summary Identity Management (IdM) is treated quite differently among the many different "stovepiped" communities of network operators, service providers, and users Initiatives underway in the ITU-T and critical infrastructure venues are aimed at implementing trusted means to bridge the gaps among these different platforms (the framework) by encouraging collaboration and a common global framework of capabilities especially discovery and trusted interoperability This global framework is increasingly essential for an array of government, industry, and consumers needs Initial success is being achieved with an Identity Provider oriented model and open identity protocols 2
7
Embed
The Identity Management Ecosystem: minding the gaps · 2016-03-29 · The Identity Management Ecosystem: minding the gaps Tony Rutkowski VP – Regulatory-Standards, VeriSign...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Identity Management Ecosystem: minding the gaps
Tony RutkowskiVP – Regulatory-Standards, VeriSignmailto:[email protected]: ITU-T SG17 draft Rec. X.IdMDistinguished Senior Research Fellow, Center for International Strategy Technology and Policy, Georgia Institute of Technology
1
Workshop on Identity ManagementTrondheim, Norway, 8-9 May 2007
V. 1.3
Summary
Identity Management (IdM) is treated quite differently among the many different "stovepiped" communities of network operators, service providers, and usersInitiatives underway in the ITU-T and critical infrastructure venues are aimed at implementing trusted means to bridge the gaps among these different platforms (the framework)
by encouraging collaboration and a common global framework of capabilitiesespecially discovery and trusted interoperability
This global framework is increasingly essential for an array of government, industry, and consumers needsInitial success is being achieved with an Identity Provider oriented model and open identity protocols
Trusted ability to query identity capabilities with some degree of assurance in the response
Ability to locate authoritative relevant identity capabilities
Challenge:Global discovery capabilities are rapidly diminishing
Challenge:Challenge:Global Global discovery discovery capabilities capabilities are rapidly are rapidly diminishingdiminishing
Challenge:Global query capabilities and assurance metrics are diminishing
Challenge:Challenge:Global query Global query capabilities capabilities and and assurance assurance metrics are metrics are diminishingdiminishing
A common global Identity Management framework
Not a new need – was realized and undertaken 25 years ago in the Open Systems Interconnection initiatives
It is where digital certificates, and open network management code emerged
The current framework is newly driven bya growing realization by critical infrastructure protection communities of the vulnerabilities of today’s ubiquitous nomadic use of public IP-Enabled network infrastructuresan array of other significant government, consumer, and industry needs
The objectiveA trusted ability to manage ICT credentials, assigned identifiers, attribute information and reputation/patternsAbility to exchange trust level informationAccommodation of platform diversity, autonomy, and constant evolution
8
Existing government, industry, & consumer requirements for Identity Management
Business needs+ Network interoperability + Roaming + Fraud , identity theft, and distribution management+ Intercarrier compensation
Critical Infrastructure protection; NS/EP+ Public network infrastructure protection+ Incident Response+ Priority access during emergencies + Services restoration after emergencies
Public Safety+ Citizen emergency calls/messages+ Authority emergency alert messages
Identifier resource management+ Identifier/numbering allocation+ Administrative requirements+ Number portability; unbundling
Consumer needs+ Universal service; social good funding + Preventing unwanted intrusions | + DoNotCall| + CallerID| + Prevention of SPAM| + Anti-CyberStalking| + Anti-CyberPredators+ User CPNI protection and privacy | + Transparency| + Use controls| + Notice+ Anonymity+ Prevention of identity theft; repudiation+ Disability assistance
Digital rights management
Legal liability; discovery; evidence
Privacy enhancement
Trusted Identity Management platforms significantly enhance privacy and CPNI (personal and use information) protection by
Enabling authentication of parties that possess and access user informationEnabling audits
A significant identified “gap” is notice and transparency to users; solutions lay in enabling
Users to receive standard, understandable personal information management noticesUsers to specify how their personal information may be used
10
InitiatingEntity
RelyingParty Entity(Provider)
IdentityProvider(s)
Identity Assertion
Auditing
Query(ies) to Identity Resources
Timestampedrecord
Access or Service
Initial results:an Identity Provider model and open protocols
11
Introduce the concept of discoverable Identity Providers
Platform-independent query-
response options depending on level
of desired trust
Trust and privacy protection enhanced through auditing
OpenID as a competition enhancing unbundled open IdM enabling protocol
Enables Identity Provider modelAllows trust to be assessed at various stages of the flowsAllows for, but does not require pre-existing relationships between Identity Providers and Relying PartiesLow deployment cost
12
openidID.net
InitiatingEntity
(amr@verisign)
RelyingParty dude(Provider)
OpenIDIdentity
Provider(s)Auditing
Here’s your service
hey dude, I’m using OpenID identifier
amr@verisign
OK, we support OpenID, will verify
amr@verisignis OK
Audit recorded at [time]
query(ies) to verify amr@verisign is ok
Dude queried amr@verisign at
[time]
thanks dude
The Identity Management Focus Group:bringing the ecosystem together to find common ground
13
2007 2008
ITU-T SG13 Q.15 Rec. Y.IdMsec Draft Group
ITU-T SG17 Q.6 X.Idmf Draft Group
ITU-T Identity Management Focus Group
Created Geneva13-16 Feb
Geneva23-25 Apr
Mountain View17-18 May
Tokyo18-20 Jul
GenevaSep
ISO SC27
Next steps going forward
Continued outreach, and consensus building on needed IdM global framework capabilities and “gaps”
Watch and participate in ITU-T IdM Focus Group – see the informal Wiki <www.ituwiki.com> and ITU formal <www.itu.int/ITU-T/studygroups/com17/fgidm/index.htmlsites>Reports produced in Sep 2007, possible continuance
Specifications introduced in standards bodies X.IdM in ITU-T SG17 Q.6 (Cybersecurity)Y.IdMsec in ITU-T SG13 Q.15 (NGN Security)Report ISO/SC27 (Security Techniques)Many others
Implementation and evolution by industry of capabilitiesRecognition and closing of IdM “regulatory gaps” through any necessary requirements at national and international levels, especially
Discovery and trust/accuracy are essentialNational Critical Infrastructure Protection, NS/EP, and Cybersecurity requirementsImplementation of new treaty instruments like Cybercrime Convention and ITU Plenipotentiary resolutions