Presentation is loading. Please wait.

Presentation is loading. Please wait.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 Identity Management Anthony M. Rutkowski V-P, Regulatory Affairs and Standards VeriSign,

Published byKevin Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "International Telecommunication Union Geneva, 9(pm)-10 February 2009 Identity Management Anthony M. Rutkowski V-P, Regulatory Affairs and Standards VeriSign,"— Presentation transcript:

1 International Telecommunication Union Geneva, 9(pm)-10 February 2009 Identity Management Anthony M. Rutkowski V-P, Regulatory Affairs and Standards VeriSign, Inc. ITU-T Workshop on “New challenges for Telecommunication Security Standardization" Geneva, 9(pm)-10 February 2009 V1.0

2 International Telecommunication Union Geneva, 9(pm)-10 February 2009 2 The challenge of relevance: Why is IdM important? Identity Management is the foundation and core for all security An explosively expanding and vast array of "network nomadic" individuals, providers, and objects has challenged our ability to effectively manage identities and their “trust anchors”

3 International Telecommunication Union The challenge of a common concept: What is identity? 3 Complex VersionSimple Version Identities consist of:  an ensemble of four possible identity “elements”  a binding to an Entity (or Entities) instantiated or asserted at some specific time Identities consist of:  an ensemble of four possible identity “elements”  a binding to an Entity (or Entities) instantiated or asserted at some specific time From the ITU-T Report of the Correspondence Group on the Definition of Identity

4 International Telecommunication Union The challenge of diversity: Disparate identity communities Operators and providers Focussed on revenue opportunities, infrastructure protection, network management forensics, fraud mitigation Business end-users Focussed on minimizing costs, employee support, fraud mitigation, inventory and supply chain management Individual end-users Focussed on social networking, convenience, identity services (esp. location based services) and portability, controlling unwanted intrusions and mitigating identity theft Security Focussed on infrastructure protection, homeland security, NS/EP needs, consumer protection, law enforcement forensics, meeting public policy and legal mandates including personal identity credentials and biometrics Privacy and anonymity Spans a broad spectrum from personal identity protection and intrusion minimization to extreme views on complete anonymity, anti-government paranoia and control of all personal identity elements 4

5 International Telecommunication Union The challenge of focus and vision: What is important? Discovery of authoritative sources of identities and structured means to query source information Structured identity ontologies and data models for interoperability Critical to sharing of identities Protected identity management “signalling” infrastructure in NGNs Means to support inter & intra federation identity capabilities Inter-federation mechanisms are non-existent Providing for a range of trust relationships (no trust to PKI-based high assurance trust) Supporting Peer-to-Peer platforms Implementing trusted Open Identity Architectures as a means of achieving “Identity Network Neutrality” Achieving effective “trust anchors” Identity proofing Identity lifecycle management Identity status checking on-demand Identity security Identity management auditing 5

6 International Telecommunication Union THE CHALLENGE OF DELIVERABLES Capabilities that will make a difference in 2009 6

7 International Telecommunication Union Provider Identity Trust Anchors Number one “low-hanging” Identity Management/cybersecurity capability with far reaching positive impact A universal global means for establishing trust in all organizations that have a network presence For communications, transactions, software, and secure transport layer Significant implementation has already occurred Based on Extended Validation (EV) Digital Certificate standard implementation of ITU-T X.509 platform (also known as EV SSL) Developed in 2007 by the CA/Browser Forum Certificates initially issued and browser updates pushed out to most computers in 2008 Consists of the best combination of identity assurance techniques and platforms Initial identity proofing based on ETSI standards Basis for organization trust in Liberty Alliance assurance specifications Used by the ITU itself! Upcoming EV enhancements in 2009 Being extended to all kinds of services and software distribution in 2009, including SIP Being introduced into ITU-T SG17 through liaison process Substantial ongoing regional activity to meet localization requirements worldwide Being considered as an NGN network address enhancement Cryptography being upgraded to ECC Embeds many diverse organization identifiers, including ITU-T Object Identifiers (OIDs) that have become Internet global “enterprise ID” of choice Enhances individual privacy and broadly benefits everybody May become a global regulatory mandate for cybersecurity 7

8 International Telecommunication Union Object trust anchors Real-time Object IDentifier resolution system Provides a DNS-based means for discovering information about any Object Id OIDs becoming increasingly important for Network elements (especially forensic acquisition locations in a network) Terminal devices, software, RFID tagged objects, sensors, biometric scanners, e-health, power management, and intellectual property Creation of a new DNS top level domain – OID Initial implementations occurring in 2009 based on specifications developed in ITU-T and ISO Real-time token validation protocol systems Verifying the current status of all object credentials is essential Allows implementation of “when things go wrong” capabilities Online Certificate Status Protocol (OCSP) has emerged as means of choice and being mandated by some trust implementations Similar RSA protocols for token use are being extended 8

9 International Telecommunication Union Personal identity trust anchors The world is awash in a sea of countless personal identities Many personal identities have little or no trust anchors Diverse expectations exist among people, organizations, and nations concerning the use and availability of identities – many subject to law Expectations are highly context dependent and often conflicting Potential “identity network neutrality” challenges abound Significant contemporary personal identity needs eHealth Homeland security Nomadicity and social networking Significant technical platforms are emerging Interoperable and Trust Third Party platforms OpenID Personal Identity Portals National eIDs, especially the EU’s STORK (Secure Identity Across Borders Linked) initiative One time password tokens Encrypted biometrics A major impediment for personal identity trust is lifecycle maintenance Bears the initial and lifecycle costs, including indemnification Providing real-time status checking Accommodating enormously broad assurance spectrum 9

10 International Telecommunication Union Whose trust anchor: Identity Assurance Interoperability Many different schema exist to achieve identity assurance The schema can cover broad ranges from zero trust to very high trust Expressed as trust levels Includes diverse context dependencies How to achieve global identity assurance interoperability among all the existing and potential schema Possible solution is using ITU-T X.1141 (SAML) to capture and exchange the many different schema via TSB and other bodies Geneva, 9(pm)-10 February 2009 10

11 International Telecommunication Union Trust Anchors begin at home: Standards and spawned identities Challenge is to enhance identity management trust anchors by enabling structured discovery and on-demand public access to Standards Registrations and assignments specified in standards Real-time access to standards Most standards bodies now allow global public access to their specifications Network IdM/security standards not publicly available have little value Next step is make them discoverable, versioned, and accessible with a click Real-time access to registrations and assignments Standards result in many secretariats and other bodies creating identities Few provide structured, real-time means for discovery and access Both ITU TSB and IETF IANA are building capabilities Can serve as models for other bodies and administrators worldwide 11

12 International Telecommunication Union Initial IdM Focus Group + IdM definition reports Living List of IdM Terms and References X.1250, Capabilities for enhanced global IdM trust & interoperability X.1251, Framework for user control of digital identity interchange framework X.eaa, Entity authentication assurance X.idm-ifa, Framework architecture for interoperable IdM systems X.idm-dm, Common identity data model X.idmsg, Security guidelines for IdM systems X.priva, Criteria for assessing level of protection for PII in IdM Y.ngnIdMuse, IdM use-cases Y. 2720, NGN IdM framework Y.ngnIdMmechanisms, NGN IdM mechanisms Generic Specifications NGN Specifications NGN Specifications Application Specifications Application Specifications E.157, International Calling Party Number Delivery X.ott, Authentication Framework with One-time Telebiometric Template X.668, Registration of object identifier arcs for applications and services using tag-based identification X.1171, Framework for Protection of Personally Identifiable Information in Applications using Tag- based Identification X.rfpg, Guideline on protection for PII in RFID application Bold = accomplished 2008 ITU-T IdM Roadmap

13 International Telecommunication Union A global standard (mandate) for Provider Identity Trust as an evolution of the CAB Forum specification Service and regional extensions for Provider Identity Trust Implementation of globally unique provider “identifiers” using OIDs Enhanced network addresses for NGN OID Resolver System extensions for objects (Ubiquitous Sensor Networks, Network Elements, e-Health, and distributed power systems, terminal devices, biometrics, and IPR) Lightweight object certificate specifications Application of ECC to IdM certificates Provider Identity Trust Object Identity Trust Person Identity Trust Support Capabilities Globally interoperable personal identity specifications Enhanced International Caller-ID capabilities Service and application specific personal identity extensions, including “youth” attributes Encrypted telebiometric specifications Interoperable Trusted Third Party & Bridge platform specifications Interoperable Personal Identity Portal specifications Adoption of DNS-based real- time OID Resolution System specifications Adoption of OID directory service specifications Adoption of global online certificate status verification specifications Service extensions to certificate status specifications A Global IdM Data Dictionary Global identity proofing specifications Global Identity security specifications Global IdM management auditing specifications Real-time access to identity management and related security specifications Real-time access to assigned identifier lookup systems A New IdM Capabilities Roadmap

Download ppt "International Telecommunication Union Geneva, 9(pm)-10 February 2009 Identity Management Anthony M. Rutkowski V-P, Regulatory Affairs and Standards VeriSign,"

Similar presentations

Implementing Telephone Numbers for VoIP Tony Rutkowski Vice-President of Regulatory Affairs Tom Kershaw Vice-President of.

Implementing Telephone Numbers for VoIP Tony Rutkowski Vice-President of Regulatory Affairs Tom Kershaw Vice-President of.
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
GSC: Standardization Advancing Global Communications ITU-T Status Report on standardization of Networked RFID P.A. Probst/Chairman of ITU-T SG16 SOURCE:ITU-T.

GSC: Standardization Advancing Global Communications ITU-T Status Report on standardization of Networked RFID P.A. Probst/Chairman of ITU-T SG16 SOURCE:ITU-T.
Use of Public-Key Infrastructure (PKI) Erik Andersen Association for the Directory Information and Related Search Industry (EIDQ -

Use of Public-Key Infrastructure (PKI) Erik Andersen Association for the Directory Information and Related Search Industry (EIDQ -
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.
Lawful Access/Interception: Global Cooperation and Collaboration Anthony M Rutkowski.

Lawful Access/Interception: Global Cooperation and Collaboration Anthony M Rutkowski.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
International Telecommunication Union An Emerging Global Convergence on Identity Management Tony Rutkowski mailto: Vice President,

International Telecommunication Union An Emerging Global Convergence on Identity Management Tony Rutkowski mailto: Vice President,
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Similar presentations

Ads by Google