1. Fostering worldwide interoperabilityGeneva, 13-16 July 2009 IdM and Identification Systems Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration (GSC) 14 DOCUMENT #:GSC14-PLEN-75 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:PLEN 6.4 CONTACT(S):kremer@rans.ru

2. Fostering worldwide interoperability 2 Geneva, 13-16 July 2009 Per GSC-13/04 Resolution the ITU-T Joint Coordination for IdM (JCA IdM) has begun to develop an inventory of major national, regional and international initiatives and activities in the area of Identity Management ITU-T works collaboratively with other key bodies including ISO/IEC JTC 1/SC 27, Liberty Alliance, FIDIS, OASIS The focus of ITU-T’s IdM work is on global trust and interoperability of diverse IdM capabilities in telecommunications. It is not in the development of standards for new IdM solutions. Rather it is focused on leveraging and bridging existing solution The JCA-IdM analyzes IdM standardization items and coordinate an associated roadmap Highlight of IdM Current Activities

3. Fostering worldwide interoperability 3 Geneva, 13-16 July 2009 First ITU-T IdM Recommendation published early 2009: Y.2720, NGN identity management framework Two ITU-T Recommendations are in their final approval step X.1250, Baseline capabilities for enhanced global identity management trust and interoperability X.1251, A framework for user control of digital identity Terms and definitions alignment across members of GSC Work underway to develop an ITU-T Recommendation X.idmdef on IdM terms and definitions Highlight of IdM Current Activities

4. Fostering worldwide interoperability 4 Geneva, 13-16 July 2009 Identity Federations based on standardized trust model and global interoperability of diverse identity management schemas are major inhibitors to wide scale deployment of IdM capabilities Create a high level data base of IdM standards activities, accumulate the consumer standards, which have issues and are in flux Create of identity framework and increase the opportunities for related and specialized products and services (e.g. provide network operators an opportunity to increase revenues by offering advanced identity-based services) Challenges for IdM

5. Fostering worldwide interoperability 5 Geneva, 13-16 July 2009 Basic Concepts of Object Identifiers (OIDs) One of many identification schemes Basically very simple: A tree Arcs are numbered and may have an associated alphanumeric identifier (beginning with a lowercase) Infinitely many arcs from each node (except at the root) Objects are identified by the path (OID) from the root to a node A Registration Authority (RA) allocates arcs beneath its node to subordinate RAs, and so on, to an infinite depth The OID tree is a hierarchical structure of RAs Standardized in the ITU-T X.660 | ISO/IEC 9834 series (ITU-T SG 17 and ISO/IEC JTC 1/SC 6) Originated in 1985, still in use!

6. Fostering worldwide interoperability 6 Geneva, 13-16 July 2009 Next Step/Action for OID OID Resolution system Provides information associated with any object identified by an OID: access information child node information OID-IRI canonical form Joint work between ITU-T SG 17 and ISO/IEC JTC 1/SC 6 since Oct. 2008 (draft Rec. ITU-T X.oid-res | ISO/IEC 29168) Get an OID identifier arc assigned for identifying cybersecurity organizations, information, and policies Will specify: OID resolution architecture OID resolution protocol (probably based on DNS) operation of the OID resolution service security and trust of the OID resolution process etc.

7. Fostering worldwide interoperability 7 Geneva, 13-16 July 2009 Q&A Discussion

8. Fostering worldwide interoperability 8 Geneva, 13-16 July 2009 Conclusions Developers can bet on identity as a capability User acceptance will gate success Privacy is not opposed to security – it is a precondition of security GSC-14 should continue GSC13/04 Resolution

9. Fostering worldwide interoperability 9 Geneva, 13-16 July 2009 Supplementary Slides

10. Fostering worldwide interoperability 10 Geneva, 13-16 July 2009 Top of the OID Tree itu-t(0) iso(1) joint-iso-itu-t(2) member- body(2) identified-organisation(3) root recommendation(0) Example: {joint-iso-itu-t(2) tag-based(27) mcode(1)} Note: The name of the 3 top-level arcs does not imply a hierarchical dependency to ISO or ITU-T. country(16) tag-based(27) ISO 3166 country codes ISO 6523 ICD codes

11. Fostering worldwide interoperability 11 Geneva, 13-16 July 2009 Some Advantages of using OID Human-readable notation: {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)} Dot notation: 1.2.840.113549.1 URN notation: urn:oid:1.2.840.113549.1 Internationalized notation (IRI): oid:/ISO/Member-Body/US/RSADSI/PKCS Used in a lot of ISO standards, ITU-T Recommendations and IETF RFCs, but not only! Very good take up: 95,000+ OIDs described at http://www.oid-info.com; much more exist http://www.oid-info.com Compact binary encoding (normally used in all computer communications) Allows transmission over constrained networks

12. Fostering worldwide interoperability 12 Geneva, 13-16 July 2009 Challenge for OID Use of OIDs for the Internet of Things ITU-T X.668 | ISO/IEC 9834-9 (2008) is a way to unify the many identification schemes used for the Internet of Things (RFID, bar codes, ISBN, etc.) Does not cause existing tags to become obsolete Use case example: a tag placed on a billboard poster can be read with a mobile phone and make it easy for the user to get additional multimedia (text, graphics, even voice or video) information about the content of the poster Other use cases in Rec. ITU-T F.771