120 likes | 269 Views
Global Standards Collaboration (GSC) 14. IdM and Identification Systems. Arkadiy Kremer ITU-T SG 17 Chairman. Highlight of IdM Current Activities.
E N D
Global Standards Collaboration (GSC) 14 IdM and Identification Systems Arkadiy Kremer ITU-T SG 17 Chairman
Highlight of IdM Current Activities • Per GSC-13/04 Resolution the ITU-T Joint Coordination for IdM (JCA IdM) has begun to develop an inventory of major national, regional and international initiatives and activities in the area of Identity Management • ITU-T works collaboratively with other key bodies including ISO/IEC JTC 1/SC 27, Liberty Alliance, FIDIS, OASIS • The focus of ITU-T’s IdM work is on global trust and interoperability of diverse IdM capabilities in telecommunications. It is not in the development of standards for new IdM solutions. Rather it is focused on leveraging and bridging existing solution • The JCA-IdM analyzes IdM standardization items and coordinate an associated roadmap
Highlight of IdM Current Activities • First ITU-T IdM Recommendation published early 2009: • Y.2720,NGN identity management framework • Two ITU-T Recommendations are in their final approval step • X.1250, Baseline capabilities for enhanced global identity management trust and interoperability • X.1251, A framework for user control of digital identity • Terms and definitions alignment across members of GSC • Work underway to develop an ITU-T Recommendation X.idmdef on IdM terms and definitions
Challenges for IdM • Identity Federations based on standardized trust model and global interoperability of diverse identity management schemas are major inhibitors to wide scale deployment of IdM capabilities • Create a high level data base of IdM standards activities, accumulate the consumer standards, which have issues and are in flux • Create of identity framework and increase the opportunities for related and specialized products and services (e.g. provide network operators an opportunity to increase revenues by offering advanced identity-based services)
Basic Concepts of Object Identifiers (OIDs) • One of many identification schemes • Basically very simple: A tree • Arcs are numbered and may have an associated alphanumeric identifier (beginning with a lowercase) • Infinitely many arcs from each node (except at the root) • Objects are identified by the path (OID) from the root to a node • A Registration Authority (RA) allocates arcs beneath its node to subordinate RAs, and so on, to an infinite depth • The OID tree is a hierarchical structure of RAs • Standardized in the ITU-T X.660 | ISO/IEC 9834 series (ITU-T SG 17 and ISO/IEC JTC 1/SC 6) • Originated in 1985, still in use!
Next Step/Action for OIDOID Resolution system • Provides information associated with any object identified by an OID: • access information • child node information • OID-IRI canonical form • Joint work between ITU-T SG 17 and ISO/IEC JTC 1/SC 6 since Oct. 2008 (draft Rec. ITU-T X.oid-res | ISO/IEC 29168) • Get an OID identifier arc assigned for identifying cybersecurity organizations, information, and policies • Will specify: • OID resolution architecture • OID resolution protocol (probably based on DNS) • operation of the OID resolution service • security and trust of the OID resolution process • etc.
Q&A Discussion
Conclusions • Developers can bet on identity as a capability • User acceptance will gate success • Privacy is not opposed to security – it is a precondition of security • GSC-14 should continue GSC13/04 Resolution
Top of the OID Tree root joint-iso-itu-t(2) itu-t(0) iso(1) tag-based(27) recommendation(0) identified-organisation(3) member-body(2) country(16) ISO 3166 country codes ISO 6523 ICD codes ISO 3166 country codes Example: {joint-iso-itu-t(2) tag-based(27) mcode(1)} Note: The name of the 3 top-level arcs does not imply a hierarchical dependency to ISO or ITU-T.
Some Advantages of using OID • Human-readable notation: {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)} • Dot notation: 1.2.840.113549.1 • URN notation: urn:oid:1.2.840.113549.1 • Internationalized notation (IRI): oid:/ISO/Member-Body/US/RSADSI/PKCS • Used in a lot of ISO standards, ITU-T Recommendations and IETF RFCs, but not only! • Very good take up: 95,000+ OIDs described athttp://www.oid-info.com; much more exist • Compact binary encoding (normally used in all computer communications) • Allows transmission over constrained networks
Challenge for OIDUse of OIDs for the Internet of Things • ITU-T X.668 | ISO/IEC 9834-9 (2008) is a way to unify the many identification schemes used for the Internet of Things (RFID, bar codes, ISBN, etc.) • Does not cause existing tags to become obsolete • Use case example: a tag placed on a billboard poster can be read with a mobile phone and make it easy for the user to get additional multimedia (text, graphics, even voice or video) information about the content of the poster • Other use cases in Rec. ITU-T F.771