120 likes | 268 Views
The ISA concept in the Telco Environment. Philippe Clement Lannion, Telco WG 08 9 2011. Agenda. Initial objectives around the IDP Selection ULX and IDS WG merging ULX closing The ISA in the Telco environment Business opportunities Following possible steps.
E N D
The ISA concept inthe Telco Environment Philippe Clement Lannion, Telco WG 08 9 2011
Agenda • Initial objectives around the IDP Selection • ULX and IDS WG merging • ULX closing • The ISA in the Telco environment • Business opportunities • Following possible steps
Initial Objectives around the IDP Selection: The Concept Transform the complex 3-3 relations into a simpler 1-3 relation Identity Provider Relying Party ISA* • RP addresses easily the majority of main IdPs to increase their audience • IdPs extend their footprint on many RPs • The user uses easily the same tool to access IdPs whatever the RP ISA reconciles the expectations of the 3 actors and simplifies the relations User * ISA: Identity Provider Selection Agent
Initial objectives around the IDP Selection • Started in Liberty Alliance BMEG • Business, Use Cases and Requirements defined • With Business Objectives • increase the business around authentication • All added value on the web begins by an authentication • By promoting a large adoption of the ISA concept • simplifies the authent implementation at SPs • simplifies the journey for users • And Technical objectives • Fill the gap in protocols to achieve business objectives • Gap analysis regarding Use Cases and Requirements • Transformed into the IDS WG in Kantara Initiative
Initial objectives around the IDP Selection • Contributors of the ID Selector (BMEG): • Shin (NTT) • Jonas (Ericsson) • Mikko (Telia Sonera) • Paavo (Telia Sonera) • Ken Salzberg (Intel) • Gael Gourmelen (Orange FT) • Paul Simons (Nortel) • Ingo Freeze (DT) • Joao (NEC) • Sreeram (Fidelity) Initially Telco oriented
ULX and IDS WG merging • before IDS and ULX merging: • MRD with detailed Use Cases, Requirements and Business motivations done. • gap analysis done • ULX and IDS charters merged • Objectives of the merging: • Mutualize efforts in a common group • On the overall user authentication experience • By a common approach of “in the device”, “in the browser” and “in the network” ISA • By using protocol knowledge from experts in former ULX WG
ULX closing • Due to lack of traction • Concerned actors are said missing • Tendancy is rather to individual products (Google ID, Janrain, Gigya…) • Uncomplete work : • only the graphic aspects have been addressed. • Communication between actors (e.g.SP and ISA) not addressed • Question of Metadata not really addressed • A gap remains between visions of “in the device” or “in the browser” or “in the network” approaches
The ISA in the Telco Environment ? • Positive points: • When Telcos join, they address the world’s population • Authentication means are from far more simple than those used with OTT actors like FB, Google, MS… • Strong or multi-factor authentication that allows to easily climb on the LOA layers • The similarity of technical networks, user informations, registration processes… • A trust framework can easily been made for Telcos, like roaming in mobile networks • Threats: • Major actors begin to take their independence on mobile authentication ? (Apple tentative…)
The ISA in the Telco Environment Identity Provider: Orange DT … Relying Party ISA ? User
Business opportunities • Reconquer the authentication domain taken over by major Web players • Mix authentication and Telco APIs • User Profile • On bill billing • Centralized Privacy • …
Following possible steps ? • Build a roadmap • Recruit more Telcos • Write specific (more?) telco Use Cases • Define basic (then extended) telco metadata and claims • Check protocols for feasibility • Liaise with specific groups/bodies to not reinvent the wheel • Target a Telco Trusted Framework, maybe an European One ? • Even Build a POC ?