240 likes | 524 Views
ITU-T Workshop on “New challenges for Telecommunication Security Standardizations" Geneva, 9(pm)-10 February 2009. Trend in User-Centric Identity Management Technology and its Standards. Sangrae Cho( sangrae@etri.re.kr ) Digital ID Security Research Team ETRI. Contents. 1. Introduction.
E N D
ITU-T Workshop on“New challenges for Telecommunication Security Standardizations"Geneva, 9(pm)-10 February 2009 Trend in User-Centric Identity Management Technology and its Standards Sangrae Cho(sangrae@etri.re.kr) Digital ID Security Research Team ETRI
Contents 1. Introduction 2. User-Centric IdM Technology 3. Digital Identity Wallet 4. Conclusion
Identity Definition Identity • The attributes by which an entity is described, recognized or known (ITU-T) • The fundamental concept of uniquely identifying an object (person, computer, etc.) within a context. (OpenGroup) • A set of claims made by one party about another party. Claims are typically conveyed in Signed Security Tokens (Microsoft) • The essence of an entity. One's identity is often described by one's characteristics, among which may be any number of identifiers [Liberty & OASIS] Source: ITU-T Report on the Definition of the Term “Identity” 2008
Identity Management Identity Management Audit Audit Authentication User Management Accounts & Policies Access Management Audit Audit Infrastructure that supports for authentication, authorization, audit and identity lifecycle including creation, update and termination of identity Registration/ Creation Propagation Termination Maintenance/ Management Architecture Template for IDM Source: Burton Group 2006
Purpose of IdM • Increase in personal identity as web services are increased: Improve usability 27 websites join, 7.5 account on average in Korea [Digital News, ’05.2.23] • IdM requirement in inter-domain organization as business relationship has been diversified: Increase in efficiency and productivity Increase of demand in SSO &EAM&IAM , Intranet-> Internet[DigitalIDWorld Newsletter,’05.3.31] • Increase in personalized service requirements: Create new IT service & increase in personal privacy Need privacy protection when new service is provided in web 2.0[ZDNet, ‘06.12]
Evolution of IdM Domain-centric Unidirectional User-centric Bidirectional .com .org .net .org .com .net .com .org .net ’08 Present Human System User-Centric Silo Centralized Federated Subject for IdM Identity Interchange User-Centric: The user is in the middle of a data transaction and the data always flows through the user’s identity agent. This gives user control of his identity
User-Centric Identity Concept User consent User control User-centered Source : OASIS, The Core Concept of Identity 2.0 User always can allow or deny whether information about them is released or not (reactive consent management) User has ability to policy-control all exchanges of identity information (proactive consent management) User delegates decisions to identity agents controlled through policy Core subset of the previous two as ‘People in the protocol’ User is actively involved in information disclosure policy decisions at run time
Main User-CentricIdM Technology User-Centric Characteristics in each technology OpenID URL based user identifier & Select user’s IdP Liberty Alliance Card Space Permission-based attribute exchange Select User’s IdP using Identity Selector
Trend in Standardization Current View of IdM Landscape Source: Report on Identity Management Use Cases and Gap Analysis, ITU-T FG IdM
Ongoing Standard Projectsin ITU-T SG17 • X.1250(X.idmreq): Capabilities for global identity management trust and interoperability • Requirement for global interoperability among IdM systems • Currently in TAP after re-determined in September 2008 • X.1251(X.idif): A Framework for User Control of Digital Identity • User control enhanced digital identity interchange framework • Currently in TAP after determined in September 2008 • X.idm-dm: Common Identity Data Model • Develop common identity data model to express identity information between IdM systems
Ongoing Standard Projectsin ITU-T • NGN Identity Management • SG13 Q15 NGN Security is responsible • Developing standards based on the result of IdM Focus Group • Y.ngnIdMuse: NGN identity management use cases • Study use cases when IdM is applied in NGN environment • Y.ngnIdMreq: NGN identity management requirements • IdM Requirements in NGN • Y.idmFramework: NGN identity management framework • Global interoperability framework among IdM systems in NGN
Ongoing Standard Projects in ISO ISO • Identity Management & Privacy Standard in ISO/IEC JTC1 SC27 WG5 ITU-T / ISO Joint Workshop on identity management, Lucerne Sept. 2007 WGs within ISO/IEC JTC1/SC27 – IT Security Technologies • A Framework for Identity Management (ISO/IEC 24760, WD) • A Privacy Framework (ISO/IEC 29100, CD) • A Privacy Reference Architecture (ISO/IEC 29101, WD) • Entity Authentication Assurance ( ISO/IEC 29115, WD) • A Framework for Access Management (ISO/IEC 29146, WD)
The Identity Landscape “Increase in the interest of User-Centric IdM technology and collaborations between technologies” • “MS, announce to support for OpenID.” • CardSpace supports for Open ID, Plan to support for interoperability with CardSpace in Open ID(‘07.02) Convenience+ Trust Convenience+ Trust + Privacy Protection+ Identity Interchange User-Centric URL-based (OpenID) “ETRI, Research collaboration with MS for digital ID Wallet”(‘07.05) Digital Identity Card-based (WS-Trust) Invisible (SAML/Liberty) The Identity Landscape 2006 Reconstruct Johannes Ernst, CEO of NetMesh Digital ID Security Research Team, ETRI
User Requirements Cumbersome every time personal information is typed in to join a website. Especially, worrying to enter national resident number Inconvenient when logging in to use web service, harder when mobile web is used in mobile phone Not secure to enter ID/PWD in public places Secure way to identify the phishing sites Hard to remember which websites I have joined Not easy to update personal information when it is changed Hard to move my information from A site to B site for better services
Overview • What is Digital Identity Wallet? • A digital wallet that helps users to use easily and keep securely their personal identity and authentication information distributed in the cyber space; Digital Identity Wallet is just like a real wallet we use in our daily life to keep ID cards and cash • System where users can have control over disclosure of their personal information by deciding whether he or she would provide data or not; unwanted disclosure or misuse of personal data can be prevented Secure Internet usage with Digital Identity Wallet Issue authentication information Registration & login Website C Website A Input personal data Issue link data Purchase & payment Internet Shopping mall Website B Issue identity verification data Data share Digital Identity Wallet Issue payment information Identity verification organization Backup, roaming, consistency WebsiteD • Main functions of Digital Identity Wallet • Site registration and authentication • Identity share and synchronization • User privacy protection • Mobile Digital Identity Wallet Privacy protection server Identity verification data Website registration information Personal data Payment organization Authentication information Payment history Link data
Services Site registration service Identity authentication & verification service Support of various authentication methods One-click site registration One-click! Mobile authentication Registered site management Replacement of national resident no. for ID verification Phishing site avoidance Credit card and point card utilization and reference Idopen.net Secure identity sharing between sites abcd.com Authentication on a web interoperating with home device Automatic synchronization of updated personal data Personalized mash-up service Connection with cyber world Other applications Share and synchronization service
Use Case for Identity Interchange Personal Finance Management Service savings, loans info Bank Financial info Stock info Digital Identity Wallet Stock Financial Management Estate info Real Estate
Conclusion • User-Centric is essential technology • Convenience • Privacy aware security for user • Convergence between IdM technologies • Full User Control • Provide user with full power to control his identity • Enhance privacy • Efficient Identity Interchange • Scalability • Independency • Seamless
Thank You !!! Q & A