140 likes | 271 Views
"الندوة الإقليمية حول "إدارة الهوية والإمضاء الالكتروني" دمشق - سوريا، 29 - 31 أكتوبر 2007 ITU Regional Seminar on “Identity Management and e-Signatures” Damascus-Syria, 29 – 31 October 2007. An Emerging Global Convergence on Identity Management. Tony Rutkowski
E N D
"الندوة الإقليمية حول "إدارة الهوية والإمضاء الالكتروني" دمشق - سوريا، 29 - 31 أكتوبر 2007 ITU Regional Seminar on “Identity Management and e-Signatures” Damascus-Syria, 29 – 31 October 2007 An Emerging Global Convergence on Identity Management Tony Rutkowski mailto: trutkowski@verisign.com Vice President, VeriSign Chair, Requirements Working Group, ITU-T Focus Group on Identity Management Editor, ITU-T Draft Recommendation on Identity Management, X.IdMreq
Overview • Many different, insular Identity Management (IdM) communities, perspectives, and platforms have emerged • ITU global initiatives over the past year have produced • Dialogue across these IdM communities • Four comprehensive reports aiming toward a converged perspective and potential compatibility/interworking • Includes Compendium of IdM Legal and Regulatory requirements • Focused 2008 activities among industry and government • New international Identity Management convergence initiatives • Value propositions include • New product and service opportunities for industry in a world of any entity, anywhere, anytime, using anything • Ability to support infrastructure protection and other important governmental, business, and consumer requirements
Long-term shift to Identity Providers by industry Legacy Identity Management Primary driver is Nomadicity Wireline Next Generation Identity Management Wireline
Shift to open IdM client platforms in 2007 OpenID emerged as a large-scale, open, non-proprietary means to implement IdM as a fully decentralized system A light cost structure InfoCard (also known as CardSpace) emerged as a large-scale, open, proprietary (Microsoft) means to implement IdM on a large-scale with ubiquitous computer/ commercial wireless operating systems
The Challenge: Different Perspectives on IdM IdentityBridges Users NetworkOperators ApplicationProviders Government
Focus Group on Identity Management • Existed Feb-Sept 2007 • Treated every aspect of Identity Management • All “entities” and all forms of identity, technologies, and provisioning • Broad global participation and outreach • Discovered, analyzed, and in many cases contacted more than 100 different IdM forums within more than 60 different organizations • Met five times on three different continents • Involved 139 different people, 88 different organizations in 22 countries • Basis was 114 input contributions from 41 different companies and organizations • Collaborated also via Wiki: <www.ituwiki.com> • Produced four major reports as the basis for future standards and new global Identity Management actions • New “flagship” ITU-T standards activities in 2008 and beyond • Comparable activities in most regional and national bodies • Infusion into numerous network/cyber/national security technical activities, public policy making proceedings, and R&D – especially for IMS/NGNs
Four Identity Management Deliverables • 73 requirements and recommendations • First global Identity Management legal and regulatory compendium
Far reaching architecture requirements IDM Model A common, structured Identity Management Model and IdM Plane IDM Plane
Far reaching provisioning requirements Provision of credential, identifier, attribute, and pattern identity services with known assurance levels to all Entities Interoperable protocols for Identity Providers, including objects Identity assurance/confidence metrics Identity lifecycle management Improved identity proofing and discovery for public network identifiers in hierarchical assignment identifier structures
Far reaching discovery requirements Discovery of authoritative Identify Provider resources, services and federations • Global mechanisms for discovery of asserted forms of identity • Candidate platform is OASIS’ XRI • Determining source for “authoritative” identities • Identity bridging capabilities
What does this convergence mean for the future? • In a world of any entity, anywhere, anytime, using anything • Enables new Identity Provider product and service opportunities for industry • Ability for existing providers to extend their customer relationships globally across all platforms and earn new revenue • Ability for trusted third parties to offer identity bridging services based on OpenID, CardSpace, IMS GBA, Liberty, Shibboleth, etc., See https://pip.verisignlabs.com/ • May be predicated on a requirement for open Identity Management architectures and service elements • Enables support for infrastructure protection and other important governmental requirements • Critical Infrastructure protection; National Security/Emergency Preparedness/Emergency Telecommunication Service • Assistance to lawful authority • Competition requirements • Identifier resource management • Consumer needs • Business needs • Digital rights management • Juridical evidentiary requirements • Implementing National Identity Systems • Reducing Identity-Related Crime
Where the IdM work will occur in 2008 • First ITU-T Joint Rapporteur Group Meetings, Geneva, Dec 2007, then Seoul, Jan 2008 • First ITU-T IdM GSI, Geneva, Apr 2008 • First JCA-IdM meetings, Geneva, Dec 2007