Digital Identities for Networks and Convergence

Joao Girao, Amardeo Sarma

FP7 SWIFT 2

Target: Identity Convergence for NGN+

Solve identity fragmentation of today: Make a bridge between platforms

introduction of multi-personas per user transcend layers from network to services /

applications Filter flow of identity info across the bridge

minimization of identity info disclosure from user’s viewpoint

making identity info obscure from operator’s viewpoint

Identity Creation

Home Operator’s NGN Platform

ISP PlatformIdentity Federation

3rd Party Platforms

User’s persona

Content Providers

Enterprise PlatformPartner Operator’s PlatformIdentity

Exchange

Source: NEC

FP7 SWIFT 3

Traditional Relation Customer – Provider

me provider

Fixed Operator:Customer IDPhysical line

Mobile Operator:Customer IDSIM Card

ISP:Customer IDName / Password

Amazon etc.:Customer IDName / Password

Drawback: Customer needs separate contract for (most) services

Reason: The provider is responsible not only for the service, but also for identification and billing

FP7 SWIFT 4

Target

me

ID & billingprovider

ID provider:Customer IDCredentials

Service Provider:Offer / Price

Trusted relation(contract)

serviceprovider

Temporary relation(get service)

Customer has few trusted relationships and contracts, but can nonetheless get services from 3rd parties

Authorization& accounting

FP7 SWIFT 5

SWIFT for Convergence: Overview

Duration: January 2008 – June 2010 Consortium: 9 partners from Industry and Academia (see below) Project Co-ordinator: FhG SIT, Technical Leader: NEC Focus

Identity & privacy across layers vertical approach Develop Identity as a key enabling technology for convergence Combined user / operator control on information exchange Optimize user/service/network-centric IdM with network focus Develop Identity Oriented Services Build on R&D from Daidalos & other FCT projects

Universityof Murcia

Universityof Stuttgart

Virtual Identities concept adapted from the EU Daidalos project supports privacy of the user

Many “faces” for transactions to separate roles or for privacy reasons

These “personalities” or “avatars” or Virtual Identities (VIDs) must be unlinkable even though some attributes may be shared between them

The user must control the data revealed

Internet Accessand Electronic

Communication

Research approach, Methodology

FP7 SWIFT

Axis of Identity Management

FP7 SWIFT 7

PolicyManagement

PrivacyBilling

Authentication

AttributeExchange

Decision/Enforcement

AttributeManagement

Transparency

INTERNET

?

Passport/ID Card

OperatorContract

ServiceEULA

Driver’s License

Legal Representation of Identity

Digital Representation of Identity

Social Net. SP Account

Preferences/Attributes(favourite color, age, etc...)

VirtualID

VirtualID

VirtualID

Filtering

The Vertical Axis

FP7 SWIFT

Triangle of TransactionsBinding Identity Model

Technology and Business Drivers

FP7 SWIFT

IdentityManagement

Platform

Discovery /Directory

NameResolution

Anonimity

AAA

Context

Mobility

Security

QoS

AttributeManagement

& Access

Devices

Groups

Building Blocks: Identity Architecture

FP7 SWIFT

Goal 1: Enhance Ubiquity and Experience

Liberate user from device(s) by enabling use of several interchangeable devices

Ownership of the device should be independent of who uses it hiring (embedded) devices becomes part of the model

Facilitate discovery and service usage respecting the user's privacy options

Network access is automatically made available based on service requested

Invisible co-ordination of network and resources

Supported by the Identity Backbone

Goal 2: Enable Convergence

Identity can form the bridge between networks, services, content and arbitrary offerings it becomes a convergence technology

Currently a vast range of solutions exist that need to be brought together This includes SIM and USIM solutions

Central will be to also impact emerging NGN architectures 3GPP, ITU-T, ETSI

A key problem to solve will be to bridge the independently existing Identity solutions (SAML, OpenID, CardSpace, ...) SWIFT will develop solutions for this

Identity as the convergence enabler

Bringing Identity Management to the network Enable access and reachability across domains Make Identities of people, services, things, software

modules a part of the future Internet architecture The Future Internet will be the …. identiNETidentiNET Identity as the future end point of communication

whether user, service, thing, device or software module Support access, (non-) reachability, ubiquity Privacy can be dealt with vertically thus reducing

the danger of conflicting policies & mechanisms non-walled garden business is enabled

Identity in the Future Internet

FP7 SWIFT

Kick off in 01/08 with Public Web Page in January Work well progressed on

Scenario definition Requirements Initial architecture

Deliverables done and mid-term Work Methods Internal Report on Dissemmination Scenarios Gap Analysis and Architecture Requirements Initial Architecture

SWIFT results so far

FP7 SWIFT

FP7 SWIFT 15

Conclusions

SDOs (ETSI,ITU-T, OASIS

LA, IETF)

SDOs (ETSI,ITU-T, OASIS

LA, IETF)

BusinessOpportunities

& Types

BusinessOpportunities

& Types

EUInitiatives

(PrimeLife,Daidalos,FIDIS)

EUInitiatives

(PrimeLife,Daidalos,FIDIS)

SWIFT

SWIFT will develop an EU identity architecture as a catalyst that opens new doors to IdM, focusing on the network and convergence

SWIFT Website http://www.ist-swift.org

End

Thank You