View
216
Download
0
Tags:
Embed Size (px)
Citation preview
FP7 SWIFT 2
Target: Identity Convergence for NGN+
Solve identity fragmentation of today: Make a bridge between platforms
introduction of multi-personas per user transcend layers from network to services /
applications Filter flow of identity info across the bridge
minimization of identity info disclosure from user’s viewpoint
making identity info obscure from operator’s viewpoint
Identity Creation
Home Operator’s NGN Platform
ISP PlatformIdentity Federation
3rd Party Platforms
User’s persona
Content Providers
Enterprise PlatformPartner Operator’s PlatformIdentity
Exchange
Source: NEC
FP7 SWIFT 3
Traditional Relation Customer – Provider
me provider
Fixed Operator:Customer IDPhysical line
Mobile Operator:Customer IDSIM Card
ISP:Customer IDName / Password
Amazon etc.:Customer IDName / Password
Drawback: Customer needs separate contract for (most) services
Reason: The provider is responsible not only for the service, but also for identification and billing
FP7 SWIFT 4
Target
me
ID & billingprovider
ID provider:Customer IDCredentials
Service Provider:Offer / Price
Trusted relation(contract)
serviceprovider
Temporary relation(get service)
Customer has few trusted relationships and contracts, but can nonetheless get services from 3rd parties
Authorization& accounting
FP7 SWIFT 5
SWIFT for Convergence: Overview
Duration: January 2008 – June 2010 Consortium: 9 partners from Industry and Academia (see below) Project Co-ordinator: FhG SIT, Technical Leader: NEC Focus
Identity & privacy across layers vertical approach Develop Identity as a key enabling technology for convergence Combined user / operator control on information exchange Optimize user/service/network-centric IdM with network focus Develop Identity Oriented Services Build on R&D from Daidalos & other FCT projects
Universityof Murcia
Universityof Stuttgart
Virtual Identities concept adapted from the EU Daidalos project supports privacy of the user
Many “faces” for transactions to separate roles or for privacy reasons
These “personalities” or “avatars” or Virtual Identities (VIDs) must be unlinkable even though some attributes may be shared between them
The user must control the data revealed
Internet Accessand Electronic
Communication
Research approach, Methodology
FP7 SWIFT
Axis of Identity Management
FP7 SWIFT 7
PolicyManagement
PrivacyBilling
Authentication
AttributeExchange
Decision/Enforcement
AttributeManagement
Transparency
INTERNET
?
Passport/ID Card
OperatorContract
ServiceEULA
Driver’s License
Legal Representation of Identity
Digital Representation of Identity
Social Net. SP Account
Preferences/Attributes(favourite color, age, etc...)
VirtualID
VirtualID
VirtualID
Filtering
The Vertical Axis
FP7 SWIFT
IdentityManagement
Platform
Discovery /Directory
NameResolution
Anonimity
AAA
Context
Mobility
Security
QoS
AttributeManagement
& Access
Devices
Groups
Building Blocks: Identity Architecture
FP7 SWIFT
Goal 1: Enhance Ubiquity and Experience
Liberate user from device(s) by enabling use of several interchangeable devices
Ownership of the device should be independent of who uses it hiring (embedded) devices becomes part of the model
Facilitate discovery and service usage respecting the user's privacy options
Network access is automatically made available based on service requested
Invisible co-ordination of network and resources
Supported by the Identity Backbone
Goal 2: Enable Convergence
Identity can form the bridge between networks, services, content and arbitrary offerings it becomes a convergence technology
Currently a vast range of solutions exist that need to be brought together This includes SIM and USIM solutions
Central will be to also impact emerging NGN architectures 3GPP, ITU-T, ETSI
A key problem to solve will be to bridge the independently existing Identity solutions (SAML, OpenID, CardSpace, ...) SWIFT will develop solutions for this
Identity as the convergence enabler
Bringing Identity Management to the network Enable access and reachability across domains Make Identities of people, services, things, software
modules a part of the future Internet architecture The Future Internet will be the …. identiNETidentiNET Identity as the future end point of communication
whether user, service, thing, device or software module Support access, (non-) reachability, ubiquity Privacy can be dealt with vertically thus reducing
the danger of conflicting policies & mechanisms non-walled garden business is enabled
Identity in the Future Internet
FP7 SWIFT
Kick off in 01/08 with Public Web Page in January Work well progressed on
Scenario definition Requirements Initial architecture
Deliverables done and mid-term Work Methods Internal Report on Dissemmination Scenarios Gap Analysis and Architecture Requirements Initial Architecture
SWIFT results so far
FP7 SWIFT
FP7 SWIFT 15
Conclusions
SDOs (ETSI,ITU-T, OASIS
LA, IETF)
SDOs (ETSI,ITU-T, OASIS
LA, IETF)
BusinessOpportunities
& Types
BusinessOpportunities
& Types
EUInitiatives
(PrimeLife,Daidalos,FIDIS)
EUInitiatives
(PrimeLife,Daidalos,FIDIS)
SWIFT
SWIFT will develop an EU identity architecture as a catalyst that opens new doors to IdM, focusing on the network and convergence