Report of Focus Group on Identity Management (FG IdM)

Review of how ETSI’s contribution and extension fits

Scott CadzowAbbie Barbir

World Class Standards

FG IdM Terms of ReferenceScope: IdM for telecomm/ICT in general; and specifically to facilitate and advance the development of a generic IdM framework and means of discovery of autonomous distributed identities and identity federations and implementationsObjectives

Prepare deliverables that include:• a living list of standards bodies, etc., dealing with IdM, including

information on their activities, documents re: an IdM framework,• a global analysis on IdM requirements and capabilities,• a set of IdM telecommunications/ICT use cases that can be used to derive

requirementsIn carrying out above, FG IdM may analyze other aspects related to the objectives (e.g., frameworks)

2

World Class Standards

Focus Group OutputCollaborative working methods:

Official ITU web and a wiki (www.ituwiki.com ) for unofficial collaboration

Reference materialsEcosystemLexiconExisting legal & regulatory compendium, including privacy

Use cases, platforms, gapsRequirements structure and provisions, including privacy relateddeliverablesDraft frameworks for interoperability

3

World Class Standards

Focus group timeline

4

World Class Standards

Evolving Definition of IdM

Enterprise

Edge devices

InfrastructureInternalGateway

Application Environments

HostedServices

Partner/SuppliersNetworks

Other hubs

Burton 2003• Identity management is the set of business processes, and supporting infrastructure, for

the creation, maintenance, and use of digital identities in online spaces

Burton 2007• Enterprise IdM is the set of business processes, and a supporting infrastructure, that

provides• Identity-based access control to systems and resources • In accordance with established policies

ETSI 2007• An identity is used within the NGN to distinguish one NGN entity from another. The

NGN entity may be an end-point (e.g. a telephone) or it may be service delivery agent (e.g. a service provider).

• The purpose of Identity Management in the NGN is to control the life of an NGN identifier from its creation through assignment and, if necessary, reassignment, to its destruction at the end of its useful life. Identity Management may also include the maintenance of the integrity of an identifier.

What is IdM from a carrier, provider,

Telecom Perspective?

What is the ITU role?

What is NGN IdM?

5

World Class Standards

ETSI Definition - IdentifierIdentifier

A lexical token that names an entity.A series of digits, characters and symbols used to identify uniquely subscriber, user, network element, function or network entity providing services/applications (TS 184 002)

World Class Standards

ETSI Definition - IdentityIdentity

A property of objects that allows those objects to be distinguished from each otherIdentifier allocated to a particular entity, e.g. a particular end-user, provides an Identity for that entity (TS 184 002)

World Class Standards

ETSI Definition – Identity crimeIdentity Crime

a generic term for Identity Theft, creating a False Identity or committing Identity Fraud

World Class Standards

ETSI Definition – Identity fraudIdentity Fraud

The use of a False Identity or legitimate identity to support unlawful activity.Falsely claiming to be a victim of Identity Fraud to avoid obligation or liability.

World Class Standards

ETSI Definition – Identity theftIdentity Theft

an event that occurs when sufficient information about an identity is obtained to facilitate Identity Fraud.

World Class Standards

Presence(Inference from video cameras,

RFID sensors, etc.)Evolution of Identity Management

SSO

InfocardsProximity

(Badge, Key,2nd Device)

Attribute Mgmt

Transparent

ExplicitBiometrics

(Fingerprint)

ImplicitBiometrics

(Key strokes, voice, face)

Username/Password

Federated Id

Identity as a set of attributes

Sharing of service-centric ids

Single user-centric id paired with many service-centric ids

User-centric and service-centric identities match

Fine-grained and gradual release of

attributes

Complete separation of user-centric and service-

centric ids

Microsoft Cardspace Higgins

OpenID

11

World Class Standards

Mobile operator centricDiscovery centricProject centricNetwork operator centricAuthentication centricAttribute centricBroad IdM centricUser centricApplication service provider centricObject identifier centric

IdM Ecosystem: Expansive

12

Broad IdM CentricBroad IdM CentricBroad IdM Centric

ISOSC27WG5 ITU-T

SG17

Mobile Operator Centric

Mobile Operator Mobile Operator CentricCentric

3GPPIMS

3GPPGBA

OMARD-IMF

Project Centric Project Centric Project Centric

FIDIS Daidalos

ModinisMAGNET

Discovery CentricDiscovery CentricDiscovery Centric

Yaddis

CNRIhandles XDI.ORG

OASISXRI

Object-Identifier CentricObjectObject--Identifier CentricIdentifier Centric

ITU-TJCA-NID

OID/OHN

EPCONS

CNRIDOI

UID

W3C/IETRURI

Attribute CentricAttribute CentricAttribute Centric

OSGiITU/IETF

E.164ENUM

OASISSPML

IETFIRIS

ITU-IETFLDAP

ITUX.500

ITUE.115v2NetMesh

LID

ETSILI-RDH

ETSITISPAN

ITU-TSG13

ITU-TSG4

ParlayPAM

ETSIIdM STF

ETSIUCI

ITU-TSG2

ITU-TSG11

ITU-TSG16

Network Operator CentricNetwork Operator CentricNetwork Operator Centric

OASISSAML

NISTFIPS201 IETF

OSCPANSIIDSP

ANSIHSSP

ZKP

ANSIZ39.50

Authentication CentricAuthentication CentricAuthentication Centric

OpenID

MsoftCardspace

IdentyMetaSystem

SourceID

Pubcookie

Passel

TCG

User CentricUser CentricUser Centric

OpenGroupIMF

App Service Provider CentricApp Service Provider CentricApp Service Provider Centric

IBMHiggins

LibertyWSF

OracleIGF

OASISxACML

WSFederation

SXIPVIP/PIP

CoSignEclipse

Shibboleth

LibertyI*

World Class Standards

Managing NGN Identities

13

LegacyTerminals

Note: Gateway (GW) may exist in either Transport Stratum or End-User Functions.

*

LegacyTerminals

Transport Stratum

Service Stratum

End-UserFunctions

Application Functions

Core transport Functions

NGNTerminals

CustomerNetworks

Other N

etworks

Application Support Functions and Service Support Functions

Core TransportFunctions

Other N

etworks

EdgeFunctions

Access Transport Functions

Access Transport Functions

ServiceControl

Functions

Network Access

Attachment Functions

Network Attachment Control Functions

(NACF)

Access NetworkFunctions

Resource and AdmissionControl Functions

(RACF)

UserProfile

Functions

T. UserProfileFunctions

UserProfile

Functions

T. UserProfileFunctions

GWGWGWGW

Other NGN ServiceComponents

PSTN / ISDN EmulationService Component

IP Multimedia Component&PSTN/ISDN Simulation

IP MultimediaService Component

S. UserProfile

Functions

GWGWGWGW

Applications

Identities in common components for applicationsUser Identity

Data

Identities in IMS and PES

Identities in common components for applications and service support

Identity Interoperability

Identities in NACF

Identities in RACF

User and terminal identities

World Class Standards

The Seven Pillars for Global Interoperable IdM

PeoplePeopleOrganizationsOrganizations Objects,

Sensorsand

Control Systems

Objects, Sensors

and Control Systems

14

World Class Standards

Interoperable FrameworkRelying Party

Identity Agent

Credential Store

Requesting/Asserting Entity

Identity Proofing

Enrollment

Credential Issuance

Self-Care Service

Identity Provider

Identity Attr. Service

User-Centric, Application Centric, Network Centric and Federation Protocols

Reputation

Validation

Token Service

Authentication Service

Personal Identifiable Information/Consent

Discovery, Transformation, Relationship and Bridging Services

Audit & Monitoring Service

Credential Mgmt Service

15

World Class Standards

FG Next StepsInitial work of the FG was completed and delivered to ITU-T Study Group 17 at its Plenary meeting, 28 Sept 2007FG itself has been replaced by the following IdM forumsJoint Coordination Activity for Identity Management (JCA-IdM)Global Standards Initiative for Identity Management (IdM-GSI), and the Joint Rapporteur Groups on Identity Management (JRG-IdM)

16

World Class Standards

FG IdM evolution to IdM GSI

17

World Class Standards

Overview and analysis

IDENTITY IN THE NGN

World Class Standards

Identity vs. IdentifierNGN entities have …

restricted behavioura single identifier

The NGN is defined by its behaviourA composition of the behaviour of its entitiesMany compositions possible so many NGN definitions are possible

World Class Standards

CRAVED analysis of identity

Criteria Criteria clarification ApplicabilityConcealable The target can easily be concealed by the

thief or, at least, is not easily identifiable as not belonging to the thief

Yes.

Removable The target is not physically fixed or otherwise secured

Yes

Available The target is both visible and accessible to the thief

Yes.

Valuable The target has either intrinsic monetary value or personal value to the thief

Yes.

Enjoyable Possession of the target provides pleasure to the holder either through monetary or personal gain

Yes.

Disposable The target can be sold by the thief for monetary or other gain

Yes.

World Class Standards

NGN and identityIdentity classes in NGN:1. Those generated automatically by network elements (e.g. call

identifiers). For these, no human intervention is required (or possible).

2. Those that may be allocated by operators without reference to external bodies (e.g. customer account number).

3. Those for which operators must go to external bodies to receive allocations (e.g. E.164 numbers, public IP addresses).

Identity fraud possible for classes 2 and 3

World Class Standards

Forms of identity – class 3E164 numbers

AuthoritativeStructured

SIP-urls, Tel-urlsAuthoritativeStructured

World Class Standards

Identity problems in NGNProliferation of non-authoritative id

Self asserted SIP-urlsIdentifier uncertainty

Equivalence of “IP address + port” to identifierContext “pull”

Identifiers used out of contextE.g. NASS identifier used in IMS

World Class Standards

Assurance of Identity

Counter to identity fraudAchieving assurance

Rigorous requirements designDesign process from ETSI EG 202 387 (applying common criteria to standards development)Standards as protection profiles from ETSI ES 202 382

World Class Standards

Summary findings, next stage of work

SECURITY ANALYSIS

World Class Standards

Unwanted incidentsMasquerade

Self revealingNon-self revealing

Unsolicited communicationIdentity correlationTraffic analysis

World Class Standards

Security considerationsIdentity attacks seen as masquerade

Single source of dataMultiple sources of data

RiskWhat happens when it all goes wrong?Likelihood of masqueradeImpact of masquerade

World Class Standards

NGN objectives for IdentifiersThe NGN should create its identitiesThe NGN should be the only entity able to destroy its identitiesThe NGN should comply with the OECD guidelines for processing of personal dataThe identity provider should be retrievable from analysis of theidentityThe NGN should support the transfer of identifier/identity between CSPs

World Class Standards

Risk analysis - masqueradeIMPACT

Mostly lowExploits affect one entity at a time

LIKELIHOODMostly highStructure is known, identity not often protected (given away)

World Class Standards

Risk analysis – unsolicited communicationIMPACT

Generally lowExists in PSTN and NGN offers more channels to exploitExacerbated by identity belonging to platform not service

LIKELIHOODHigh

World Class Standards

Risk analysis – identity correlationIMPACT

Low to mediumData already exists and services provided (directory services)

LIKELIHOODMedium to high

World Class Standards

Risk analysis – traffic analysisIMPACT

Medium to highDetermines end-user behaviour

LIKELIHOODLow to mediumAttack requires long term access to network, skill in analysis, some advanced tools

World Class Standards

Risk analysis - findingsIdentifiers open to simple masquerade

Countered in NGN by strong authenticationTraffic analysis difficult

Countered in NGN by strong authentication and allocation of session identity

World Class Standards

Platform and barrier

NGN CONTRIBUTION TO IDENTITY FRAUD

World Class Standards

PlatformNGN identifiers

Follow the identifier=identity modelHave publicly known structuresCan be emulated, guessed, copiedRelease is not contained

World Class Standards

BarrierAuthentication of identifier

Counters simple masqueradeIdentity theft for masquerade is self revealing (billed service)

Confidentiality of signallingCounters traffic analysis

Non-repudiationConsequence from compliance to regulation

World Class Standards

Audience participation

THANKS AND QUESTIONS

World Class Standards

Contact details and acknowledgementsContacts

Scott CADZOW• Scott.cadzow@etsi.org; scott@cadzow.com

Abbie Barbir• abbieb@nortel.com

AcknowledgementsMembers of ITU-T FG IdM

• Tony Rutkowski and Ray Singh for (modified) slides from ITU-T September IdM Tutorial Presentations

Members of the TISPAN NGN development team• Tony Holmes and WG4• WG8 for the SuM modelling• WG7 and STF330 for the Id and IdM security modelling