Digital Identities for Networks and Convergence

1
Digital Identities for Networks and Convergence

• Joao Girao, Amardeo Sarma

2
Target Identity Convergence for NGN

• Solve identity fragmentation of today
• Make a bridge between platforms
• introduction of multi-personas per user
• transcend layers from network to services /
  applications
• Filter flow of identity info across the bridge
• minimization of identity info disclosure from
  users viewpoint
• making identity info obscure from operators
  viewpoint

Content Providers
3rd Party Platforms
Identity Creation
Identity Federation
ISP Platform
Users persona
Identity Exchange
Partner Operators Platform
Enterprise Platform
Home Operators NGN Platform
Source NEC
FP7 SWIFT
2
3
Traditional Relation Customer Provider
Fixed OperatorCustomer ID Physical line
Mobile OperatorCustomer ID SIM Card
provider
me
ISP Customer IDName / Password
Drawback Customer needs separate contract for
(most) services Reason The provider is
responsible not only for the service, but also
for identification and billing
Amazon etc. Customer IDName / Password
FP7 SWIFT
3
4
Target
me
ID providerCustomer ID Credentials
Trusted relation(contract)
ID billingprovider
Authorization accounting
Customer has few trusted relationships and
contracts, but can nonetheless get services from
3rd parties
Temporary relation(get service)
serviceprovider
Service Provider Offer / Price
5
SWIFT for Convergence Overview

• Duration January 2008 June 2010
• Consortium 9 partners from Industry and Academia
  (see below)
• Project Co-ordinator FhG SIT, Technical Leader
  NEC
• Focus
• Identity privacy across layers ? vertical
  approach
• Develop Identity as a key enabling technology for
  convergence
• Combined user / operator control on information
  exchange
• Optimize user/service/network-centric IdM with
  network focus
• Develop Identity Oriented Services
• Build on RD from Daidalos other FCT projects

University of Murcia
University of Stuttgart
6
Research approach, Methodology

• Virtual Identities concept adapted from the EU
  Daidalos project supports privacy of the user
• Many faces for transactions to separate roles
  or for privacy reasons
• These personalities or avatars or Virtual
  Identities (VIDs) must be unlinkable even though
  some attributes may be shared between them
• The user must control the data revealed

FP7 SWIFT
7
Axis of Identity Management
Billing
Privacy
Policy Management
Transparency
Attribute Management
Authentication
Decision/ Enforcement
Attribute Exchange
8
The Vertical Axis
9
Technology and Business Drivers
Triangle of Transactions
Binding Identity Model
10
Building Blocks Identity Architecture
Identity Management Platform
AAA
QoS
Discovery / Directory
Context
Attribute Management Access
Name Resolution
Mobility
Devices
Anonimity
Security
Groups
11
Goal 1 Enhance Ubiquity and Experience

• Liberate user from device(s) by enabling use of
  several interchangeable devices
• Ownership of the device should be independent of
  who uses it ? hiring (embedded) devices becomes
  part of the model
• Facilitate discovery and service usage respecting
  the user's privacy options
• Network access is automatically made available
  based on service requested
• Invisible co-ordination of network and resources

Supported by the Identity Backbone
12
Goal 2 Enable Convergence

• Identity can form the bridge between networks,
  services, content and arbitrary offerings ? it
  becomes a convergence technology
• Currently a vast range of solutions exist that
  need to be brought together ? This includes SIM
  and USIM solutions
• Central will be to also impact emerging NGN
  architectures ? 3GPP, ITU-T, ETSI
• A key problem to solve will be to bridge the
  independently existing Identity solutions (SAML,
  OpenID, CardSpace, ...) ? SWIFT will develop
  solutions for this

Identity as the convergence enabler
13
Identity in the Future Internet

• Bringing Identity Management to the network
• Enable access and reachability across domains
• Make Identities of people, services, things,
  software modules a part of the future Internet
  architecture
• The Future Internet will be the .

identiNET

• Identity as the future end point of communication
• whether user, service, thing, device or software
  module
• Support access, (non-) reachability, ubiquity
• Privacy can be dealt with vertically thus
  reducing the danger of conflicting policies
  mechanisms
• non-walled garden business is enabled

14
SWIFT results so far

• Kick off in 01/08 with Public Web Page in January
• Work well progressed on
• Scenario definition
• Requirements
• Initial architecture
• Deliverables done and mid-term
• Work Methods
• Internal Report on Dissemmination
• Scenarios
• Gap Analysis and Architecture Requirements
• Initial Architecture

FP7 SWIFT
15
Conclusions
SDOs (ETSI,ITU-T, OASIS LA, IETF)
SWIFT will develop an EU identity architecture as
a catalyst that opens new doors to IdM, focusing
on the network and convergence
SWIFT
BusinessOpportunities Types
EU Initiatives (PrimeLife, Daidalos, FIDIS)
16
SWIFT Website http//www.ist-swift.org
17
End

• Thank You