An Emerging Global Convergence on Identity Management

1
An Emerging Global Convergence on Identity
Management
"?????? ????????? ??? "????? ?????? ????????
??????????"  ???? - ?????? 29 - 31 ??????
2007 ITU Regional Seminar on Identity
Management and e-Signatures   Damascus-Syria, 29
31 October 2007

• Tony Rutkowski
• mailto trutkowski_at_verisign.com
• Vice President, VeriSign
• Chair, Requirements Working Group, ITU-T Focus
  Group on Identity Management
• Editor, ITU-T Draft Recommendation on Identity
  Management, X.IdMreq

2
Overview

• Many different, insular Identity Management (IdM)
  communities, perspectives, and platforms have
  emerged
• ITU global initiatives over the past year have
  produced
• Dialogue across these IdM communities
• Four comprehensive reports aiming toward a
  converged perspective and potential
  compatibility/interworking
• Includes Compendium of IdM Legal and Regulatory
  requirements
• Focused 2008 activities among industry and
  government
• New international Identity Management convergence
  initiatives
• Value propositions include
• New product and service opportunities for
  industry in a world of any entity, anywhere,
  anytime, using anything
• Ability to support infrastructure protection and
  other important governmental, business, and
  consumer requirements

3
Isolation in an expandingIdM universe
4
Long-term shift to Identity Providers by industry
Primary driver is Nomadicity
5
Shift to open IdM client platforms in 2007
6
The Challenge Different Perspectives on IdM
IdentityBridges
Users
NetworkOperators
ApplicationProviders
Government
7
Focus Group on Identity Management

• Existed Feb-Sept 2007
• Treated every aspect of Identity Management
• All entities and all forms of identity,
  technologies, and provisioning
• Broad global participation and outreach
• Discovered, analyzed, and in many cases contacted
  more than 100 different IdM forums within more
  than 60 different organizations
• Met five times on three different continents
• Involved 139 different people, 88 different
  organizations in 22 countries
• Basis was 114 input contributions from 41
  different companies and organizations
• Collaborated also via Wiki ltwww.ituwiki.comgt
• Produced four major reports as the basis for
  future standards and new global Identity
  Management actions
• New flagship ITU-T standards activities in 2008
  and beyond
• Comparable activities in most regional and
  national bodies
• Infusion into numerous network/cyber/national
  security technical activities, public policy
  making proceedings, and RD especially for
  IMS/NGNs

8
Four Identity Management Deliverables

• 73 requirements and recommendations
• First global Identity Management legal and
  regulatory compendium

9
Out of many use cases, seven converged pillars
10
Far reaching architecture requirements
IDM Model
A common, structured Identity Management Model
and IdM Plane
IDM Plane
11
Far reaching provisioning requirements

• Interoperable protocols for Identity Providers,
  including objects
• Identity assurance/confidence metrics
• Identity lifecycle management
• Improved identity proofing and discovery for
  public network identifiers in hierarchical
  assignment identifier structures

Provision of credential, identifier, attribute,
and pattern identity services with known
assurance levels to all Entities
12
Far reaching discovery requirements
Discovery of authoritative Identify Provider
resources, services and federations

• Global mechanisms for discovery of asserted forms
  of identity
• Candidate platform is OASIS XRI
• Determining source for authoritative identities
• Identity bridging capabilities

13
What does this convergence mean for the future?

• In a world of any entity, anywhere, anytime,
  using anything
• Enables new Identity Provider product and service
  opportunities for industry
• Ability for existing providers to extend their
  customer relationships globally across all
  platforms and earn new revenue
• Ability for trusted third parties to offer
  identity bridging services based on OpenID,
  CardSpace, IMS GBA, Liberty, Shibboleth, etc.,
  See https//pip.verisignlabs.com/
• May be predicated on a requirement for open
  Identity Management architectures and service
  elements
• Enables support for infrastructure protection and
  other important governmental requirements
• Critical Infrastructure protection National
  Security/Emergency Preparedness/Emergency
  Telecommunication Service
• Assistance to lawful authority
• Competition requirements
• Identifier resource management
• Consumer needs
• Business needs
• Digital rights management
• Juridical evidentiary requirements
• Implementing National Identity Systems
• Reducing Identity-Related Crime

14
Where the IdM work will occur in 2008
First ITU-T Joint Rapporteur Group Meetings,
Geneva, Dec 2007, then Seoul, Jan 2008
First ITU-T IdM GSI, Geneva, Apr 2008
First JCA-IdM meetings, Geneva, Dec 2007