(Continuation of part of Q.6/17)
Identity management (IdM) is the management of the life cycle and use
(creation, maintenance, utilization, and revocation) of credentials,
identifiers, attributes, and patterns by which entities (e.g., service
providers, end-user, organizations, network devices, applications and services)
are known with some level of trust. Depending on the context, multiple
identities may exist for a single entity at differing security requirements, and
at multiple locations. In public networks, IdM supports trusted information
exchange between authorized entities that is based on validation and assertion
of identities across distributed systems in a multiple service providers and
open service environment. IdM also enables the protection of private information
and ensures that only authorized information is disseminated.
IdM is a key component of telecommunications/ICT networks, services, and
products because it supports establishing and maintaining trusted
communications. It not only supports authentication of an entity’s identity, it
also permits authorization of privileges, easy change of privileges when an
entity’s role changes, delegation, nomadicity, and other significant
IdM is a critical component in managing network security and enabling the
nomadic, on-demand access to networks and e-services that end-users’ expect
today. Along with other defensive mechanisms, IdM helps to prevent fraud and
identity theft and thereby increases users’ confidence that e-transactions are
secure and reliable.
National/regional specific IdM specifications and solution will exist and
continue to evolve. Harmonization of the different national/regional IdM
approaches, specifications and solution variants is very important for global
This Question is dedicated to the vision setting and the coordination and
organization of the entire range of IdM activities within ITU-T. A top-down
approach to the IdM will be used with collaboration with other study groups and
other standards development organizations (SDOs). It is recognized that other
Questions will be involved in specific aspects of IdM i.e., protocols,
requirements, network device identifiers, etc.
Recommendations under responsibility of this Question as of 1 December 2008:
Study items to be considered include, but are not limited to:
- What are the functional concepts for a common identity management (IdM)
- What is an appropriate IdM model that is independent of network technologies,
supports user-centric involvement, represents IdM information and supports the
secure exchange of IdM information between involved entities (e.g., users,
relying parties and identity providers) based on policies?
- What are the components of a generic framework and requirements for IdM?
- What are the specific IdM requirements of service providers?
- What are requirements, capabilities and possible strategies for achieving
interoperability between different IdM systems (e.g., identity assurance,
- What are the candidate mechanisms for IdM interoperability to include
identifying and defining applicable profiles to minimize interoperability
- What are the requirements and mechanisms for protection and disclosure of
personally identifiable information (PII)?
- What are the requirements to protect IdM systems from cyber attacks?
- What IdM capabilities can be used against cyber attacks?
- How should IdM be integrated with advanced security technologies?
Tasks include, but are not limited to:
- Specify an IdM framework that supports discovery, policy and trust model,
authentication and authorization, assertions, and credential lifecycle
management required for IdM.
- Define functional IdM architectural concepts to include IdM bridging between
networks and among IdM systems taking into account advanced security
- Specify requirements (and propose mechanisms) for identity assurance, and
mapping/interworking between different identity assurance methods that might be
adopted in various networks. In this context, identity assurance includes
identity patterns and reputation.
- Define interfaces for interoperability of IdM systems.
- Define requirements (and propose mechanisms) for protection and disclosure of
personally identifiable information (PII).
- Define requirements (and propose mechanisms) to protect IdM systems including
how to use IdM capabilities as a means for service providers to coordinate and
exchange information regarding cyber attacks.
- Maintain and coordinate IdM terminology and definitions living list and to
continue the on-going work.
- Study and define IdM security risks and threats.
Recommendations: X- and Y-series
Questions: ITU-T Qs 1, 4, 8/17 and 16/13
Study groups: ITU-T SGs 2, 11, 13 and 16; ITU-D SG 1
Standardization bodies: ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN;
OASIS; Liberty Alliance; OMA; NIST; 3GPP; 3GPP2
Other bodies: Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc.