Summary

Recommendation ITU-T Y.2720 provides a framework for identity management (IdM) in next generation networks (NGN). The primary purpose of this framework is to describe a structured approach for designing, defining, and implementing IdM solutions and for facilitating interoperability in a heterogeneous environment.

The management of entity identity information (e.g., identifiers, credentials and attributes) is not new. However, as we move towards a converged network environment where services are based on contexts and roles and may be accessed anywhere, and anytime, the assurance, security and management of identity information becomes more complex. Additionally, there may be different and independent solutions resulting in the need for interoperability. Therefore, new, enhanced, automated, and interoperable capabilities are needed for the following reasons:

•            end users are increasingly using multiple identities;

•            these identities may be associated with different contexts and service privileges;

•            the identities may only partially identify the end user;

•            the identities may be used anywhere and at anytime; and

•            the identities may not be interoperable between providers.

IdM addresses this situation, and is a set of functions and capabilities (e.g., administration, management and maintenance, discovery, communication exchanges, correlation and binding, policy enforcement, authentication and assertions) used for:

•            assurance of identity information (e.g., identifiers, credentials, attributes);

•            assurance of the identity of an entity (e.g., users/subscribers, groups, user devices, organizations, network and service providers, network elements and objects, and virtual objects); and

•            enabling business and security applications. 

This framework is intended to be used as a foundation to develop and specify specific aspects of IdM, such as detailed requirements, mechanisms and procedures, as needed. It also provides a clear and coherent overview of the totality of IdM in NGNs.

The framework provided in this Recommendation is intended for NGN (i.e., managed packet networks) as defined in Recommendation ITU-T Y.2001, General overview of NGN. However, it could be applied as appropriate to other types of networks (e.g., corporate and enterprise networks).

NOTE – The use of the term "Identity" in this Recommendation relating to IdM does not indicate its absolute meaning. In particular, it does not constitute any positive validation of a person.