Study Group 17 has been designated the Lead Study Group for Identity Management (IdM) in accordance with World Telecommunication Standardization Assembly (WTSA-08) Resolution 2.
As the lead study group for Identity Management, Study Group 17 is responsible for the study of the appropriate core Questions on IdM. In addition, in consultation with other relevant study groups and in collaboration, where appropriate, with other standards bodies, Study Group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.
All Study Groups are requested to keep Study Group 17 informed of their work plans regarding IdM so that they can be integrated into the overall IdM work programme.
Study Group responsibilities for IdM
WTSA Resolution 2 identifies study group responsibilities for IdM as:
- Study Group 2: Responsible for studies relating to ensuring the consistency of the format and structure of IdM identifiers and for studies specifying interfaces to management systems to support the communication of identity information within or between organizational domains.
- Study Group 13: Responsible for studies of functions and relevant capabilities including NGN-specific identity management functional architecture that supports value-added identity services, the secure exchange of identity information and the application of bridging/interoperability between a diverse set of identity information formats. Also to be studied are any identity management threats within the NGN and the mechanisms to counter them. In addition, Study Group 13 will study the protection of personally identifiable information (PII) in the NGN to ensure that only authorized PII is disseminated within the NGN, as well as future networks.
- Study Group 17: Responsible for studies relating to the development of a generic identity management model that is independent of network technologies and supports the secure exchange of identity information between entities. This work also includes studying the process for discovery of authoritative sources of identity information; generic mechanisms for the bridging/interoperability of a diverse set of identity information formats; identity management threats, the mechanisms to counter them, the protection of personally identifiable information (PII) and to develop mechanisms to ensure that access to PII is only authorized when appropriate.
Recommendations related to IDM
F.511, Directory Service - Support of tag-based identification services
H.642.1, Multimedia information access triggered by tag-based identification - Identification scheme
H.642.2, Multimedia information access triggered by tag-based identification - Registration procedures for identifiers
H.642.3, Information technology - Automatic identification and data capture technique - Identifier resolution protocol for multimedia information access triggered by tag-based identification
X.1141, Security Assertion Markup Language (SAML) 2.0
X.1142, eXtensible Access Control Markup Language (XACML 2.0)
X.1144, eXtensible Access Control Markup Language (XACML) 3.0
X.1154, General framework of combined authentication on multiple identity service provider environments
X.1171, Threats and requirements for protection of personally identifiable information in applications using tag-based identification
X.1250, Baseline capabilities for enhanced global identity management trust and interoperability
X.1251, A framework for user of digital identity
X.1252, Baseline identity management terms and definitions
X.1253, Security guidelines for identity management systems
X.1254, Entity authentication assurance framework
X.1255, Framework for discovery of identity management information
X.1275, Guidelines on protection of personally identifiable information in the application of RFID technology
Y.2720, NGN identity management framework
Y.2721, NGN identity management requirements and use cases
Y.2722, NGN identity management mechanisms
Y.2723, Support for OAuth in next generation networks
Y.2724, Framework for supporting OAuth and OpenID in next generation networks
Y.2725, Support of OpenID in next generation networks
Y.3031, Identification framework in future networks
Other approved texts:
- X.Suppl.22, ITU-T X.1144 - Supplement on enhancements and new features in eXtensible Access Control Markup Language (XACML 3.0)
- Y.Suppl.12, ITU-T Y.2720 - Supplement on NGN identity management mechanisms
- Y.Suppl.18, ITU-T Y.2700-series - Supplement on next generation network certificate management
Recommendations in approval process:
Recommendations under development:
- Q.IdM.SIG, Signaling requirements and architecture of the IC-T interface between transport stratum functional entity (T-FE) and Id management control functional entity (IdMC-FE)
- X.authi, Authentication integration in identity management
- X.giim, Generic identity management interoperability mechanisms
- X.gpim, Guideline for management of personally identifiable information for telelcommunication organizations
- X.iamt, Identity and access management taxonomy
- X.idmcc, Requirement of IdM in cloud computing
- X.idmts, Framework for the interoperable exchange of trusted services
- X.pki-em, Information Technology - Public-Key Infrastructure: Establishment and maintenance
- X.pki-prof, Information Technology - Public-Key Infrastructure: Profile
- X.sap-8, Efficient multi-factor authentication mechanisms using mobile devices
- X.scim-use, Application of system for cross identity management (SCIM) in telecommunication environments
- Y.FNID-config, Configurations of node identifiers and their mapping with locators in future networks
- Y.NGNspid, NGN Requirements and Use Cases for Trusted Service Provider Identity
- Y.NGN IdM Use-cases, Supplement on NGN identity management use cases
Presentations and related information
- The ITU-T SG17 IdM standardization activity, Arkadiy Kremer, ITU-T SG17 Chairman. SIIC- SSEDIC Conference, 8-9 July 2013, Rome, Italy
IDENTITY Summit, Geneva, 10 December, 2010.
"Welcome and Overview of IdM related work in SG 17",
Abbie Barbir, PhD., Rapporteur Q10/17 (IdM Question), and
Erik Andersen Rapporteur Q11 (Directory services/Systems, public-key/attribute certificates)
"Open Identity Trust Frameworks: A Market Solution to Online Identity Trust",
Don Thibeau, Chairman and President, The Open Identity Exchange and
Joni Brenan, Kantara Initiative, Managing Director
- "OpenID & oAuth 2.0 achieving higher levels of assurance",
John Bradley, OpenID Board of Directors
- "Identity Management in 3GPP",
Silke Holtmanns, Nokia (Rapporteur of IdM related specifications/reports in 3GPP SA3 Security
- "Federating Trust Services",
Peter Alterman, PhD., Senior Advisor to the CIO for Strategic Initiatives National Institutes of Health, USA, OASIS IDTrust Steering Committee
"ISO TC68 Financial Services – Identity and Authentication",
Jeff Stapleton, Global Information Security, Bank of America – X9F4 Cryptographic Protocol and Application Security Working Group – CISSP, CTGA and former QSA
- "The User-Managed Access protocol",
Eve Maler, Paypal, Chair of Kantara UMA WG and
Joni Brenan, Kantara Initiative, Managing Director [PRESENTATION]
- Panel: "Data Protection, Privacy and root of Trust in the Cloud", Panel Chair: CA Technologies and Chair OASIS IDtrust Member Section
Nat Sakimura, NRI, Japan, Chair OASIS Open Reputation Management work ORMS TC
Dominique Nguyen, Ph.D., CISSP, Sr. Architect, Global Information Security, Bank of America
Anil Seldana, Chair OASIS ID Cloud TC, IDtrust Member Section Steering Committee, Redhat
- "Privacy Management Standards What They Are and Why They Are Needed Now",
John Sabo, CA Technologies and Chair OASIS IDtrust Member Section
- "Bringing Root of Trust into IA",
Shahrokh Shahidzadeh, Intel Corp. Sr Principal Technologist, Software and Services Group,
Sergiu Ghetie, Intel Corp., Principal Security architect, Security and Business Integrity - Intel Corp.
- John Bradley, Chair Kantara Leadership Council, Chair Federation Interoperability Work Group
- "An overview of KI Telco ID WG",
Jonas Hogberg, Ericsson, Co-Chair Telecommunications Identity Group Kantara Initiative
- “The ABA Legal Task Force Building an Online Identity Legal Framework “ by
Thomas J. Smedinghoff, Co-Chair, ABA Federated Identity Management Legal Task Force
Summary and Closing Remarks, Abbie Barbir, PhD.
ITU-T workshop "New challenges for telecommunication security standardizations", Geneva, 9-10 February 2009.
- Session 1 presented networks, users, services and information as protected objects.
- Session 6 presented Identity Service which address current key challenges of identity management and its global vision in the future. This session also discussed standardization activities in this area in order to identify the future standardization work in ITU-T.
WTSA side event on cybersecurity was convened to address the global concern of security in information and communication technologies (ICT), as well as providing a high-level overview of the subject, Johannesburg, 23 October 2008.
Richard Brackney, ITU-T JCA-IdM Co-Convener, Identity Management (IdM)
Heung Youl Youm, Korea, Korea Perspective on Standardization for PI/PII/LI Protection
Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and FIDIS (Future of Identity in the Information Society) Workshop on Identity Management Standards, Lucerne, 30 September 2007.
See ITU-T / ISO/IEC JTC 1/SC 27 Workshop on identity management.
ITU-T Workshop on Digital Identity for NGN , Geneva, 5 December 2006. See ITU-T Workshop on Digital Identity for NGN.
Identity Management Focus Group Deliverables:
Cross Study Group efforts: