Study Group 17 has been designated the Lead Study Group for Identity Management (IdM) in accordance with World Telecommunication Standardization Assembly (WTSA-08, WTSA-12, WTSA-16) Resolution 2.
As the lead study group for Identity Management, Study Group 17 is responsible for the study of the appropriate core Questions on IdM. In addition, in consultation with other relevant study groups and in collaboration, where appropriate, with other standards bodies, Study Group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.
All Study Groups are requested to keep Study Group 17 informed of their work plans regarding IdM so that they can be integrated into the overall IdM work programme.
Study Group responsibilities for IdM
WTSA Resolution 2 identifies study group responsibilities for IdM as:
- Study Group 2: Responsible for studies relating to ensuring the consistency of the format and structure of IdM identifiers and for studies specifying interfaces to management systems to support the communication of identity information within or between organizational domains.
- Study Group 13: Responsible for studies of functions and relevant capabilities including NGN-specific identity management functional architecture that supports value-added identity services, the secure exchange of identity information and the application of bridging/interoperability between a diverse set of identity information formats. Also to be studied are any identity management threats within the NGN and the mechanisms to counter them. In addition, Study Group 13 will study the protection of personally identifiable information (PII) in the NGN to ensure that only authorized PII is disseminated within the NGN, as well as future networks.
- Study Group 17: Responsible for studies relating to the development of a generic identity management model that is independent of network technologies and supports the secure exchange of identity information between entities. This work also includes studying the process for discovery of authoritative sources of identity information; generic mechanisms for the bridging/interoperability of a diverse set of identity information formats; identity management threats, the mechanisms to counter them, the protection of personally identifiable information (PII) and to develop mechanisms to ensure that access to PII is only authorized when appropriate.
Recommendations related to IDM
F.511, Directory Service - Support of tag-based identification services
- F.748.1, Requirements and common characteristics of the IoT identifier for the IoT service
H.642.1, Multimedia information access triggered by tag-based identification - Identification scheme
H.642.2, Multimedia information access triggered by tag-based identification - Registration procedures for identifiers
H.642.3, Information technology - Automatic identification and data capture technique - Identifier resolution protocol for multimedia information access triggered by tag-based identification
- X.675, OID-based resolution framework for heterogeneous identifiers and locators
X.1141, Security Assertion Markup Language (SAML) 2.0
X.1142, eXtensible Access Control Markup Language (XACML 2.0)
X.1144, eXtensible Access Control Markup Language (XACML) 3.0
X.1154, General framework of combined authentication on multiple identity service provider environments
- X.1155, Guidelines on local linkable anonymous authentication for electronic services
- X.1158, Multi-factor authentication mechanisms using a mobile device
X.1171, Threats and requirements for protection of personally identifiable information in applications using tag-based identification
X.1250, Baseline capabilities for enhanced global identity management trust and interoperability
X.1251, A framework for user of digital identity
X.1252, Baseline identity management terms and definitions
X.1253, Security guidelines for identity management systems
X.1254, Entity authentication assurance framework
X.1255, Framework for discovery of identity management information
- X.1256, Guidelines and framework for sharing network authentication results with service applications
- X.1257, Identity and access management taxonomy
- X.1258, Enhanced entity authentication based on aggregated attributes
X.1275, Guidelines on protection of personally identifiable information in the application of RFID technology
- Y.2015, General requirements for ID/locator separation in NGN
- Y.2057, Framework of node identifier and routing locator separation in IPv6-based next generation networks
Y.2720, NGN identity management framework
Y.2721, NGN identity management requirements and use cases
Y.2722, NGN identity management mechanisms
Y.2723, Support for OAuth in next generation networks
Y.2724, Framework for supporting OAuth and OpenID in next generation networks
Y.2725, Support of OpenID in next generation networks
Y.3031, Identification framework in future networks
- Y.3034, Architecture for interworking of heterogeneous component networks in ID/locator split-based future networks
Other approved texts:
- X.Suppl.22, ITU-T X.1144 - Supplement on enhancements and new features in eXtensible Access Control Markup Language (XACML 3.0)
- Y.Suppl.12, ITU-T Y.2720 - Supplement on NGN identity management mechanisms
- Y.Suppl.18, ITU-T Y.2700-series - Supplement on next generation network certificate management
Recommendations in approval process:
- X.1058 (X.gpim), Information technology — Security techniques — Code of practice for personally identifiable information protection
Recommendations under development:
- L.pneid, Passive node elements with automated ID tag detection
- Q.IdM.SIG, Signaling requirements and architecture of the IC-T interface between transport stratum functional entity (T-FE) and Id management control functional entity (IdMC-FE)
- X.509 (eighth edition), Information technology – Open Systems Interconnection – The Directory – Public-key and attribute certificate frameworks
- X.1254 (revised), Entity authentication assurance framework
- X.eaasd, Framework of enhanced authentication in telebiometric environments using anti-spoofing detection mechanisms
- X.hakm, Guidelines on hybrid authentication and key management mechanisms in client-server model
- X.oiddev, Object identifier assignments for the Internet of things
- X.oid-iot, ITU-T X.660 – Supplement on Guidelines for using object identifiers for the Internet of things
- X.pki-em, Information Technology - Public-Key Infrastructure: Establishment and maintenance
- X.pki-prof, Information Technology - Public-Key Infrastructure: Profile
- X.te, Trust elevation protocol
- Y.IoT-IoD-PT, Identity of IoT devices based on secure procedures and ensures privacy and trust of IoT system
- Y.SC-Interop, Identifier service requirements for the interoperability of Smart City applications
Presentations and related information
- The ITU-T SG17 IdM standardization activity, Arkadiy Kremer, ITU-T SG17 Chairman. SIIC- SSEDIC Conference, 8-9 July 2013, Rome, Italy
IDENTITY Summit, Geneva, 10 December, 2010.
"Welcome and Overview of IdM related work in SG 17",
Abbie Barbir, PhD., Rapporteur Q10/17 (IdM Question), and
Erik Andersen Rapporteur Q11 (Directory services/Systems, public-key/attribute certificates)
"Open Identity Trust Frameworks: A Market Solution to Online Identity Trust",
Don Thibeau, Chairman and President, The Open Identity Exchange and
Joni Brenan, Kantara Initiative, Managing Director
- "OpenID & oAuth 2.0 achieving higher levels of assurance",
John Bradley, OpenID Board of Directors
- "Identity Management in 3GPP",
Silke Holtmanns, Nokia (Rapporteur of IdM related specifications/reports in 3GPP SA3 Security
- "Federating Trust Services",
Peter Alterman, PhD., Senior Advisor to the CIO for Strategic Initiatives National Institutes of Health, USA, OASIS IDTrust Steering Committee
"ISO TC68 Financial Services – Identity and Authentication",
Jeff Stapleton, Global Information Security, Bank of America – X9F4 Cryptographic Protocol and Application Security Working Group – CISSP, CTGA and former QSA
- "The User-Managed Access protocol",
Eve Maler, Paypal, Chair of Kantara UMA WG and
Joni Brenan, Kantara Initiative, Managing Director [PRESENTATION]
- Panel: "Data Protection, Privacy and root of Trust in the Cloud", Panel Chair: CA Technologies and Chair OASIS IDtrust Member Section
Nat Sakimura, NRI, Japan, Chair OASIS Open Reputation Management work ORMS TC
Dominique Nguyen, Ph.D., CISSP, Sr. Architect, Global Information Security, Bank of America
Anil Seldana, Chair OASIS ID Cloud TC, IDtrust Member Section Steering Committee, Redhat
- "Privacy Management Standards What They Are and Why They Are Needed Now",
John Sabo, CA Technologies and Chair OASIS IDtrust Member Section
- "Bringing Root of Trust into IA",
Shahrokh Shahidzadeh, Intel Corp. Sr Principal Technologist, Software and Services Group,
Sergiu Ghetie, Intel Corp., Principal Security architect, Security and Business Integrity - Intel Corp.
- John Bradley, Chair Kantara Leadership Council, Chair Federation Interoperability Work Group
- "An overview of KI Telco ID WG",
Jonas Hogberg, Ericsson, Co-Chair Telecommunications Identity Group Kantara Initiative
- “The ABA Legal Task Force Building an Online Identity Legal Framework “ by
Thomas J. Smedinghoff, Co-Chair, ABA Federated Identity Management Legal Task Force
Summary and Closing Remarks, Abbie Barbir, PhD.
ITU-T workshop "New challenges for telecommunication security standardizations", Geneva, 9-10 February 2009.
- Session 1 presented networks, users, services and information as protected objects.
- Session 6 presented Identity Service which address current key challenges of identity management and its global vision in the future. This session also discussed standardization activities in this area in order to identify the future standardization work in ITU-T.
WTSA side event on cybersecurity was convened to address the global concern of security in information and communication technologies (ICT), as well as providing a high-level overview of the subject, Johannesburg, 23 October 2008.
Richard Brackney, ITU-T JCA-IdM Co-Convener, Identity Management (IdM)
Heung Youl Youm, Korea, Korea Perspective on Standardization for PI/PII/LI Protection
Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and FIDIS (Future of Identity in the Information Society) Workshop on Identity Management Standards, Lucerne, 30 September 2007.
See ITU-T / ISO/IEC JTC 1/SC 27 Workshop on identity management.
ITU-T Workshop on Digital Identity for NGN , Geneva, 5 December 2006. See ITU-T Workshop on Digital Identity for NGN.
Identity Management Focus Group Deliverables:
Cross Study Group efforts: