Committed to connecting the world


ITU-T Recommendations

Search by number:
Skip Navigation Links
Content search
Advanced search
Provisional name
ISO/IEC number
Formal description
Study Groups tree viewExpand Study Groups tree view

ITU-T X.1258 (09/2016)

عربي | 中文 | English | Español | Français | Русский
Enhanced entity authentication based on aggregated attributes
Aggregating attributes from multiple attribute authorities may be needed in order to enable a relying party to enhance its trust in the identity of a party. The aggregation can be regarded as having to deal with a collection of globally unique identifiers, which is common across all attribute authorities. Practically, entities do not have a global identifier but have different entity identifiers and attributes assigned by their various identity service providers (IdSPs).

To address the attribute aggregating problem in this scenario, the concept of identity federation is used. For example, if an e-book store plans to have a sale for seniors, the store has to be given the aggregated set of attributes (credit card and age bracket) from two IdSPs, but without the IdSPs knowing about each other's involvement. In standard federated identity management, an entity can only provide attributes from one identity, but this transaction requires attributes from two. There are several identity federation methods such as security assertion markup language (SAML), Shibboleth [b-Shibboleth], open identity (OpenID), and open authentication (OAuth), etc.

Recommendation ITU-T X.1258 introduces the concept of attribute aggregation to allow an entity to aggregate attributes from multiple IdSPs. Attribute aggregation is the mechanism of collecting attributes of an entity retrieved from multiple identity service providers. Attribute aggregation is needed to aggregate the attributes dynamically on demand. IdSP can realize the aggregation request when an entity wants to get a service. Further on, an entity-centric attribute aggregation mechanism could also be applied to the authentication for mitigating privacy leakage.
Approval date: 2016-09-07
Provisional name:X.eaaa
Approval process:TAP
Status: In force
Maintenance responsibility: ITU-T Study Group 17
Further details: Patent statement(s)
Development history
Ed. ITU-T Recommendation Status Summary Table of Contents Download
1 X.1258 (09/2016) In force