|
Speaker: |
Susumu YONEDA, Softbank Telecom Corp. |
|
Session: |
1 - Why do Operators need Digital Identities? |
Title of Presentation: Network ID Management and ICT Platform
In this presentation, the concept and work of Network ID are briefly
introduced. Network ID management based on ICT platform is discussed,
and this type of platform service could be one of future business
extensions for operators. In particular, for public network and
platform, ITU as well as operators would have a significant role. |
|
|
|
Speaker: |
Sangrae CHO, ETRI |
|
Session: |
1 - Why do Operators need Digital Identities? |
Title of Presentation: Present and Future Trend of Digital Identity
Technology in Korea
In this presentation, we will briefly explain how digital identity
technology in Korea started in the first place, how it has been evolved
over the past several years and where it is actually heading for right
now. In the beginning, we will explain that what kind of problems we
have tried to solve using digital identity management technology and how
we have utilized existing standards and technologies of digital identity
to develop new set of digital identity management solutions. After that,
we will present two cases that how the developed digital identity
technologies have been applied for the real world solutions. Towards the
end, we will suggest what kind of digital identity technology is best
suitable for next generation network. |
|
|
|
Speaker: |
Jiwei WEI, Huawei |
|
Session: |
2 - Approaches to Digital Identities in NGN |
Title of Presentation: Digital Identity Management Towards Ultimate Network Security
Using digital identifiers for trace back to an network attacker maybe
the last solution for information and network security in the cyber
world. A digital identity management meta-infrastructure, which provides
management of miscellaneous digital identifiers including both
users/persons and devices/entities in the telecommunications network,
can be an analog to the identity card system in the real world which is
the infrastructure for the public security applying to all people in a
country despite their occupation, sex, age, social roles, business etc.
These slides briefly give description of security threats to the
legitimate Internet and telecommunication networks, summarize possible
countermeasure technologies from traditional Firewalls, Intrusion
Detection System (IDS) to the latest security mechanisms employed in
large scale network such as NGN or 3G networks. In the description,
there is point of view on how the various identifiers play an
fundamental role in these security techniques. Through above analysis,
we try further to formation the concept of the future digital identity
management meta-infrastructure for network security. |
|
|
|
Speaker: |
Hemma PRAFULLCHANDRA, VeriSign Inc |
|
Session: |
3 - Bridging the Digital Identities Gap from Enterprise/Internet
Applications to Networks |
Title of
Presentation: Identity Management Eco-system: Requirements for the
Youth
In this era of "Any":
- ANY time (information/content is always available)
- ANY where (being able to access from anywhere - mobility)
- With ANY device (PC, handheld, TV, …)
- Across ANY network (internet, wireless, broadband)
- For Any Me (support various Lifestyles and personal
preferences)
It is critical that Users have control over their Identity and
Profile information, from what it is to how it is being protected to
who has access. But, the Youth today have different expectations and
clearly behaviors and characteristics from that of the current and
past generations.
In this session we cover the trends of the Youth in this “Any” era
and describe the requirements of an identity and profile management
system. As Internet/Mobile applications continue to evolve toward
content personalization, social networks and citizen’s media, there
is a growing need for lightweight, flexible identity frameworks that
can integrate and unify user experiences and applications.
We will briefly touch on one framework that provides a solid
foundation to addressing the identified requirements. |
|
|
|
Speaker: |
Anthony NADALIN, IBM |
|
Session: |
3 - Bridging the Digital Identities Gap from Enterprise/Internet
Applications to Networks |
Title of
Presentation: Enabling productivity, interoperability, and new end
user experiences by integrating identity, profile, and relationship
data
The future of identity management is heavily influenced by the
user-centricity paradigm and the need for electronic identification
in a plethora of environments which means that identity management
will be driven by the client side. Due to the plethora of
environments there will be a need for integration of traditional
identity management systems, user-centric ones, and privacy-enhanced
identity management. This will involve cross-system delegation,
revocation, reputation, etc. |
|
|
|
Speaker: |
Göran SELANDER, Ericsson Research |
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of
Presentation: Securing Management and Interaction of Nodes and
Networks using Cryptographic Identifiers
Public key certificates are commonly used to assert an identity or
an attribute of the owner of a cryptographic public key. The signer
of the certificate provides an alternative trusted party, if the
asserted public key is not known to be trusted, but it does not
replace the trust assumption – it just shifts it from one public key
to another. In several protocols and applications, public keys (or
functions thereof) can be directly used as identifiers of users or
devices, e.g. PGP, SSH, HIP. In the Ambient Networks project we
employ cryptographic identifiers to nodes and networks/domains i.e.
groups of nodes with a common authority and a specified security
policy.
The use of cryptographic network IDs provides a natural and secure
handle for interaction between personal and/or enterprise networks,
to secure advertisement and discovery and for various aspects of
network management. |
|
|
|
Speaker: |
Jan CAMENISH, IBM Research Zurich |
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of
Presentation: PRIME: Privacy and Identity Management for Europe
All social and economic interactions between human beings in modern
civilization require the exchange of some personal data. The
decision what data to make available is made intuitively in normal
life, so for instance, the one of whether or not to state your name
when shaking hands.
In the online world, every person has to handle numerous accounts
and data sets. These so-called "partial identities" will
increasingly play a key role in future electronic services as well
as in public security (e.g., border controls). They may very well
convey sensitive personal data, such as patient health data,
employee data, credit card data, etc.
This talk reports on PRIME an EU funded project involving 20
partners form academia and industry. PRIME focuses on solutions for
privacy-enhancing identity management that supports end-users'
sovereignty over their private sphere and enterprises'
privacy-compliant data processing. PRIME also aims to develop a
working prototype of a privacy-enhancing Identity Management System.
To foster market adoption, novel solutions for managing identities
will be demonstrated in
challenging real-world scenarios, e.g., from Internet Communication,
Airline and Airport Passenger Processes, Location-Based Services and
Collaborative e-Learning.
http://www.prime-project.eu |
|
|
|
Speaker: |
Joao GIRAO & NEC Europe Ltd. (on behalf of the Daidalos Project),
|
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of
Presentation: Virtual Identities in a Heterogeneous Environment
The Internet is today’s most used tool for work and leisure.
Identity is no longer a matter of who you are but also of the use
you are giving to a service or even just network connection. As a
result, the unprepared architectures of today need to support users
at service level and usually tend to create situations where the
privacy of the user is in danger. Our proposal is that the user’s
real identity is never revealed to the network. Instead, the users’
interests and personalities are split and never intersected by the
architecture, providing a framework in which the users’ control on
their information is predominant. The Virtual Identity framework has
as its main objectives the privacy of the users’ data, the
unification and uniformity of how the users’ data is accessed and
the vertical approach to identity in network architectures. |
|
|
|
Speaker: |
Elisa BERTINO,
Purdue University, West Lafayette IN, USA |
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of
Presentation: Digital Identity Management – Techniques and Policies
Digital identity corresponds to the electronic information
associated generally with an individual in a particular identity
system. Identity systems are used by online service providers to
authenticate and authorize users to services protected by access
policies. Having good identity systems can enable individuals to use
effectively and extensively electronic transactions in a secure yet
privacy preserving manner. With the advent of distributed computing
models such as web services, the current trend is to focus on
inter-organization and inter-dependent management of identity
information, rather than identity management solutions for internal
use. This is referred to as federated identity management.
In this talk we first present an overview of the Federated Digital
Identity Management (FDIM) project funded by the US NSF and current
underway at the Center for Education and Research in Information
Assurance and Security (CERIAS) of Purdue University. We then
illustrate selected results from the project, including: (a) an
approach to the verification of identity attributes based on the
notion of multi-factor verification; (b) the notion of
authentication policies based on multiple factors and quality-based
authentication; (c) policies for the management of digital identity
in federated organizations. |
|
|
|
Speaker: |
Hidehito GOMI,
NEC Corporation |
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of
Presentation: Identity Convergence for NGN Platform and Business
Today digital identities of users are managed at different platforms
independently in different security domains on the Internet, which
causes "identity fragmentation". This problem leads users to have
their inconvenient and inconsistent experience when they enjoy
IT/network services.
In this presentation, we explain an identity management framework
for NGN, and introduce a concept "identity convergence" that builds
bridges between isolated user identities on different platforms and
filters identity information when crossing the bridges. This concept
enables identity management requirements crucial for NGN services in
order to solve the above fragmentation problem.
We then describe several fundamental technologies as instances for
enabling identity convergence. Finally we explain some expectation
that identity convergence will enable the orchestration of multiple
services publicized by operators or 3rd party providers and that the
orchestrated services will bring about tremendous value and profits
for NGN business. |
|
|
|
Speaker: |
David-Olivier JAQUET-CHIFFELLE,
Prof. Dr., VIP, University of Applied Sciences of Bern and ESC, University of Lausanne |
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of
Presentation: FIDIS, a FP6 European Network of Excellence, “Future
of Identity in the Information Society”
The European Information Society (EIS) requires technologies which
address trust and security yet also preserve the privacy of
individuals. As the EIS develops, the increasingly digital
representation of personal characteristics changes our way of
identifying individuals. Supplementary digital identities, so-called
virtual identities, embodying concepts such as pseudonymity and
anonymity, are being created for security, profit, convenience or
even for fun. These new identities are feeding back into the world
of social and business affairs, offering a mix of plural identities
and challenging traditional notions of identity. At the same time,
European states manage identities in very different ways. FIDIS
objectives are shaping the requirements for the future management of
identity in the EIS and contributing to the technologies and
infrastructures needed.
As a multidisciplinary and multinational NoE FIDIS, appropriately,
comprises different country research experiences with heterogeneous
focuses, and integrates European expertise around a common set of
activities. Additionally, all relevant stakeholders are addressed to
ensure that the requirements are considered from different levels.
FIDIS overcomes the extreme fragmentation of research into the
future of identity by consolidating and fostering joint research in
this area. Research results will be made accessible to European
citizens, researchers and in particular to SMEs. |
|
|
|
Speaker: |
Dimitris M. KYRIAZANOS,
PhD Student, National Technical University of Athens |
|
Session: |
4 - Projects on Digital Identities for Next Generation Networks |
Title of Presentation: MAGNET identity management proposal for Personal
Networks
Identity management is the complex process that ensures secure creation,
storage, exchange and update of digital identity, as defined in [Camp
2004]. In its simplest form, identity management involves secure
consolidation, management and exchange of user identity information also
known as digital identity, discussed below, enabling accurate, reliable
and secure services provided to clients over a distributed network
architecture. The aim of Identity Management in MAGNET Beyond is to come
out with a universal framework, encompassing all access control aspects
(authentication, authorization and accountability) while preserving user
privacy. These two requirements are usually antagonist, that’s why the
framework described below is a trade-off between both. |
|
|
|
Speaker: |
Mike PLUKE, ETSI Specialist Task Force STF302 |
|
Session: |
5 - Standards Activities on Digital Identities |
Title of Presentation: The Universal Communications Identifier (UCI) –
Trusted, meaningful identification
Current identifiers attempt to:
-
identify the end-points between which communication systems provide
service;
-
be meaningful to end-users so that they can identify the source of
incoming communications (e.g. email addresses) or confirm the identity
of remote end-points (e.g. urls).
Failure to satisfy the first function results in system failure and no
service to end-users. To ensure that this can't happen, precise rules
about communication identifier content and formatting have to be
enforced.
Current identifiers use either wholly numeric schemes (e.g. E.164
telephone numbers) or alphanumeric schemes using Latin alphabets (e.g.
current e-mail addresses). With the growth of ICT markets in countries
that don't use either Latin alphabets or scripts, having a single
communication identifier properly perform both of the above functions
becomes impossible.
ETSI's Universal Communications Identifier (UCI) uses two separate
entities each optimized for one of the above identification functions.
Traditional identifiers are bound to communication services (e.g. E.164
numbers to telephony services and e-mail addresses to e-mail service
providers). UCIs are bound to Personal User Agents (PUAs) that negotiate
with other PUAs to deliver communication services configured to the
needs of both parties.
With UCI, people can exert fine control over how they handle unsolicited
communication. |
|
|
|
Speaker: |
Hal LOCKHART, OASIS |
|
Session: |
5 - Standards Activities on Digital Identities |
Title of
Presentation: Federated Identity Standards at OASIS
A number of technical committees at OASIS have developed
specifications relevant to Digital Identity in general and Identity
Federation in particular. This presentation briefly overviews their
functional capabilities and current state of standardization. The
Security Assertion Markup Language (SAML) Version 2.0 will be
described as well as its relationship to the eXtensible Access
Control Markup Language (XACML) Version 2.0 and Web Services
Security version 1.1. The functional capabilities of the Service
Provisioning Markup Language (SPML) Version 2.0 will also be
described. Related and currently ongoing work in Web Services
security, including WS-SecureConversation and WS- Trust will also be
discussed. |
|
|
|
Speaker: |
Dr. Hellmuth Broda, CTO Global Government Strategy, Sun Microsystems Inc. |
|
Session: |
5 - Standards Activities on Digital Identities |
Title of Presentation: Privacy, Security, and Trust with Federated
Identity Management
Today the public and private sector are facing new challenges from
demands regarding security, compliance and privacy. Simultaneously
demands for an open and communicative information infrastructure have to
be met and will give rise to new opportunities and business models. The
paper will discuss how professional Identity Management is the
prerequisite for solving these issues.
An open federated approach for Network Identity and Trust Management
that would also guarantee privacy and security of the consumer's
information could help the public to gain trust into these systems and
finally increase the acceptance for network delivered services.
The Liberty Alliance (http://www.projectliberty.org), a large
multi-industry business alliance covering the public and private sector
with over 150 members has been defining such interoperability
specifications and standards. The goals and workings of the alliance
will be presented as well as the advantages of a membership. Such an
identity/authentication/authorization framework will help meet the
demands outlined aboce and create new business opportunities. |
|
|
|
Speaker: |
Pierre-André PROBST, |
|
Session: |
5 - Standards Activities on Digital Identities |
Title of Presentation: JCA-NID: an ITU-T initiative towards Global Standards on Network Aspects of Identification systems
Within ITU-T, since 2005 several Study Groups has started to work on
network aspects of identification systems within their mandates.
In parallel, under the Technology Watch initiative, a correspondence
group of TSAG investigated the network aspects on identification systems
based on RFID technology and their impact on ITU-T standardization work.
A comprehensive analysis of business models and service scenarios has
been performed and proposals for an ITU-T strategy in this area were
developed by this group.
Recognizing the complexity of the issues to to be addressed and the fact
that a large number of key players are already developing standards,
TSAG created in July 2005 a Joint Coordination Activity on NID (JCA-NID).
The overall objective is to coordinate the work in and outside ITU-T. In
addition, it has also been recognized that a generic approach to the
standardization of network aspects of identification systems is
necessary, since RFID represents one technology among others.
After a short history of the work in ITU-T, the presentation will
describe how the JCA-NID intends to perform his coordination task and
will give an update of the present and future activities of the JCA-NID. |
|
|
|
Speaker: |
Marco CARUGI, Nortel |
|
Session: |
5 - Standards Activities on Digital Identities |
Title of Presentation: Identity Requirements in NGN: overview of ITU-T
NGN GSI related work
The presentation will provide an overview of the ongoing work inside
ITU-T NGN GSI (SG13 in particular) in the area of Identification
requirements and Identity Management.
Q.2/13, dealing with requirements, services and implementation scenarios
in NGN environment, has developed high-level requirements and
capabilities for NGN Release 1 (Y.2201, determined in July 2006).
Q.15/13, dealing with NGN security, has ongoing work on Identity
Management Security (draft recommendation Y.IdMsec).
NOTE: some backup material of this presentation provides the current NGN
deliverable status inside ITU-T NGN GSI (SG13). |
|
|
|
Speaker: |
Abbie BABIR, ETSI Specialist Task Force STF302 |
|
Session: |
5 - Standards Activities on Digital Identities |
Title of Presentation: A Review of Security Activities in ITU-T SG 17
The talk will provide an overview of security activities at the ITU-T SG
17 and pinpoints the important role that SG 17 play as the lead study
group in the security area. The role of SG 17 in coordination and
prioritization of security efforts across all study groups is discussed.
The talk emphasizes the crucial role of SG 17 in the development of core
security Recommendations to be used by other groups. The need of
collaboration with other standardization bodies in the Identity
Management and other security areas is discussed. |
