Committed to connecting the world

PP-18 coneference

Part 6: Identity Management (IdM) Landscape: IdM standards, organizations and gap analysis

This part of the roadmap provides information about identity management-related activities and documents from the ITU-T and from other standard organizations. Information is organized to reflect the activities, the resulting products and the various stages of development. The overall objective is to enable users of this part of the Roadmap to gain a thorough understanding of the IdM work by providing a comprehensive overview of the requirements driving the activities as well as by identifying the organizations involved, their inter-relationships and the status of their work.

This part of the Roadmap contains information that is relatively stable and that has been edited and structured as described below. This information is complemented by an IdM Landscape wiki page that contains the latest articles, updates and miscellaneous relevant information that has been posted by participating experts.

Access to the wiki article creation page is restricted to authorized users.

The identity management work of ATIS, ETSI, IETF, ISO/IEC, ITU, NIST, OASIS, Kantara Initiative and 3GPP is currently included in this part of the Roadmap. Further expansion to other organizations is anticipated as data is made available.

Summaries of the IdM standards work in progress are included below by identifying the respective organizations and their overall work programs. (The actual standards are listed in Part 2 of the roadmap using a fairly simple classification scheme.) In addition, this part of the Roadmap includes a section devoted to the very important topic of security definitions. In general, information in the body of the roadmap is in the form of brief summaries and headings; more detailed information may be obtained by following the hot links.

1. Key international and regional IdM standards development and deployment activities

 

Identity Management work in ITU-T is concentrated in two Study Groups: SG 17, which has been designated the Lead Study Group on Identity Management, and SG13, where some IdM work related to NGN networks has been completed.

SG 17 (Security)

In SG 17, identity management work is the primary Identity management architecture and mechanisms). The following work has been completed:foucs of Question 10 (

X.1250: Baseline capabilities for enhanced global identity management and interoperability

X.1251: A framework for user control of digital identity

X.1252: Baseline identity management terms and definitions

X.1253: Security guidelines for identity management systems

X.1254: Entity Authentication Assurance Framework (not yet published)

X.1261: Extended validation certificate (EVcert) framework (not yet published)

X.Sup7: Supplement on overview of identity management in the context of cybersecurity

Work in progress includes:

X.atag: Attribute Aggregation Framework

X.authi: Authentication integration in identity management

X.discovery: Discovery of identity management information

X.giim: Generic identity management interoperability mechanisms

X.idmcc: Requirement of IdM in cloud computing

X.idmgen: Generic identity management framework

X.idm-ifa: Framework architecture for interoperable identity management systems

X.mob: Baseline capabilities and mechanisms of identity management for mobile applications and environment

X.oitf: Open identity trust framework

X.priva: Criteria for assessing the level of protection for personally identifiable information in identity management

SG 13 (Future Networks)

In SG 13, identity management work is undertaken by Question 16 (Security and identity management). The following work has been completed:

Y.2720: NGN identity management framework

Y.2721: NGN identity management requirements and use cases

Y.2722: NGN identity management mechanisms

 

Industry Specification Group (ISG) on Identity and Access Management

Completed Work Items:

ETSI GS INS 001 v1.1.1 (2011-03), IdM Inter-operability between Operators or ISPs with Enterprise

ETSI GS INS 002 v1.1.1 (2010-09), Identity and Access Management for Networks and Services; Distributed Access Control for Telecommunications; Use Cases and Requirements

ETSI GS INS 003 v1.1.1 (2010-11), Identity and Access Management for Networks and Services; Distributed User Profile Management; Using Network Operator as Identity Broker

ETSI GS INS 004 v1.1.1 (2010-11), Identity and Access Management for Networks and Services; Dynamic federation negotiation and trust management in IdM systems

ETSI GS INS 005 v1.1.1 (2011-03),Identity and Access Management for Networks and Services;Requirements of an Enforcement Framework in a Distributed Environment

ETSI GS INS 006 v1.1.1 (2011-11), Identity and Access Management for Networks and Services; Study to Identify the need for a Global, Distributed Discovery Mechanism

Work in progress:

User Consent for Access and/or Exchange of Identity Attributes

Architecture of a Distributed Access Control Enforcement Framework

Security and privacy requirements for distributed network monitoring

New Work Item:

Requirements for a Global, Distributed Discovery Mechanism

 

http://kantarainitiative.org/

The Kantara Initiative was announced on April 20, 2009, by leaders of several foundations and associations working on various aspects of digital identity, aka “the Venn of Identity”. It is intended to be a robust and well-funded focal point for collaboration to address the issues across the identity management community: Interoperability and compliance testing; Identity assurance; Policy and legal issues; Privacy; Ownership and liability; UX and usability; Cross-community coordination and collaboration; Education and outreach; Market research; Use cases and requirements; Harmonization; and tool development.

The Kantara Initiative’s mission is to foster identity community harmonization, interoperability, innovation, and broad adoption through the development of open identity specifications, operational frameworks, education programs, deployment and usage best practices for privacy-respecting, secure access to online services.

Main activities within Kantara Initiative

Business Cases for Trusted Federations DG

The purpose of this discussion group is to identify and raise awareness of business cases around the deployment and adoption of federation models and systems – particularly the trust framework model.

This group will gather input from international stakeholders specifically, actors from within vertical and jurisdictional communities of trust with the purpose of allowing participants to share information about successful and challenging experiences with specific focus on the business drivers and motivations for deploying federations and the trust framework model.

Consumer Identity Work Group

The purpose of the Consumer Identity WG is to foster the development of a consumer-friendly, privacy-protecting, high assurance “identity layer” for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft. The WG addresses this goal by proposing technical and policy solutions that address current threats to privacy and identity, and socializes these solutions with appropriate parties to help foster their implementation. Specifically, the WG will create several whitepapers, and possibly other requirements or recommendations, to describe how emerging identity technologies, protocols, frameworks, laws and regulations, etc., can be leveraged to: (a) enable businesses to know, with high confidence, the identities of individual consumers with whom it engages in high-value online transactions, without jeopardizing the privacy of the consumer’s Personally Identifiable Information (PII); and (b) enable individual consumers to prevent others from impersonating them in high-value, online transactions.

The eGovernment Work Group

The purpose of the eGovernment work group is:

- Facilitating collaboration and discussion among Kantara members with an interest in eGovernment identity management applications and services.

- Acting as a forum to discuss best practices by government organizations on national, regional and municipal levels.

- Presenting "a government view" into other Kantara Initiative Work Groups so that these views may be taken into account in the development of Kantara Initiative policy recommendations and specifications for future contribution to an appropriate Standards Setting Organization.

- Promoting the development, adoption and support for eGovernment deployment profiles of open specifications.

European Use Case and Market Discussion Group

The purpose of this discussion group is to identify and raise awareness of use cases around the deployment and adoption of European models and systems – particularly the trust framework model.

This group will gather input from International stakeholders —specifically, actors from within vertical and jurisdictional communities of trust— with the purpose of allowing participants to share information about successful and challenging experiences with specific focus on the use cases for deploying European and the trust framework models.

Federation Interoperability Work Group

The purpose of the Federation Interoperability Work Group is to profile existing specifications to define an interoperable trust infrastructure for use by parties participating in trust frameworks. This will allow entities to determine the certification status and configuration parameters of entities outside of their local federation.

Healthcare Identity Assurance Work Group

The Healthcare Identity Assurance Work Group will design, implement and test reference applications for secure access to health information. Two use cases are proposed that would be developed and supported as part of the work group. One is for consumers to be able to access their health records with a standardized login system, and secondly, a way for healthcare workers to access secure health information. The goal of this activity is to engage the broadest community participation to facilitate the adoption of the reference implementations and specifications by the healthcare industry, worldwide.

Identity and Access Services Work Group

Organizations recognize the need for the unambiguous expression of identity. Identity can represent a physical individual, a collection of individuals, a logical entity, a resource or a capability. Identity is a fundamental element for establishing and maintaining business relationships, and for describing the credentials, capabilities, and responsibilities of parties to a relationship.

The principal business problem that drove the formation of the original Identity Services Working Group (under the auspices of Burton Group) is the difficulty companies face when integrating vendor IdM products with their existing infrastructure and, increasingly, in integrating vendor products themselves. As vendors continue to add to their IdM suites, integration between products is a challenge of increasing concern to organizations.

Identity Assurance Work Group

The Identity Assurance Work Group (IAWG) has been formed within the Kantara Initiative to foster the adoption of trusted on-line identity services. To advance this goal, the IAWG will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far. The first step will be development of a global standard framework and the necessary support programs for assessing identity service providers (IdSPs) against criteria that determine the level of assurance that a relying party (RP) may assume in evaluating identity claims provided by those IdSPs. The framework and processes will be defined in a way that scales, empowers business processes and benefits individual users of identity assurance services.

The framework will be the basis upon which IdSPs, RPs and their services can be certified as compliant with common policies, business rules and baseline commercial terms, avoiding redundant compliance efforts and market confusion about the substance and value of identity assurance delivered.

ID-WSF Evolution Work Group

The ID-WSF Evolution Work Group will work to continue the development of the Liberty Alliance ID-WSF Specification Set – such evolution ultimately manifested as a submission of relevant technical work to an appropriate SSO for standardization. Evolution of the ID-WSF Specification Set may include functionality to address new use cases, additional bindings beyond SOAP, or profiling of other technical specifications to increase harmonization.

Information Sharing Work Group

The goal of this working group is to identify and document the use cases and scenarios that illustrate the various sub-sets of user driven information, the benefits therein, and to specify the policy and technology enablers that should be put in place to enable this information to flow.

Project VRM and other related parties wish to build a framework around which a new type of personal information can be enabled to flow, and in doing so improve the relationship between demand and supply. The contention is that when individuals are forced to sign organization-centric privacy policies/ terms of use then this places limitations on the information that will be shared. If such constraints were removed, and capabilities built on the side of the individual, then new, rich information will flow – including actual demand data (as opposed to derived/ predicted demand).

Interoperability Work Group

The Interoperability Work Group (IOPWG) serves to support the Kantara Initiative interoperability program through the development of test procedures used by the Interoperability Review Board, regardless of protocol. IOPWG will work closely with the Interoperability Review Board (IRB) . The IRB is the Board of Trustees (BoT) sub-committee responsible for member oversight of the interoperability program. In addition, the IOPWG will make resources available to provide expertise and “technical support” to the IRB during the course of any given Kantara Initiative interoperability event for the purpose of assisting the IRB in its resolution of conflicts of protocol interpretation that may arise among test participants.

Japan Work Group

The Japan Work Group is responsible for:

Promoting the education and adoption of Kantara Initiative deliverables in the Japanese market and government.

Generating best practice guidelines, suggestions and technical recommendations that feed into appropriate Kantara Initiative Work Groups (WGs) to make Kantara Initiative deliverables better suited to thrive in the Japanese market environment.

Liberty Specification Maintenance Work Group

The ultimate goal of the Liberty Specification Work Group is to maintain the Liberty ID-FF, ID-SIS and IGF specifications such that they are a ubiquitous, interoperable, privacy-respecting Identity Layer for the Internet.

Open Source Support Initiative Work Group

This workgroup is responsible for promoting the functional open source implementations related to digital identity management and the associated paradigms (e.g., privacy and trust). The workgroup will also collect expectations and recommendations around open source, especially from other Kantara workgroups as the eGovernment and Telecommunications Identity Work Groups. Finally, the workgroup will highlight the missing open source implementations the most needed.

Privacy and Public Policy Work Group

Privacy, and the policy decisions which affect it, are increasingly a core theme of digital identity-related work. The Privacy and Public Policy (P3) Work Group is intended to ensure that the Kantara Initiative (“Kantara”) contributes to better privacy outcomes for users, data custodians and other stakeholders, by defining privacy-related principles and good practice applicable to a broad range of prevalent technology platforms.

Telecommunications Identity Work Group

The ultimate goal of the Telecommunications Identity Work Group (TIWG or TelcoID WG) is to help reconcile fragmented efforts in the telco specifications development area and in the telco marketplace regarding identity management. In order to achieve that, it will act as a forum to facilitate the dialog between Kantara Initiative and the telco industry sector. Additionally, the group will produce telco specific technical material on top of Kantara Initiative specifications as necessary to ensure proper implementation of suitable Kantara Initiative technologies in a telco infrastructure.

Universal Login Experience Work Group

Try to establish a universal SSO method in consideration of the existing IdM technology.

 

Under the Systems and Emerging Technologies Security Research grouping, NIST has established a program on Personal Identity Verification of Federal Employees and Contractors.

Three technical publications have been developed:

NIST Special Publication 800-73, "Interfaces for Personal Identity Verification" specifies the interface and data elements of the PIV card.

NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification" specifies the technical acquisition and formatting requirements for biometric data of the PIV system.

NIST Special Publication 800-78, "Cryptographic Algorithms and Key Sizes for Personal Identity Verification" specifies the acceptable cryptographic algorithms and key sizes to be implemented and used for the PIV system.

For the latest versions and revisions of the above NIST publications please see http://csrc.nist.gov/publications/PubsSPs.html.

 

http://openidentityexchange.org/

The goal of OIX is to build trust in the exchange of identity credentials online. Specific bjectives are to:

- Standardize identity interactions;

- Eliminate the need for pairwise legal agreements;

- Reduce the friction of logins, registrations, purchases, and other online activities; and

- Increase confidence in online identity infrastructure.

Main Activities within OIX

US ICAM Trust Framework Working Group

OIX launched the US ICAM Trust Framework for Level of Assurance 1 (LOA 1) on March 3, 2010 as the first trust framework provider to meet the requirements set forth by the U.S. Identity, Credential, and Access Management (ICAM) Committee as administered by the U.S. General Services Administration (GSA). This trust framework is enabling the American public to participate in open, transparent and participatory government while maintaining full control of how much or how little personal information they share with federal websites. The OIX U.S. ICAM Working Group is chartered to draft OIX US ICAM Trust Framework specification for LOA 2 and Non-PKI 3.

View the charter.

Telecom Data Trust Framework Working Group

The Telecom Data working group will develop a trust framework that will allow commerce providers, like retailers and View the charter

Legal Analysis Working Group

The Legal Analysis Working Group will focus on legal issues related to trust frameworks, including contractual relationships, levels of assurance, levels of protection, the "ecosystem of liabilities", etc. etailers, to obtain or verify identity information without interfering in the relationship between a subscriber and a Telecom Service Provider. It will provide a secure and controlled solution for how a telephone number may be used to access identification information while holding private subscriber data “in trust”.

View the charter.

Federated Social Web Community Group

The Federated Social Web Community Group

is a continuation work of the W3C Federated Social Web Incubator Group.

The Incubator Group has published a report

A Standards-based, Open and Privacy-aware Social We

WebID Community Group

The WebID Community Group is a continuation work of the WebID Incubator Group.The Community Group will continue development of a specification for the WebID protocol, build test suites, document use case, issues, and grow the community of implementations.

The final report of the Identity in the Browser Workshop

(24-25th May 2011, Mountain View, USA) is now available.

 

3GPP Study items on IdM

3GPP TR 33.980: “Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Service Framework (ID-WSF) and the Generic Authentication Architecture (GAA)”.

This document provides guidelines on the interworking of the Generic Authentication Architecture (GAA) and the Liberty Alliance architecture. This document is applicable only if Liberty Alliance and GBA or SAML v2.0 and GBA are used in combination.

3GPP TR 33.924: “Identity management and 3GPP security interworking;

Identity management and Generic Authentication Architecture (GAA) interworking”

The objective of this work is to extend the current identity management as outlined in TS 33.220, TS 33.222, TS 29.109 and TR 33.980 with the latest developments on identity management outside of the 3GPP sphere. This will allow a better integration and usage of identity management for services in 3GPP and seamless integration with existing services that are not standardized in 3GPP. This report outlines the interworking of GBA and OpenID.

Single Sign On (SSO) Application Security for IMS - based on SIP Digest

This Study Item aims to investigate interworking of the operator-centric identity management with the user-centric Web services provided outside of an operator’s domain. Specifically, it addresses integration of SSO and the 3GPP services, which is essential for operators to leverage their assets and their customers’ trust, while introducing new identity services. Such integration will allow operators to become SSO providers by re-using the existing authentication mechanisms in which an end-user’s device effectively authenticates the end user.

2. Gap analysis on IdM standard development activities

In the existing IdM standardisation efforts there appear to be two clear trends. One trend is the drive for federation and interoperability, mainly pushed by the Liberty Alliance and OASIS. The efforts in the standardisation of web services have matured quite well, primarily through the work of Liberty Alliance but also through the OASIS work. The development of federation standards for the general information system sector and the telecom sector is included in current and planned work of both ITU-T and ISO/IEC. The big issue associated with federation is interoperability and harmonisation of the different federation stands and solutions. The second trend is the drift from standards for organisation-centric identity management systems towards a more deliberate suit of standards trying to find a reasonable balance between end users need for security and privacy and the organisation or business needs for security and information.

3. Approved IdM standards

Approved and published IdM standards are included in the database of standards included in Part 2 of this Roadmap.

Recent developments in IdM standards are addressed in the IdM landscape wiki

which contains informal and evolving information as well as in Part 3 of this Roadmap under the Programs of Work of the various standards bodies.

4. Best practices

ENISA

Mobile identity management

This position paper reports on information security risks and best-practice in the area of Mobile Identity Management (Mobile IDM). It also provides recommendations of systems, protocols and/or approaches to address these challenges.

5. Identity management in cloud computing

Proposed security assessment and authorization for U.S. Government cloud computing

OASIS Identity in the Cloud

6. National identity management strategies

National strategy for trusted identities in cyberspace draft (U.S)Cyberspace policy review: Assuring a trusted and resilient information (U.S) and Communications Infrastructure

Open Identity Exchange (U.S)

7. Other relevant IdM activities and papers

EU 7th Research Framework Program (FP7), Trust & Security Program Projects

Trustworthy network infrastructures

PRIvacy-aware Secure Monitoring

The Goal of the PRISM project is to devise network monitoring technologies and architectures, which guarantee enforcement of data protection legislation. This will be accomplished through the specification, design, implementation and validation of a two-tiered network monitoring system. The overall work plan of PRISM is structured into 4 work-package grou

SWIFT

SWIFT (Secure Widespread Identities for Federated Telecommunications) is a European Union funded project of the 7th Framework Programme. The project leverages identity technology as a key to integrate service and transport infrastructures for the benefit of users and the providers. It focuses on extending identity functions and federation to the network while addressing usability and privacy concerns.

Research activities in trustworthy and secure service infrastructures

AVANTSSAR

AVANTSSAR proposes a rigorous technology for the formal specification and Automated VAlidatioN of Trust and Security of Service-oriented ARchitectures. This technology will be automated into an integrated toolset, the AVANTSSAR Validation Platform, tuned on relevant industrial case studies.

Advanced Security Service cERTificate for SOA

The ASSERT4SOA project is aimed at supporting new certification scenarios, where the security certification of services is required and plays a major role. Current certification schemes, however, are either insufficient in addressing the needs of such scenarios or not applicable at all. In current certification schemes, for instance, certificates are awarded to traditional, monolithic software systems and become invalid when a system performs run-time selection and composition of components. Also, current certificates lack a machine-readable format for expressing security properties. Thus, they cannot be used to support and automate run-time security assessment. As a result, today’s certification schemes simply do not provide, from an end-user perspective, a reliable way to assess the trustworthiness of a composite application in the context where (and at the time when) it will be actually execut

ed.

MASTER

MASTER will provide methodologies and infrastructure that facilitate monitoring, enforcement, and auditing of security compliance, especially where highly dynamic service oriented architectures are used to support business process enactment in single, multi-domain, and iterated contexts. MASTER focus on the regulatory requirements related to IT support of application of security policies to business processes in organizations. From the view point of regulatory compliance, MASTER brings added value in two main respects. Firstly, it provides an approach to implementation and maintence of auditable provisions to achieve and assure compliance with a set of regulatory requirements. Secondly, it provides a concrete implementation of this approach, specifically to service oriented systems.

TAS3

The TAS³ Integrated Project (Trusted Architecture for Securely Shared Services) aims to have a European- wide impact on services based upon personal information, which is typically generated over a human lifetime and therefore is collected & stored at distributed locations and used in a multitude of business processes.TAS³ will advance the Science & Technology in several sub-topical area’s but at the same time will integrate the different components (mostly being developed in their own work package) into one dependable Trust & Security Architecture which in the end intends to offer a safe and dependable business processes environment for exchanging personal identifiable information.

Privacy protecting platforms and user-controlled identity management

ABC4Trust

The goal of ABC4Trust is to address the federation and interchangeability of technologies that support trustworthy yet privacy-preserving Attribute-based Credentials (Privacy-ABC).

Towards this goal, one of the main objectives of the project is to define a common, unified architecture for Privacy-ABC systems to allow comparing their respective features and combining them on common platforms. The first version of this architecture is described in the deliverable at hand. Its main contribution is the specification of the data artifacts exchanged between the implicated entities (i.e. issuer, user, verifier, revocation authority, etc.), in such a way that the underlying differences of concrete Privacy-ABC implementations are abstracted away through the definition of formats that can convey information independently from the mechanism-specific cryptographic data. It also defines all technology-agnostic components and corresponding APIs a system needs to implement in order to perform the corresponding operations, i.e. to process an obtained issuance/presentation policy, perform the selection of applicable credentials for a given policy or to trigger the mechanism-specific generation of the cryptographic evi

dence.

ENDORSE

ENDORSE is an EU funded project which is concerned with providing a Legal Technical Framework for Privacy Preserving Data Management. The output of the project will be an open source toolset to provide guarantees to Data Controllers as well as Data Subjects that personal data is being handled in legally compliant manner. The project will also produce a certification methodology to help increase trustworthiness in ICT products with respect to privacy and data protection.

The project comprises data protection legal experts, academic computer science partners, software implementors and interested industry players from Ireland, UK, The Netherlands, Spain, Austria and Italy.

GINI-SA 

GINI-SA is a Support Action driven by the vision of a Personalized Identity Management ecosystem where people will control their own Individual Digital Identity (INDI) space. Individual persons will have the ability to establish and manage personalized digital identities which they will own, linking them to verifiable and authoritative national data registries.

PICOS

PICOS aims to advance the state-of-the-art in technology that provide privacy and trust management features for complex community-supporting services, which are built on Next Generation Networks. Since February 2008, 11 partners from industry and academia of seven European countries research and develop towards an open, privacy-respecting, trust-enabling identity management platform that supports the provision of community services by mobile communication service providers.

PrimeLife

PrimeLife will resolve the core privacy and trust issues pertaining to these challenges. Its long-term vision is to counter the trend to life-long personal data trails without compromising on functionality. We will build upon and expand the sound foundation of the FP6 project PRIME that has shown privacy technologies can enable citizens to execute their legal rights to control personal information in on-line transactions.

PRIvacy-aware Secure Monitoring

The Goal of the PRISM project is to devise network monitoring technologies and architectures, which guarantee enforcement of data protection legislation. This will be accomplished through the specification, design, implementation and validation of a two-tiered network monitoring system. The overall work plan of PRISM is structured into 4 work-package groups.

SWIFT

SWIFT (Secure Widespread Identities for Federated Telecommunications) is a European Union funded project of the 7th Framework Programme. The project leverages identity technology as a key to integrate service and transport infrastructures for the benefit of users and the providers. It focuses on extending identity functions and federation to the network while addressing usability and privacy concerns.

Privacy-protecting biometric authentication schemes

TURBINE

TURBINE is a multi-disciplinary privacy enhancing technology project funded by FP7, combining innovative developments in cryptography and fingerprint biometrics. The project aims at providing highly reliable biometric 1:1 verifications, multi-vendor interoperability, and system security, while solving major issues related to privacy concerns associated to the use of biometrics for ID management. Its primary objective is to render this innovation commercially viable by demonstrating that the technology is sufficiently mature for deployment as a solution to large-scale eID requirements.

Understanding and managing the interactions and complexity of interdependent critical infrastructures

TCLOUDS

TCLOUDS puts its focus on privacy protection in cross-border infrastructures and on ensuring resilience against failures and attacks. TCLOUDS aims to build prototype internet-scale ICT infrastructure which allows virtualised computing, network and storage resources over the Internet to provide scalability and cost-efficiency.In prototype development, it is a priority to address the challenges of cross-border privacy, end-user usability, and acceptance that are essential for widespread acceptance of such an infrastructure.

Identity management in cloud computing IETF

Simple Cloud Identity Management

The Simple Cloud Identity Management (SCIM) specification is an IETF Informational draft that is designed to make managing user identity in cloud based applications and services easier. The specification suite seeks to build upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. It's intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols. In essence, make it fast, cheap, and easy to move users in to, out of, and around the cloud.

Bibliography

[b-JCA-IdM-039] JCA-IdM meeting doc, Introducing the Kantara Initiative

[b-JCA-IdM-044] JCA-IdM meeting doc, Response to "Liaison statement on the need for a roadmap for IdM activities within ITU-T and other organizations"

[b-JCA-IdM-048]JCA-IdM meeting doc, Working Group 5 Identity Management & Privacy Technologies within SC 27 – IT Security Techniques

[b-JCA-IdM-100R1]JCA-IdM meeting doc,ETSI Industry Specification Group (ISG) on Identity and Access

Management

[b-JCA-IdM-104]JCA-IdM meeting doc,Question 16/13 Security and Identity Management

[b-FIDIS-D3.17]

Future of Identity in the Information Society:"D3.17: Identity Management Systems – recent developments

 


<< Introduction (Main page) - Part 1 - Part 2 - Part 3 - Part 4 - Part 5 - Part 6 >> ​​​
​​​