Intercomms - Development
INTERCOMMS : The International Communications Project


ITU-T Identity Management

Intercomms talks to Abbie Barbir, chair of the ITU-T Study Group 17's Focus Group on Identity Management set up in December 2006 about its hopes and aspirations

Abbie Barbir, Ph.D., co-chairs the OASIS TAB and is a member of Nortel's Strategic Standards group, where he serves as Senior Advisor in the areas of Web services and Security. This role has involved him in many activities within OASIS, W3C, WS-I, OMA, ITU-T, Canadian Advisory Committee (CAC) JTC1 SC6, IETF, Parlay and IPSphere. He recently was elected to the OASIS IDTrust Steering Committe for a two year term. He currently chairs the Cybersecurity question in ITU-T SG17 and is the vice chair of the CAC for JTC1 SC 6. In 2005, he represented OASIS to ITU-T and was instrumental in having the ITU-T consent the SAML and XACML OASIS Standards as ITU-T Recommendations. Abbie holds a Ph.D. in Computer Engineering from Louisiana State University in Baton Rouge, USA. In his more than 20 years in the software and telecommunication industry, he has been a professor of Computer Science in Western Carolina University, an application developer, data compression and encryption inventor, systems architect, security architect, engineering manager, consultant, author, and inventor of numerous security algorithms. His term on the TAB extends to July 2008.

Q: What is your remit or scope from the ITU?
A: Our scope is identity management as it is applies to telecoms in general. What we would like to do is to facilitate the advancement of a generic IDM framework. What we are not in the business of doing is creating yet another identity management framework. There are just so many of them there already, although none of them provides a complete IDM solution when it comes to the telecom world. All of them are for instance missing the network element of identity management because basically, with few exceptions they focus on IDM at the application layer. In line with the current parallel work on Next Generation Networks (NGN) elsewhere in the ITU, we would like to extend the IDM's ability to operate at the Web level.

Q: Could you outline a more complete gap analysis?
A: What we have are various delivered solutions that range from those that are based on open cores or user centric for instance but if you look at all of them, they don't address every aspect of IDM that we want and need. One particular gap analysis highlighted the network element. What we would like to do is to identify the gaps in our focus group and also work on harmonisation and interworking between available solutions. While the Network component is important. Another key component is how you establish what we call authentication assurances and anchors of trust. Discovery is also missing as is security within the overall systems. These we believe are the key areas that need to be looked at right away.

Q: Once you've established a framework of current standards and then identified a technology road map to support NGN today, what's then necessary to have in place to support NGN the day after tomorrow and so on?
A: One example is Electronic Numbering (ENUM). It can play a critical role in NGN. What we need to do is establish how ENUM fits within a global IDM framework.

Another missing feature today is in the use of unique identifiers and the discovery of those unique identifiers. That's missing today. The same is true of the management of entities across various domains and to identify patterns. Part of our focus is on these areas but also we are looking at internal interoperability, in particular among authorisation management protocols between providers and provider federations as part of the IDM framework. We would also like to see trust anchors and the ability of having authenticated assurances where the level of authentication would vary depending on what you wanted to access.

Q: How is the absence of the standards holding back the industry?
A: At the end of the day today's IDM are still being held in silos. Each solution provides the user with some control but at the end of the day, you can only work through that specific type of silo. User control is still largely absent. As a user are not totally plugged into your privacy rules or rights in terms of what you like to present as an identity in a given context or not. Each one is still silo-ed even although the providers talk about their products as global identity management and a single global sign-on. In our opinion this is not really global because you are stuck in that single provider solution space. This is why in the Focus Group, we would like to have interoperability between various solutions where you can really truly use one provider mechanism but have accessibility to others.

Silo-ed IDM today means that users still have to remember a lot of passwords plus the user does not having the flexibility of a single sign in or global IDM. If you are roaming and you are visiting another city, your cell phone provider knows that you are out of town but this information is not properly provided to your applications. It doesn't change the time of wakeup calls or alert callers to the different timezone you are in because of the lack of a global harmonised IDM standard. It could be done but proprietary and specific solutions make its applicability very limited. We are not there yet in terms of what we could or can do for ID management as an application layer by itself.

Q: You have three meeting in quick succession; April in Geneva, California in May and Tokyo in July, by the end of those meeting what do you hope to have established and achieved from those three meetings?
A: The lifetime of this focus group in nine months from December and we are literally going from one meeting to another. Nine months isn't very long, it is a short timespan and our mandates are objectives are to be honest, really very optimistic. We have lot on our plate, so in terms of priorities, what we would like to do is to get a living list of standards bodies and forums that are working in the identity space and collect all the information regarding all the solutions that are out there. We want to do global analysis of the solutions terms of what requirements and capabilities they have and whether or not they provide the network solution so we can establish if it is FIPS endorsed or not. Then we can map those with a set of use case scenarios where the telecom IDM is part of the picture. From there we can get the gap analysis. We want to do that hopefully by the July meeting and we should by then have the overall global framework that we want to talk about.

If we had all the time in the world, it would be preferable to start with the use case scenarios first, then develop requirements and then establish various architectures and a global framework that fits together. This sequential approach doesn't relly work with us because of our limited life. Consequently, we are trying to do several things in a spiral approach where we can develop the framework at the same time as the requirements and the use case scenarios are each being developed.

The reason we have the first meeting between April and May is because we are catering to a global audience. April is a very good time for us because we already have ITU-T Study Group 13 and Study Group 17 meetings in Geneva. In May there is another big event that is happening, namely the Internet Identity Workshop and the IDM Focus Group will co-locate with the 350 experts in this field there them a full day to validate our architecture and our work with this community. In July we decided to go to Asia because we have a lot of Asian interest there and it will be good to meet locally with those participants in the Focus Group.

For more information:
Please contact Toby Johnson,
Or visit

Upcoming Events
Contributing Organisations
Click to view web site

All Content Copyright © Entico Corporation Ltd. 2007