|
ITU-T Identity Management
Intercomms talks to Abbie Barbir, chair of the ITU-T Study Group 17's Focus Group on
Identity Management set up in December 2006 about its hopes and aspirations
 Abbie Barbir, Ph.D., co-chairs the OASIS TAB and is
a member of Nortel's Strategic Standards group,
where he serves as Senior Advisor in the areas of
Web services and Security. This role has involved
him in many activities within OASIS, W3C, WS-I,
OMA, ITU-T, Canadian Advisory Committee (CAC)
JTC1 SC6, IETF, Parlay and IPSphere. He recently
was elected to the OASIS IDTrust Steering Committe
for a two year term. He currently chairs the
Cybersecurity question in ITU-T SG17 and is the vice
chair of the CAC for JTC1 SC 6. In 2005, he
represented OASIS to ITU-T and was instrumental in
having the ITU-T consent the SAML and XACML
OASIS Standards as ITU-T Recommendations. Abbie
holds a Ph.D. in Computer Engineering from
Louisiana State University in Baton Rouge, USA. In
his more than 20 years in the software and
telecommunication industry, he has been a professor
of Computer Science in Western Carolina University,
an application developer, data compression and
encryption inventor, systems architect, security
architect, engineering manager, consultant, author,
and inventor of numerous security algorithms. His
term on the TAB extends to July 2008.
Q: What is your remit or scope from the ITU?
A: Our scope is identity management as it is
applies to telecoms in general. What we would
like to do is to facilitate the advancement of a
generic IDM framework. What we are not in the
business of doing is creating yet another identity
management framework. There are just so many
of them there already, although none of them
provides a complete IDM solution when it comes
to the telecom world. All of them are for instance
missing the network element of identity
management because basically, with few
exceptions they focus on IDM at the application
layer. In line with the current parallel work on
Next Generation Networks (NGN) elsewhere in the
ITU, we would like to extend the IDM's ability to
operate at the Web level.
Q: Could you outline a more complete gap
analysis?
A: What we have are various delivered solutions
that range from those that are based on open
cores or user centric for instance but if you look
at all of them, they don't address every aspect of
IDM that we want and need. One particular gap
analysis highlighted the network element. What
we would like to do is to identify the gaps in our
focus group and also work on harmonisation and
interworking between available solutions. While
the Network component is important. Another key
component is how you establish what we call
authentication assurances and anchors of trust.
Discovery is also missing as is security within the
overall systems. These we believe are the key
areas that need to be looked at right away.
Q: Once you've established a framework of
current standards and then identified a
technology road map to support NGN today,
what's then necessary to have in place to
support NGN the day after tomorrow and so on?
A: One example is Electronic Numbering (ENUM).
It can play a critical role in NGN. What we need
to do is establish how ENUM fits within a global
IDM framework.
Another missing feature today is in the use of
unique identifiers and the discovery of those
unique identifiers. That's missing today. The
same is true of the management of entities
across various domains and to identify patterns.
Part of our focus is on these areas but also we
are looking at internal interoperability, in
particular among authorisation management
protocols between providers and provider
federations as part of the IDM framework. We
would also like to see trust anchors and the
ability of having authenticated assurances where
the level of authentication would vary depending
on what you wanted to access.
Q: How is the absence of the standards holding
back the industry?
A: At the end of the day today's IDM are still
being held in silos. Each solution provides the
user with some control but at the end of the day,
you can only work through that specific type of
silo. User control is still largely absent. As a user
are not totally plugged into your privacy rules or
rights in terms of what you like to present as an
identity in a given context or not. Each one is still
silo-ed even although the providers talk about
their products as global identity management
and a single global sign-on. In our opinion this is
not really global because you are stuck in that
single provider solution space. This is why in the
Focus Group, we would like to have
interoperability between various solutions where
you can really truly use one provider mechanism
but have accessibility to others.
Silo-ed IDM today means that users still have to
remember a lot of passwords plus the user does
not having the flexibility of a single sign in or
global IDM. If you are roaming and you are
visiting another city, your cell phone provider
knows that you are out of town but this
information is not properly provided to your
applications. It doesn't change the time of
wakeup calls or alert callers to the different
timezone you are in because of the lack of a
global harmonised IDM standard. It could be
done but proprietary and specific solutions make
its applicability very limited. We are not there yet
in terms of what we could or can do for ID
management as an application layer by itself.
Q: You have three meeting in quick succession;
April in Geneva, California in May and Tokyo in
July, by the end of those meeting what do you
hope to have established and achieved from
those three meetings?
A: The lifetime of this focus group in nine
months from December and we are literally going
from one meeting to another. Nine months isn't
very long, it is a short timespan and our
mandates are objectives are to be honest, really
very optimistic. We have lot on our plate, so in
terms of priorities, what we would like to do is to
get a living list of standards bodies and forums
that are working in the identity space and collect
all the information regarding all the solutions
that are out there. We want to do global analysis
of the solutions terms of what requirements and
capabilities they have and whether or not they
provide the network solution so we can establish
if it is FIPS endorsed or not. Then we can map
those with a set of use case scenarios where the
telecom IDM is part of the picture. From there we
can get the gap analysis. We want to do that
hopefully by the July meeting and we should by
then have the overall global framework that we
want to talk about.
If we had all the time in the world, it would be
preferable to start with the use case scenarios
first, then develop requirements and then
establish various architectures and a global
framework that fits together. This sequential
approach doesn't relly work with us because of
our limited life. Consequently, we are trying to do
several things in a spiral approach where we can
develop the framework at the same time as the
requirements and the use case scenarios are
each being developed.
The reason we have the first meeting between
April and May is because we are catering to a
global audience. April is a very good time for us
because we already have ITU-T Study Group 13
and Study Group 17 meetings in Geneva. In May
there is another big event that is happening,
namely the Internet Identity Workshop and the
IDM Focus Group will co-locate with the 350
experts in this field there them a full day to
validate our architecture and our work with this
community. In July we decided to go to Asia
because we have a lot of Asian interest there and
it will be good to meet locally with those
participants in the Focus Group.
For more information:
Please contact
Toby Johnson, toby.johnson@itu.int
Or visit www.itu.in
|
