Digital (Virtual) Identities in Daidalos and beyond. Amardeo Sarma NEC Laboratories Europe

Similar documents
A Scenario for Identity Management in Daidalos

Identity management is a growing Web trend with. A SWIFT Take COVER FEATURE. Virtual identities and identifiers

A Privacy Enabled Fast Dynamic Authentication and Authorization for B3G/4G Mobility

1. Publishable Summary

Cross-Operator Identity Services. 13. January 2012, Telekom Innovation Laboratories

ETSI standards are enabling a global M2M solution. Enrico Scarrone, ETSI TC M2M Chairman, Telecom Italia 3 ETSI M2M workshop, Mandelieu, France, EU

Olli Jussila Adaptive R&D TeliaSonera

Identity Management Systems An Overview. IST Event 2004 /

Federated Identity Management and Network Virtualization

Integrating User Identity Management Systems with the Host Identity Protocol

Identity Management: Setting Context

New Technologies and Services: Change and Convergence

Prof. Christos Xenakis

ITU-T Y Next generation network evolution phase 1 Overview

New Generation Open Content Delivery Networks

The Simplicity Project and related standards activities

Security and resilience in Information Society: the European approach

Metro Ethernet for Government Enhanced Connectivity Drives the Business Transformation of Government

Moving Digital Identity to the Cloud, a Fundamental Shift in rethinking the enterprise collaborative model.

SeON GAP analysis. Dr. Parag Pruthi - Chair. Dr. Ashutosh Dutta Vice Chair. Date: December 14, 2010 Copyright 2010 GISFI. All Rights Reserved.

Prof. Christos Xenakis

DIX BOF Digital Identity exchange. 65 th IETF, Dallas March 21 st 2006

Status of Machine to Machine Standards work in TC M2M and onem2m. Many thanks to the various contributors from TC M2M

An Introduction to Digital Identity

A Market Solution to Online Identity Trust. Trust Frameworks 101: An Introduction

European Telecommunications Standards Institute. Grid Specialist Task Force. Interoperability Gap Analysis

Identity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation

National R&E Networks: Engines for innovation in research

Trust Services for Electronic Transactions

The EU OPEN meter project

Simplifying Federation Management with the Federation Router

SAML-Based SSO Solution

Part I: Future Internet Foundations: Architectural Issues

Project Data. Proposed duration: 30 months Requested total funding: 2.87 MEUR Strategic objective addressed: IST : Software and Services

SAML-Based SSO Solution

ITU-T Y Overview of ubiquitous networking and of its support in NGN

TECHNICAL SPECIFICATION

Identity Management as a Service

Analysis of Effectiveness of Open Service Architecture for Fixed and Mobile Convergence

Connected Living: The Market Opportunity in Embedded Mobile

Can the Network be the New Cloud.

The current status of Esi TC and the future of electronic signatures

Orange Smart Cities. Smart Metering and Smart Grid : how can a telecom operator contribute? November

Managing Trust in e-health with Federated Identity Management

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Privacy and Identity Management for Life. Lifelong Privacy

Securing INSPIREd geodata cloud services with CLARUS. INSPIRE conference 2016 (Barcelona)

Identity and capability management and federation

ISO/IEC TR TECHNICAL REPORT

onem2m - A Common Service Layer for IoT Basic principles and architecture overview

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

How a Federated Identity Service Turns Identity into a Business Enabler, Not an IT Bottleneck

Programmable BitPipe. Andreas Gladisch VP Convergent Networks and Infrastructure, Telekom Innovation Labs

Commentary on Tools and technologies for equitable access

Identity Management as An Application Enabler

Altitude Software. Data Protection Heading 2018

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

IPv6 Task Force - Phase II. Welcome

Security and Privacy in the Internet of Things : Antonio F. Skarmeta

Boundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:

Identity Deployment and Management in Wireless Mesh Networks

SAFE-BioPharma RAS Privacy Policy

IoT-A: main Architectural Reference Model concepts

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

The Business of Identity: Business Drivers and Use Cases of Identity Web Services

Media (NEM) Initiative

IMPACT OF 5G CANTO 2018 PANAMA CITY, PANAMA JULY 28, 2018

Liberty Alliance concepts. Mon Service Public

Telco Working Group. Kantara Initiative Summit 2011 Trust Framework Model and IdM Summit

OATH : An Initiative for Open AuTHentication

eid Interoperability for PEGS WS-Federation

Advanced Grid Technologies, Services & Systems: Research Priorities and Objectives of WP

Strong Customer Authentication and common and secure communication under PSD2. PSD2 in a nutshell

Future-Proof Security & Privacy in IoT

Version 11

Research Infrastructures and Horizon 2020

VISION Virtualized Storage Services Foundation for the Future Internet

2 The IBM Data Governance Unified Process

Security and Privacy in Car2Car Adhoc Networks

Unsolicited Communication / SPIT / multimedia-spam

WHITEPAPER. How to secure your Post-perimeter world

TAS 3 Architecture. Sampo Kellomäki Symlabs , ServiceWave, Stockholm

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

FOCUS GROUP ON MACHINE LEARNING

REST/SOAP Harmonization proposal for Identity-based Web-Services

Towards Standardization of Distributed Access Control

COMeSafety Specific Support Action

Identity Management. An overview of the status of some of the key IdM work (plus some thoughts from the sidelines) Mike Harrop The Cottingham Group

Carrier Reliability & Management: Overview of Plivo s Carrier Network

WHITE PAPER. OAuth A new era in Identity Management and its Applications. Abstract

Many countries decided on IMT-2000

IFIP - FIDIS Summer School

Global numbering for M2M/IoT devices and ecall

Solution Highlights. Supports all major signaling protocols. Widely deployed multi-national SS7 solution. NEBS3 certified standard server platform

ONELAB and Beyond. Prof. Serge Fdida. University P&M Curie, Paris 6, France

Identity Management. Rolf Blom Ericsson Research

NEVIS Smart Solutions against sophisticated attackers

Electronic Records Archives: Philadelphia Federal Executive Board

4G: Convergence, Openness for Excellence and Opportunity Cisco Systems, Inc

Transcription:

Digital (Virtual) Identities in Daidalos and beyond Amardeo Sarma NEC Laboratories Europe

Who wants to pay for more Bandwidth? More Access Bandwidth? No one pays extra for volume or time plain usage is a commodity But they will pay for access services Digital Identities: a potential breakthrough and convergence technology 30000 25000 20000 Volume or Time Basic fixed Charge Overall Revenue Revenue Increase depends on on Network Service (flat rate!) providing value, not volume 15000 10000 5000 0 1998 1999 2000 2001 2002 2003 2004 2005 2006 Pay for Pervasiveness & Ubiquity Seamless Mobility Comfort of of use Trust & Reliability Page 2 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Challenges for Network Access Make network access everywhere possible This is a more valuable service than more bits! Make your network available with the quality you need while on the move Seamless user linked roaming and mobility independent of your device Simple billing and customer relationship Your trusted provider (operator, credit card company) should take care of everything Remove device limitation Borrow a phone or laptop or use an embedded device in a hired car Use multiple devices, share devices Page 3 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Requires Change in Thinking Whatever the network: The user (you!) is at the centre! Not your device (phone, laptop,...) Liberate User from Devices! Page 4 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Daidalos Virtual Identities Approach VID Identifiers may be linked to digital certificate User constructs VIDs for Access VID VID VID VID Registered ID Government ID ID (e.g. (e.g. passport, drivers license) Official Document Verify credentials RegID of of ID ID provider (Operator, Bank) Contract Physical Person (DNA, behaviour, Personal attributes) VIDs correspond to personae and could relate to different roles VIDs are used for both network and service access, as well as content May be extended to other domains, e.g. gaining entrance to building ID token that contains VID Identifier + encrypted artefact for A4C is used Use VID to also enhance privacy of user! Page 5 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Today: Identity Fragmentation Current identity info of a user is distributed & duplicated among different platforms resulting in Multiple sign-on procedures for a wide range of services Inability to make good use of user related data (trail, presence, geo-location) across different platforms Difficulty for users to provide, retrieve and update all privacy info managed at each platform separately 3 rd Party Platforms Credit history Identity is missing Buying history Content Providers User s Identity User s Identity ISP Platform Presence data Partner Operator s Platform Home Operator s NGN Platform Enterprise Platform Source: NEC Corporation Page 6 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Tomorrow: Identity Convergence To solve identity fragmentation, Make a bridge between platforms introduction of multi-personas per user optimum deployment & life cycle mgt of them Filter flow of identity info across the bridge minimization of identity info disclosure from user s viewpoint making identity info obscure from operator s viewpoint 3 rd Party Platforms Content Providers Identity Creation Identity Federation ISP Platform Identity Exchange Partner Operator s Platform Home Operator s NGN Platform User s persona In Particular: Build bridge to the Network Enterprise Platform Source: NEC Corporation Page 7 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

John Doe Daidalos Virtual Identities Approach Growing numbers of communication services burden users with increasingly complex authentication effort Users want a limited number of operators enabling universal access to everything ideally single sign-on Identity solutions need to support multiple (virtual) identities or personae for several profiles, roles and contexts respecting privacy Trusted Provider who issues bill uses the service Visited Provider The trusted operator becomes a proxy for billing which is a business in itself. Improved security through VIDs acting as pseudonyms the service provider delivers without knowing the user. the trusted operator (e.g. operator or bank) knows the user, not the service. Source: Daidalos Page 8 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Daidalos Virtual Identity Concept Technical Challenges Privacy Unified and Uniform Namespaces Access Control Billing and Charging Mobility Page 9 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Objectives Link real and digital worlds User s data should be under his control Service providers use of federation to enhance user experience Source: Daidalos

Daidalos Virtual Identities and Privacy Location Preferences Access Router IP/MAC Address Service Service E.g. ad-sponsored network based navigation service Services operate on privacy-sensitive data Dynamic business scenarios Services offered by unknown (potentially untrusted) 3rd Party Providers Simple access to services for user s required (Mobility support, SSO) Page 10 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

Daidalos Virtual Identities and Privacy Location VID 1 Preferences Access Router IP/MAC Address Service Service VID 2 Location Preferences Access Router IP/MAC Address Service Service Service use based on Virtual Identities (VIDs) VID selected according to user s privacy policies Mid-term: Make IP/MAC Address unlinkable Page 11 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

Related Technology: Context Obfuscation Social Ctx: Friends near by (Ann, Bob, Fred, Julie) Blurring of Ctx Information Social Ctx: Friends near by (4 Friends) Blurring of Ctx Information Social Ctx: Friends Near By (Some Friends close by) Domain A Ctx Exchange Domain B Ctx Provider Ctx Exchange Domain C Ctx Provider Policy Management Context Obfuscation Technology supports privacy of context information based on user preferences handles context exchange within and across domains uniformly Context Obfuscation Challenges Context requires a structure that translates naturally to a blurring mechanism Semantics for context blurring need to be defined Adequate context distortion filters are required User interface must be simple and support decisions in a dynamic environment User must trust obfuscation behaviour Page 12 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

Cross-layer design becomes Imperative Uniform namespaces (one ID for all purposes) For network identification To obtain information about a user/service/group Under which to authenticate to the network and to the services To maintain pseudonimity at a higher level, a top-down protocol design is required ID must be independent of the application, service, interface and even terminal Page 13 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

Mobility Support for Digital Identities Page 14 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

Daidalos Virtual Identity Data Model 1 1 EPP EPP 1 entity * * * * 1 EP 1 * EPV 1 VID FEPV 1-1 FEPV 1-2 Templates EPVIdentifier=VIDIdentifier Entity: individual, company, provider, etc able to make legal binding Entity Profile Part (EPP): Coherent piece entity s data e.g. at provider Entity Profile (EP): The union of all EPPs plus entity s knowledge Entity Profile View (EPV) or Virtual Identity: Entity s aggregation of EPPs Filtered EPV used for access (to not reveal more than needed) Page 15 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

Daidalos Identity Brokerage Architecture Scenario: Alice uses a service offered by Bob Alice interacts as VIDID X with Bob Bob requests attribute from Alice via the ID Broker Page 16 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 Source: Daidalos

The next Step: SWIFT (01/08 06/10) Identity Management Systems Stratum Today Future i2010/eidm Societal/ legal Several IdM concepts Several eidmbased concepts Service Several digital IdM-based concepts Several eidm-based concepts Transport Some digital IdM-based concepts Serveral eidm-based concepts Scope Page 17 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007 eidm: electronic Identification Management

EU IST FP7 Project SWIFT Target: Leverage identity technology to integrate service and transport infrastructures by extending identity functions and federation to the network and addressing usability and privacy concerns Partners: Fraunhofer SIT (Project Co-ordinator), NEC (Technical Leader), Alcatel-Lucent, Deutshe Telekom, Portugal Telecom, Dracotic (SME), University of Murcia, IT Aveiro, University Stuttgart Time Frame: January 2008 June 2010 Overall Budget: 5.3 Million EU Contribution: 3.5 Million Description of Work approved by the Commission on 27 th September 2007 Currently in the final overall Commission-internal processing and approval stage Acronym SWIFT: Secure Widespread Identities for Federated Telecommunications Page 18 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Key SWIFT Technology Objectives (1/2) Vertical integration of identity, privacy, trust and security across layers: Protocols, addressing and inter-layer interfaces with controlled privacy New identity-centric user schemes supporting different levels of information access control, with well-defined privacy rules about who can change or even knows the data handled. Methods and techniques on how users are identified and located, but may remain pseudonymous at all layers based on user preferences. Identity-based mobility solution: Adaptation of mobility protocols to the user s moving identities across devices, services and networks. Semantic interoperability of eidm systems legacy and different national instances. Page 19 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Key SWIFT Technology Objectives (2/2) Meta data model to deal with IdM data sets to support interoperability. An Identity Management Platform providing a common framework and APIs for controlled access of identity attributes across services and networks with user privacy mechanisms including specific APIs, such as for an Identity Broker. Mapping new identity techniques to existing technology (SIM cards, etc), and eidm and AAA solutions to accommodate Identity Management. Name and identifier resolution across heterogeneous namespaces. Contribution to standardization to include the SWIFT identity approach at the different layers to go beyond the existing solutions. Page 20 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Relation of SWIFT with the Rest of the World monitor contribute Key Standards Organizations* e.g. Liberty Alliance, ITU-T FGIdM, ETSI TISPAN collaborate monitor * Subject to mofication during the project lifetime if environment changes EU FP6/7 Projects e.g. PRIME, Daidalos, FIDIS and possible follow-ups Other initiatives, such as Internet Identity Workshop, OpenID,... Page 21 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Conclusions Identity Management is a technology for user based access: Potential Key Convergence Technology addressed by several standards bodies e.g. ITU-T T Focus Group and initiatives In combination with Federation: Daidalos pioneered bridging the gap between traditional IdM and Telecommunications. The next steps e.g. in SWIFT: Leverage Virtual Identities and Identity Managment for the Network and Telco Services as a Convergence Technology Page 22 ITU-T/ISO/FIDIS Workshop, Lucerne, Switzerland NEC Corporation 2007 30 September 2007

Thank you! Amardeo Sarma NEC Laboratories Europe sarma@neclab.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback