www.prime-project.eu
Privacy and Identity Managementfor Europe
Prof. Dr. Kai RannenbergLead Activity 5
Chair for Mobile Business & Multilateral SecurityGoethe University Frankfurt
www.prime-project.eu Page 2
Agenda
• Standardisation Bodies and Projects – ISO/IEC JTC 1– ITU-T
• Major Issues– Unified vs. Differentiated Identities– Partial Identities– The Identity confirmation process
• Summary & Outlook
www.prime-project.eu Page 3
Standardisation Bodies
• ISO/IEC Joint Technical Committee 1 “Information Technology“ (JTC 1)– Subcommittees
• SC 17 “Cards and personal identification” • SC 27 “Security Technologies”• SC 37 “Biometrics”
• ITU Telecommunication Standardization Sector (ITU-T)
– Study Period 2005-2008• Study Group 13 “Next Generation Networks”• Study Group 17 “Security, languages and telecommunication
software”• Joint Coordination Activity for Identity Management JCA-IdM
www.prime-project.eu 4
WGs within ISO/IEC JTC 1/SC 27 – IT Security Techniques
WG 5Identity Management
& Privacy Technologies
WG 1ISMS
WG 4Security Controls & Services
WG 2Cryptography &
Security Mechanisms
WG 3Security Evaluation
Product System Process Environment
Techniques
Guidelines
Assessment
www.prime-project.eu 5
Standardisation Projects
• ISO/IEC JTC 1/SC 27/WG 5 “Identity and Privacy Technologies”– A Framework for Identity Management (ISO/IEC 24760, WD)– A Privacy Framework (ISO/IEC 29100, WD)– A Privacy Reference Architecture (ISO/IEC 29101, WD)– A Framework for Access Management (ISO/IEC 29146, WD)
• ITU-T Study Group 17 “Security, languages and telecommunication software”
– Requirements for global identity management trust and interoperability (X.1250 X.idmreq)
– User control enhanced digital identity interchange framework (X.idif)
– Common identity data model (X.idm-dm)– Global interoperable IdM framework (X.idmint)
www.prime-project.eu Page 6
Major Issues
• Major Issues– Unified vs. Differentiated Identities– Partial Identities– Identity confirmation involvement
www.prime-project.eu 7
Unified vs. Differentiated Identities
• People live their life– in different roles (professional,
private, volunteer)– using different identities
(pseudonyms): email accounts, SIM cards, eBay trade names, chat names, 2ndLife names, …)
• Differentiated identitieshelp to– protect
• privacy, especially anonymity • personal security/safety
– enable reputation building at the same time
• Identity management systems– support users using role based
identities– help to present the “right”
identity in the right context
• Organisations aim to sort out– User Accounts in different IT
systems– Authentication– Rights management – Access control
• Unified identitieshelp to– ease administration– manage customer relations
• Identity management systems– ease single-sign-on by unify
accounts– solve the problems of multiple
passwords
www.prime-project.eu 8
Differentiated vs. Unified Identities
• People live their life– in different roles (professional,
private, volunteer)– using different identities
(pseudonyms): email accounts, SIM cards, eBay trade names, chat names, 2ndLife names, …)
• Differentiated identitieshelp to– protect
• privacy, especially anonymity • personal security/safety
– enable reputation building at the same time
• Identity management systems– support users using role based
identities– help to present the “right”
identity in the right context
• Organisations aim to sort out– User Accounts in different IT
systems– Authentication– Rights management – Access control
• Unified identitieshelp to– ease administration– manage customer relations
• Identity management systems– ease single-sign-on by unify
accounts– solve the problems of multiple
passwords
www.prime-project.eu
Partial Identities
9
MasterCard
Diners Club
Government
Alice
Telecom-munication
Leisure
Boyfriend Bob
Travel
Shopping
Work
Payment
Health Care
HealthStatus
CreditRating
Interests
Age
DrivingLicence
TaxStatus
NameBirthday
Birthplace
Good-Conduct
Certificate
Insurance
PhoneNumber
BloodGroup
ForeignLanguages
Income
Diary
Address
CellphoneNumber Likes &
Dislikes
Identities
Management
www.prime-project.eu
Identity confirmation involvement
• Is the “Identity Provider” involved in every interaction of user and relying party?
10
Requesting/Asserting
Entity
RelyingParty Entity
IdentityProvider(s)
Identity Assertion
Query(ies) to Identity Resources
Response Response
www.prime-project.eu
Summary & Outlook
• Several standardisation organisations deal with Privacy and Identity Management
• Privacy is not always taken seriously.• Major issues
– Unified vs. Differentiated Identities– Partial Identities– Identity confirmation involvement
• PRIME together with related projects achieved improvements, but more work is needed.
11
www.prime-project.eu
References
• ITU-T Study Group 13 “Next Generation Networks”– www.itu.int/ITU-T/studygroups/com13
• ITU-T Study Group 17 “Security, languages and telecommunication software”– www.itu.int/ITU-T/studygroups/com17
• ITU-T Joint Coordination Activity for Identity Management JCA-IdM– www.itu.int/ITU-T/jca/idm/
• ISO/IEC JTC 1/SC 17 “Cards and personal identification” – www.sc17.com
• ISO/IEC JTC 1/SC SC 27 “Security Technologies”– www.jtc1sc27.din.de
• ISO/IEC JTC 1/SC 37 “Biometrics”– http://isotc.iso.org/livelink/livelink/fetch/2000/2122/327993/2262372/2263033
/2285052/customview.html?func=ll&objId=2285052&objAction=browse&sort=name
12