The ISA concept in the Telco Environment Philippe Clement Lannion, Telco WG

Agenda Initial objectives around the IDP Selection ULX and IDS WG merging ULX closing The ISA in the Telco environment Business opportunities Following possible steps

Relying Party Identity Provider ISA* * ISA: Identity Provider Selection Agent  RP addresses easily the majority of main IdPs to increase their audience  IdPs extend their footprint on many RPs  The user uses easily the same tool to access IdPs whatever the RP  ISA reconciles the expectations of the 3 actors and simplifies the relations User Initial Objectives around the IDP Selection: The Concept  Transform the complex 3-3 relations into a simpler 1-3 relation

Initial objectives around the IDP Selection  Started in Liberty Alliance BMEG  Business, Use Cases and Requirements defined  With Business Objectives  increase the business around authentication  All added value on the web begins by an authentication  By promoting a large adoption of the ISA concept  simplifies the authent implementation at SPs  simplifies the journey for users  And Technical objectives  Fill the gap in protocols to achieve business objectives  Gap analysis regarding Use Cases and Requirements  Transformed into the IDS WG in Kantara Initiative

Contributors of the ID Selector (BMEG):  Shin (NTT)  Jonas (Ericsson)  Mikko (Telia Sonera)  Paavo (Telia Sonera)  Ken Salzberg (Intel)  Gael Gourmelen (Orange FT)  Paul Simons (Nortel)  Ingo Freeze (DT)  Joao (NEC)  Sreeram (Fidelity)  Initially Telco oriented Initial objectives around the IDP Selection

ULX and IDS WG merging before IDS and ULX merging: MRD with detailed Use Cases, Requirements and Business motivations done. gap analysis done ULX and IDS charters merged Objectives of the merging: Mutualize efforts in a common group On the overall user authentication experience By a common approach of “in the device”, “in the browser” and “in the network” ISA By using protocol knowledge from experts in former ULX WG

ULX closing Due to lack of traction Concerned actors are said missing Tendancy is rather to individual products (Google ID, Janrain, Gigya…) Uncomplete work : only the graphic aspects have been addressed. Communication between actors (e.g.SP and ISA) not addressed Question of Metadata not really addressed A gap remains between visions of “in the device” or “in the browser” or “in the network” approaches

The ISA in the Telco Environment ? Positive points: When Telcos join, they address the world’s population Authentication means are from far more simple than those used with OTT actors like FB, Google, MS… Strong or multi-factor authentication that allows to easily climb on the LOA layers The similarity of technical networks, user informations, registration processes… A trust framework can easily been made for Telcos, like roaming in mobile networks Threats: Major actors begin to take their independence on mobile authentication ? (Apple tentative…)

The ISA in the Telco Environment Relying Party Identity Provider: Orange DT … ISA User ?

Reconquer the authentication domain taken over by major Web players Mix authentication and Telco APIs User Profile On bill billing Centralized Privacy … Business opportunities

Following possible steps ? Build a roadmap Recruit more Telcos Write specific (more?) telco Use Cases Define basic (then extended) telco metadata and claims Check protocols for feasibility Liaise with specific groups/bodies to not reinvent the wheel Target a Telco Trusted Framework, maybe an European One ? Even Build a POC ?

Questions / Discussion