Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma

FP7 SWIFT 2 Target: Identity Convergence for NGN+  Solve identity fragmentation of today:  Make a bridge between platforms introduction of multi-personas per user transcend layers from network to services / applications  Filter flow of identity info across the bridge minimization of identity info disclosure from user’s viewpoint making identity info obscure from operator’s viewpoint Identity Creation Home Operator’s NGN Platform ISP Platform Identity Federation 3 rd Party Platforms User’s persona Content Providers Enterprise Platform Partner Operator’s Platform Identity Exchange Source: NEC

FP7 SWIFT 3 Traditional Relation Customer – Provider me provider Fixed Operator: Customer ID Physical line Mobile Operator: Customer ID SIM Card ISP: Customer ID Name / Password Amazon etc.: Customer ID Name / Password Drawback: Customer needs separate contract for (most) services Reason: The provider is responsible not only for the service, but also for identification and billing

FP7 SWIFT 4 Target me ID & billing provider ID provider: Customer ID Credentials Service Provider: Offer / Price Trusted relation (contract) service provider Temporary relation (get service) Customer has few trusted relationships and contracts, but can nonetheless get services from 3rd parties Authorization & accounting

FP7 SWIFT 5 SWIFT for Convergence: Overview  Duration: January 2008 – June 2010  Consortium: 9 partners from Industry and Academia (see below)  Project Co-ordinator: FhG SIT, Technical Leader: NEC  Focus  Identity & privacy across layers  vertical approach  Develop Identity as a key enabling technology for convergence  Combined user / operator control on information exchange  Optimize user/service/network-centric IdM with network focus  Develop Identity Oriented Services  Build on R&D from Daidalos & other FCT projects University of Murcia University of Stuttgart

 Virtual Identities concept adapted from the EU Daidalos project supports privacy of the user  Many “faces” for transactions to separate roles or for privacy reasons  These “personalities” or “avatars” or Virtual Identities (VIDs) must be unlinkable even though some attributes may be shared between them  The user must control the data revealed Research approach, Methodology FP7 SWIFT

Axis of Identity Management FP7 SWIFT 7 Policy Management Privacy Billing Authentication Attribute Exchange Decision/ Enforcement Attribute Management Transparency

The Vertical Axis FP7 SWIFT

Triangle of TransactionsBinding Identity Model Technology and Business Drivers FP7 SWIFT

Identity Management Platform Discovery / Directory Name Resolution Anonimity AAA Context Mobility Security QoS Attribute Management & Access Devices Groups Building Blocks: Identity Architecture FP7 SWIFT

Goal 1: Enhance Ubiquity and Experience  Liberate user from device(s) by enabling use of several interchangeable devices  Ownership of the device should be independent of who uses it  hiring (embedded) devices becomes part of the model  Facilitate discovery and service usage respecting the user's privacy options  Network access is automatically made available based on service requested  Invisible co-ordination of network and resources Supported by the Identity Backbone

Goal 2: Enable Convergence  Identity can form the bridge between networks, services, content and arbitrary offerings  it becomes a convergence technology  Currently a vast range of solutions exist that need to be brought together  This includes SIM and USIM solutions  Central will be to also impact emerging NGN architectures  3GPP, ITU-T, ETSI  A key problem to solve will be to bridge the independently existing Identity solutions (SAML, OpenID, CardSpace,...)  SWIFT will develop solutions for this Identity as the convergence enabler

 Bringing Identity Management to the network  Enable access and reachability across domains  Make Identities of people, services, things, software modules a part of the future Internet architecture  The Future Internet will be the …. identiNET  Identity as the future end point of communication  whether user, service, thing, device or software module  Support access, (non-) reachability, ubiquity  Privacy can be dealt with vertically thus reducing the danger of conflicting policies & mechanisms  non-walled garden business is enabled Identity in the Future Internet FP7 SWIFT

 Kick off in 01/08 with Public Web Page in January  Work well progressed on  Scenario definition  Requirements  Initial architecture  Deliverables done and mid-term  Work Methods  Internal Report on Dissemmination  Scenarios  Gap Analysis and Architecture Requirements  Initial Architecture SWIFT results so far FP7 SWIFT

15 Conclusions SDOs (ETSI, ITU-T, OASIS LA, IETF) SDOs (ETSI, ITU-T, OASIS LA, IETF) Business Opportunities & Types EU Initiatives (PrimeLife, Daidalos, FIDIS) EU Initiatives (PrimeLife, Daidalos, FIDIS) SWIFT SWIFT will develop an EU identity architecture as a catalyst that opens new doors to IdM, focusing on the network and convergence

SWIFT Website

End Thank You