|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
I.General Issues
|
|
I.1 Terms and definitions
|
|
ITU-T
|
|
ITU-T SG 17
Draft Recommendation
ITU-T X.1252
|
Baseline identity management terms and definitions
|
This Recommendation provides a collection of terms and definitions used in Identity Management. They are drawn from many sources; all are believed to be in common use in IdM. These definitions are to be used as a baseline for IdM Recommendations throughout ITU-T; they may be expanded if necessary to provide greater clarity for a specific context. This will ensure the main features of IdM are consistent, aligned and understood.
|
|
Determined in Sept. 2009
|
|
|
OASIS
|
|
OASIS
Standard
SAML Glossary (2005.03)
|
Glossary for the OASIS SecurityAssertion Markup Language (SAML) V2.0
|
This specification defines terms used throughout the OASIS Security Assertion Markup Language (SAML) specifications and related documents.
|
|
|
|
|
I.2 Identity Addressing and Format
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 17
Draft Recommendation
X.oid-res
|
Information technology – Object identifier resolution system
|
This Recommendation | International Standard specifies OID (Object Identifier) resolution system which provides information associated with any object identified by an object identifier. This associated information can be access information, child node information, or the canonical form of the OID-IRI. The OID Resolution System consists of two processes: a general OID resolution process and an application-specific OID resolution process. The general OID resolution process utilizes the DNS (Domain Name System) protocol.
|
ISO/IEC 29168
|
|
|
|
ITU-T SG 17
Draft Recommendation
X.oid-exp
|
Object identifier repository export format
(Subject to Agreement with ISO TC 215 on collaborative work)
|
This Recommendation | International Standard specifies both an XML and a binary export format for object identifier repositories, including additional requirements for e-health repositories.
|
ISO 13582
|
|
|
|
ETSI
|
|
ETSI
Technical Specification
TS 184 002 V1.1.1 (2006)
|
Identifiers (IDs) for NGN
|
The present document provides an overview of the identifiers used within 3GPP which are considered applicable to NGN.
|
|
|
|
|
3GPP
|
|
3GPP
Technical Specification
TS 23.003 (2009.09)
|
Numbering, addressing and identification (Release 9)
|
The present document defines the principal purpose and use of International Mobile station Equipment Identities (IMEI) within the digital cellular telecommunications system and the 3GPP system.
|
|
|
|
|
3GPP
Technical Specification
TS 23.008 (2009.09)
|
Organization of subscriber data (Release 9)
|
The present document provides details concerning information to be stored in home subscriber servers, visitor location registers, GPRS Support Nodes and Call Session Control Function (CSCF) concerning mobile subscriber.
|
|
|
|
|
IETF
|
|
IETF
RFC 2141
(1997)
|
Uniform Resource Name (URN)
|
This document defines persistent, location-independent, resource identifiers. This RFC defines the canonical syntax for URNs and discusses existing legacy and new namespaces and requirements for URN presentation and transmission.
|
|
|
|
|
IETF
RFC2822
(2001)
|
Internet Message Format
|
This standard specifies a syntax for text messages that are sent between computer users, within the framework of "electronic mail" messages.
|
|
|
|
|
IETF
RFC 3986
(2005)
|
Uniform Resource Identifier (URI): Generic Syntax
|
This specification defines the generic URI syntax and a process for resolving URI References that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet.
|
|
|
|
|
IETF
RFC 3987
(2005)
|
Internationalized Resource Identifiers (IRIs)
|
This document defines a new protocol element, the Internationalized Resource Identifier (IRI), as a complement to the Uniform Resource Identifier (URI).
|
|
|
|
|
IETF
RFC4122
(2005)
|
A Universally Unique IDentifier (UUID) URN Namespace
|
This specification defines a Uniform Resource Name namespace for UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier).
|
|
|
|
|
IETF
RFC881
(1983)
|
The Domain Names Plan and Schedule
|
This RFC outlines a plan and schedule for the implementation of domain style names throughout the DDN/ARPA Internet community. The introduction of domain style names will impact all hosts on the DDN/ARPA Internet.
|
|
|
|
|
IETF
RFC897
(1984)
|
Domain Name System Implementation Schedule
|
This memo is a policy statement on the implementation of the Domain Style Naming System in the Internet. This memo is a partial update of RFC 881. This is an official policy statement of the ICCB and the DARPA. The intent of this memo is to detail the schedule for the implementation for the Domain Style Naming System. The explanation of how this system works is to be found in the references.
|
|
|
|
|
IETF
RFC921
(1984)
|
Domain Name System Implementation Schedule – Revised
|
This memo is a policy statement on the implementation of the Domain Style Naming System in the Internet. This memo is an update of RFC 881, and RFC 897. This is an official policy statement of the IAB and the DARPA. Distribution of this memo is unlimited. The intent of this memo is to detail the schedule for the implementation for the Domain Style Naming System. The explanation of how this system works is to be found in the references.
|
|
|
|
|
IETF
RFC1034
(1987)
|
Domain Names – Concepts and Facilities
|
This RFC introduces domain style names, their use for Internet mail and host address support, and the protocols and servers used to implement domain name facilities.
|
|
|
|
|
IETF
RFC1035
(1987)
|
Domain Names – Implementation and Specification
|
This RFC describes the details of the domain system and protocol, and assumes that the reader is familiar with the concepts discussed in a companion RFC, “Domain Names – Concepts and Facilities”.
|
|
|
|
|
IETF
RFC1101
(1989)
|
DNS Encoding of Network Names and Other Types
|
This RFC proposes two extensions to the Domain Name System: 1) a specific method for entering and retrieving RRs which map between network names and numbers, and 2) ideas for a general method for describing mappings between arbitrary identifiers and numbers. The method for mapping between network names and addresses is a proposed standard, the ideas for a general method are experimental. This RFC assumes that the reader is familiar with the DNS [RFC 1034, RFC 1035] and its use. The data shown is for pedagogical use and does not necessarily reflect the real Internet.
|
|
|
|
|
IETF
RFC1591
(1994)
|
Domain Name System Structure and Delegation
|
This memo provides some information on the structure of the names in the Domain Name System (DNS), specifically the top-level domain names; and on the administration of domains. The Internet Assigned Numbers Authority (IANA) is the overall authority for the IP Addresses, the Domain Names, and many other parameters, used in the Internet. The day-to-day responsibility for the assignment of IP Addresses, Autonomous System Numbers, and most top and second level Domain Names are handled by the Internet Registry (IR) and regional registries.
|
|
|
|
|
IETF
RFC1712
(1994)
|
DNS Encoding of Geographical Location
|
This document defines the format of a new Resource Record (RR) for the Domain Naming System (DNS), and reserves a corresponding DNS type mnemonic and numerical code. This definition deals with associating geographical host location mappings to host names within a domain. The data shown in this document is fictitious and does not necessarily reflect the real Internet.
|
|
|
|
|
IETF
RFC2870
(2000)
|
Root Name Server Operational Requirements
|
As the internet becomes increasingly critical to the world’s social and economic infrastructure, attention has rightly focused on the correct, safe, reliable, and secure operation of the internet infrastructure itself. The root domain name servers are seen as a crucial part of that technical infrastructure. The primary focus of this document is to provide guidelines for operation of the root name servers. Other major zone server operators (gTLDs, ccTLDs, major zones) may also find it useful. These guidelines are intended to meet the perceived societal needs without overly prescribing technical details.
|
|
|
|
|
IETF
RFC2916
(2000)
|
E.164 number and DNS
|
This document discusses the use of the Domain Name System (DNS) for storage of E.164 numbers. More specifically, how DNS can be used for identifying available services connected to one E.164 number. Routing of the actual connection using the service selected using these methods is not discussed.
|
|
|
|
|
IETF
RFC3007
(2000)
|
Secure Domain Name System (DNS) Dynamic Update
|
This document proposes a method for performing secure Domain Name System (DNS) dynamic updates. The method described here is intended to be flexible and useful while requiring as few changes to the protocol as possible. The authentication of the dynamic update message is separate from later DNSSEC validation of the data. Secure communication based on authenticated requests and transactions is used to provide authorization.
|
|
|
|
|
IETF
RFC3401
(2002)
|
Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS
|
This document specifies the exact documents that make up the complete Dynamic Delegation Discovery System (DDDS). DDDS is an abstract algorithm for applying dynamically retrieved string transformation rules to an application-unique string.
|
This document along with RFC 3402, RFC 3403 and RFC 3404 obsolete RFC 2168 and RFC 2915, as well as updates RFC 2276.
|
|
|
|
IETF
RFC3402
(2002)
|
Dynamic Delegation Discovery System (DDDS) Part Two: The Algorithm
|
This document describes the Dynamic Delegation Discovery System (DDDS) algorithm for applying dynamically retrieved string transformation rules to an application-unique string. Well-formed transformation rules will reflect the delegation of management of information associated with the string. This document is also part of a series that is completely specified in "Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" (RFC 3401).
|
|
|
|
|
IETF
RFC3403
(2002)
|
Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database
|
This document describes a Dynamic Delegation Discovery System (DDDS) Database using the Domain Name System (DNS) as a distributed database of Rules. The Keys are domain-names and the Rules are encoded using the Naming Authority Pointer (NAPTR) Resource Record (RR).
|
This document obsoletes RFC 2915. It is also part of a series that is completely specified in "Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" (RFC 3401).
|
|
|
|
IETF
RFC3404
(2002)
|
Dynamic Delegation Discovery System (DDDS) Part Four: The Uniform Resource Identifiers (URI) Resolution Application
|
This document describes a specification for taking Uniform Resource Identifiers (URI) and locating an authoritative server for information about that URI. The method used to locate that authoritative server is the Dynamic Delegation Discovery System.
|
This document is part of a series that is specified in "Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" (RFC 3401).
|
|
|
|
IETF
RFC3405
(2005)
|
Dynamic Delegation Discovery System (DDDS) Part Five: URI.ARPA Assignment Procedures
|
This document is fifth in a series that is completely specified in "Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" (RFC 3401).
|
This document is fifth in a series that is completely specified in "Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" (RFC 3401).
|
|
|
|
IETF
RFC3467
(2003)
|
Role of the Domain Name System (DNS)
|
This document reviews the original function and purpose of the domain name system (DNS). It contrasts that history with some of the purposes for which the DNS has recently been applied and some of the newer demands being placed upon it or suggested for it. A framework for an alternative to placing these additional stresses on the DNS is then outlined. This document and that framework are not a proposed solution, only a strong suggestion that the time has come to begin thinking more broadly about the problems we are encountering and possible approaches to solving them.
|
|
|
|
|
IETF
RFC3764
(2004)
|
enumservice registration for Session Initiation Protocol (SIP) Addresses-of-Record
|
This document registers an Electronic Number (ENUM) service for the Session Initiation Protocol (SIP), pursuant to the guidelines in RFC 3761. Specifically, this document focuses on provisioning SIP addresses-of-record in ENUM.
|
|
|
|
|
OASIS
|
|
OASIS
Working Draft
SAML Profile (2009.12)
|
Profiles for the OASIS SecurityAssertion Markup Language (SAML)V2.0 – Errata Composite
|
The SAML V2.0 Profiles specification defines profiles for the use of SAML assertions and request response messages in communications protocols and frameworks, as well as profiles for SAML attribute value syntax and naming conventions.
|
|
|
|
|
OASIS
Standard
xri-syntax-V2.0-cs (2005)
|
Extensible Resource Identifier (XRI) Syntax V2.0
|
This document is the normative technical specification for XRI generic syntax.
|
|
|
|
|
OASIS
Standard
xri-resolution-V2.0
(2008)
|
Extensible Resource Identifier (XRI) Resolution Version 2.0
|
This document defines a simple generic format for resource description (XRDS documents), a protocol for obtaining XRDS documents from HTTP(S) URIs, and generic and trusted protocols for resolving Extensible Resource Identifiers (XRIs) using XRDS documents and HTTP(S) URIs.
|
|
|
|
|
W3C
|
|
W3C
xml:id Version 1.0
(2005)
|
xml:id Version 1.0
|
This document defines the meaning of the attribute xml:id as an ID attribute in XML documents and defines processing of this attribute to identify IDs in the absence of validation, without fetching external resources, and without relying on an internal subset.
|
|
|
|
|
I.3 Data Model
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ETSI
|
|
ETSI
Draft Technical Specification
DTS 188 002-2 V2.0.0
(2008)
|
NGN Management;SubscriptionManagement Information Model
|
The purpose of the present document is the definition of the SuM Information model which is paramount for the NGN service delivery within TISPAN NGN.
|
|
|
|
|
3GPP
|
|
3GPP
Technical Specification
TS 31.102 (2009.09)
|
Characteristics of the Universal Subscriber Identity Module (USIM) application (Release 9)
|
The present document defines the Universal Subscriber Identity Module (USIM) application. This application resides on the UICC, an IC card specified in TS 31.101.
|
|
|
|
|
3GPP
Technical Specification
TS 31.103 (2009.06)
|
Characteristics of the IP Multimedia Services Identity Module (ISIM) application (Release 8)
|
The present document defines the IM Services Identity Module (ISIM) application. This application resides on the UICC, an IC card specified in TS 31.101
|
|
|
|
|
OASIS
|
|
OASIS
Working Draft
SAML Profile (2009.12)
|
Profiles for the OASIS SecurityAssertion Markup Language (SAML)V2.0 – Errata Composite
|
The SAML V2.0 Profiles specification defines profiles for the use of SAML assertions and request response messages in communications protocols and frameworks, as well as profiles for SAML attribute value syntax and naming conventions.
|
|
|
|
|
OASIS
Working Draft
SAML Metadata (2009.12)
|
Metadata for the OASIS SecurityAssertion Markup Language (SAML) V2.0 – Errata Composite
|
The SAML V2.0 Metadata document defines an extensible metadata format for SAML system entities, organized by roles that reflect SAML profiles.
|
|
|
|
|
II. Usecases and Requirements
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 13
Recommendation
ITU-T Y.2701
|
Security requirements for NGN release 1
|
This Recommendation providessecurity requirements for Next Generation Networks (NGNs) and its interfaces (e.g., UNIs, NNIs and ANIs) by applying ITU-TRecommendation X.805, Security architecture for systems providing end-to-end communications to ITU-T Recommendation Y.2201,NGN release 1 requirements and ITU-T Recommendation Y.2012,Functional requirements and architecture of the NGN
|
The foundation for the standards work within Q.16/13
|
In force
|
NGN Specific
|
|
ITU-T SG 13
Recommendation
ITU-T Y.2702
|
Authentication and authorization requirements for NGN release 1
|
This Recommendation specifies authentication and authorization requirements for next generation networks (NGNs)
|
Based on Y.2701
|
In force
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN IdM Requirements
|
NGN identity management requirements
|
This Recommendation provides Identity Management (IdM) objectives and requirements for the Next Generation Network (NGN) and its interfaces.
|
Specifies IdM requirements based on the IdM framework of Y.2720
|
Targeted for determination in 01/2010
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN trusted SP requirements
|
NGN requirements and use cases for trusted service provider identity
|
This Recommendation provides NGN use cases and requirements for trusted identification of service providers
|
The requirements are based on the concepts of Y.2701
|
Targeted for determination in 4Q/2010
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN mobile financial requirements
|
Security requirements for mobile remote financial transactions in the next generation networks (NGN)
|
This Recommendation specifies security requirements and levels of security for the System of Mobile Commerce and Mobile Banking in the NGN
|
Based on the requirements of Y.2701 and architecture of Y.NGN mobile financial architecture
|
Targeted for determination in 2Q/2010
|
NGN mobile financial
|
|
ITU-T SG 17
Recommendation
ITU-T X.1250
|
Baseline capabilities for enhanced global identity management and interoperability
|
This Recommendation describes baseline capabilities for global identity management (IdM) interoperability (i.e., to enhance exchange and trust in the identifiers used by entities in telecommunication/information technology IT networks and services). The definitions and need for IdM are highly context dependent and often subject to very different policies and practices in different countries. The capabilities include the protection and control of personally identifiable information (PII).
|
|
Approved in Sept. 2009
|
|
|
ETSI
|
|
ETSI
Drat Technical Specification
DTS 188 002-1 V3.1.1
(2009)
|
NGN Subscription Management; Part 1: Requirements
|
The purpose of the present document is the definition of the necessary requirements for the Subscription Management (SuM) which is paramount for the NGN service delivery within TISPAN NGN. The present document contains the specification of the requirements for the following:
- An end-to-end information model to cover all the mandatory/optional information related to Subscription Management (SuM) that shall be provisioned on the NGN Network.
- A Subscription Management (SuM) functional architecture which hides the complexity of the different functional entities to be configured including the CPE and the AS.
|
|
|
|
|
OMA
|
|
OMA
OMA-RD-Identity_Management_Framework-V1_0-20050202-C
|
Identity Management Framework Requirements
|
The intention of this specification is to integrate existing efforts relating to Identity within the OMA to create a single Identity Management (IdM) enabler to be used by all OMA enablers. This specification sets requirements for all technical working groups of OMA, and all Identity Management related functions should be satisfied according to the resulting enabler. The benefits of a single Identity Management enabler for all OMA enablers are:
- Management and use of Identity or personal information is easier for all stakeholders: End Users, mobile operators, enterprises and Service Providers;
- End Users do not have the burden of having to understand different service-specific Identity solutions;
- The same Identities and personal information can be utilised by multiple services;
- Privacy protection can be enabled more easily using a common Identity Management enabler;
- The OMA will not be seen to publish specifications with disparate, conflicting Identity Management solutions;
- Identity needs are the same (or very similar) for all enablers and so, by creating a single Identity Management enabler, duplication of work is kept to a minimum;
- New enablers with Identity requirements will be able to benefit from the existing Identity Management enabler;
- Greater interoperability between enablers;
- Improved time to market for those enablers that use the Identity Management enabler.
|
|
|
Mobile network environment
|
|
III. Framework and Architecture
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 13
Recommendation
ITU-T Y.2720
|
NGN identity management framework
|
This Recommendation provides a framework for Identity Management (IdM) in Next Generation Networks (NGN). The primary purpose of this framework is to describe a structured approach for designing, defining, and implementing IdM solutions and for facilitating interoperability in a heterogeneous environment
|
Based on the requirements of Y.2701 and Y.2702 specifiesframework for IdM
|
Published
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.mobSec
|
Mobility security framework in NGN
|
This Recommendation specifies the mobility security framework in NGN transport stratum. It addresses the security requirements, security mechanisms and procedures for mobility management and control in NGN
|
Based on the requirements of Y.2701
|
Targeted for determination in 3Q/2010
|
NGN Mobile Specific
|
|
ITU-T SG 17
Draft Recommendation
X.idmgen
|
Generic identity management framework
|
This Recommendation provides a generic framework for Identity Management (IdM) that is independent of network types, technology or vendor specific products used to provide solutions, and operating environment. In addition, this Recommendation is independent of any service or scenarios specific model (e.g., web services, third party or federated models), assumptions or solution specifications. The primary purpose of this framework is to describe a structured approach for designing, defining, and implementing IdM solutions and facilitate interoperability in heterogeneous environments.
|
|
|
|
|
ITU-T SG 17
Recommendation
ITU-T X.1251
|
A framework foruser control ofdigital identity
|
This Recommendation defines a framework to enhance user control and exchange of their digital identity related information. The Recommendation also defines user and functional requirements of the digital identity information exchange. The work includes providing the user with the ability to control the release of personally identifiable information.
|
|
Approved in Sept. 2009
|
|
|
ISO/IEC
|
|
ISO/IEC
24760
|
A Framework for Identity Management
|
This standard aims to provide a framework for the definition of identity and the secure, reliable, and private management of identity information. This framework should be applicable to individuals as well as organizations of all types and sizes, in any environment and regardless of the nature of the activities they are involved in.
|
ITU-T Y.2720 “NGN identity management framework” Approved 01/09
ITU-T X.1250 “Baseline capabilities for enhanced global identity management
and interoperability” Approved 09/09
Draft ITU-T X.1252 “Baseline identity management terms and definitions
|
IS
(05-2011)
|
- In its current liaison statement to SG 13 ISO/IEC/JTC 1/SC 27/WG 5 is pointing out that there seem to be conceptual differences between concepts depicted in Y.2720 and the work of WG 5 with regard to the concepts of uniqueness and linkability.
- In its current liaison statement to SG 17 ISO/IEC/JTC 1/SC 27/WG 5 is pointing out that in X.1252 seem to be some discrepancies from the terms used within WG 5 specifically regarding the terms closely related to Identity and Context.
|
|
ISO/IEC
29146
|
A Framework for Access Management
|
Provides a framework for the definition of Access Management and the secure management of the process to access information. This framework is applicable to any kind of users, individuals as well as organizations of all types and sizes, and should be useful to organizations at any location and regardless of the nature of the activities they are involved in.
|
|
IS
(05-2012)
|
|
|
3GPP
|
|
3GPP
Technical Specification
TS 33.220 (2009.09)
|
Generic Authentication Architecture (GAA);Generic bootstrapping architecture (Release 9)
|
The present document describes the security features and a mechanism to bootstrap authentication and key agreement for application security from the 3GPP AKA mechanism. Candidate applications to use this bootstrapping mechanism include but are not restricted to subscriber certificate distribution TS 33.221.
|
|
|
|
|
3GPP
Technical Specification
TS 33.223 (2009.09)
|
Generic Bootstrapping Architecture (GBA) Push Function(Release 8)
|
The present document specifies a Push Function as a functional add-on for the Generic Authentication Architecture (GAA).
|
|
|
|
|
3GPP
Technical Specification
TS 33.919 (2008.12)
|
Generic Authentication Architecture (GAA); System description (Release 8)
|
This 3GPP Technical Report aims to give an overview of the different mechanisms that mobile applications can rely upon for authentication between server and client (i.e. the UE). Additionally it provides guidelines related to the use of GAA and to the choice of authentication mechanism in a given situation and for a given application.
|
|
|
|
|
ETSI
|
|
ETSI
Draft Technical Specification
DTS 188 002-3 V2.0.0
(2008)
|
NGN Subscription Management; Part 3: Functional Architecture
|
The purpose of the SuM Functional Architecture is the design of the NGN OSS Service Interfaces (NOSIs) needed for the management of a specific Subscriber, User, Service Profile and User Services within TISPAN NGN. The SuM Functional Architecture shall deliver the necessary NOSIs for the Resource Provisioning and Service Activation processes.
|
|
|
|
|
IV. Interface and Protocol
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
IETF
|
|
IETF
RFC 4474
(2006)
|
Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
|
The existing security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP messages.
|
|
|
|
|
IETF
RFC4484
(2006)
|
Trait-Based Authorization Requirements for the Session Initiation Protocol (SIP)
|
This document lays out a set of requirements related to trait-based authorization for the Session Initiation Protocol (SIP). While some authentication mechanisms are described in the base SIP specification, trait-based authorization provides information used to make policy decisions based on the attributes of a participant in a session. This approach provides a richer framework for authorization, as well as allows greater privacy for users of an identity system.
|
|
|
|
|
IETF
RFC 2865
(2000)
|
Remote Authentication Dial In User Service (RADIUS)
|
This document describes a protocol for carrying authentication, authorization, and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server.
|
|
|
|
|
IETF
RFC 3588
(2003)
|
Diameter Base Protocol
|
The Diameter base protocol is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. Diameter is also intended to work in both localAuthentication, Authorization & Accounting and roaming situations. This document specifies the message format, transport, error reporting, accounting and security services to be used by all Diameter applications. The Diameter base application needs to be supported by all Diameter implementations.
|
|
|
|
|
IETF
RFC 3829
(2004)
|
Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
|
This document extends the Lightweight Directory Access Protocol (LDAP) bind operation with a mechanism for requesting and returning the authorization identity it establishes. Specifically, this document defines the Authorization Identity Request and Response controls for use with the Bind operation.
|
|
|
|
|
IETF
RFC 4370
(2006)
|
Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control
|
This document defines the Lightweight Directory Access Protocol (LDAP) Proxy Authorization Control. The Proxy Authorization Control allows a client to request that an operation be processed under a provided authorization identity instead of under the current authorization identity associated with the connection.
|
|
|
|
|
IETF
RFC 4532
(2006)
|
Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
|
This specification provides a mechanism for Lightweight Directory Access Protocol (LDAP) clients to obtain the authorization identity the server has associated with the user or application entity. This mechanism is specified as an LDAP extended operation called the LDAP "Who am I?" operation.
|
|
|
|
|
IETF
RFC 4422
(2006)
|
Simple Authentication and Security Layer (SASL)
|
This document describes how a SASL mechanism is structured, describes how protocols include support for SASL, and defines the protocol for carrying a data security layer over a connection. In addition, this document defines one SASL mechanism, the EXTERNAL mechanism.
|
|
|
|
|
IETF
RFC 4505
(2006)
|
Anonymous Simple Authentication and Security Layer (SASL) Mechanism
|
This document defines an anonymous mechanism for the Simple Authentication and Security Layer ([SASL]) framework. The name associated with this mechanism is "ANONYMOUS".
|
|
|
|
|
IETF
RFC 3798
(2004)
|
Extensible Authentication Protocol (EAP)
|
This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods.
|
|
|
|
|
IETF
RFC 5247
(2008)
|
Extensible Authentication Protocol (EAP) Key Management Framework
|
This document specifies the EAP key hierarchy and provides a framework for the transport and usage of keying material and parameters generated by EAP authentication algorithms, known as "methods". It also provides a detailed system-level security analysis, describing the conditions under which the key management guidelines described in RFC 4962 can be satisfied.
|
|
|
|
|
IETF
RFC 3893
(2004)
|
Session Initiation Protocol (SIP) Authenticated Identity Body (AIB) Format
|
This document provides a more specific mechanism to derive integrity and authentication properties from an 'authenticated identity body', a digitally-signed SIP message, or message fragment. A standard format for such bodies (known as Authenticated Identity Bodies, or AIBs) is given in this document.
|
|
|
|
|
IETF
draft
draft-ietf-oauth-authentication-01
(2009)
|
The OAuth Protocol: Authentication
|
This document specifies the OAuth protocol authentication method. OAuth allows clients to access server resources on behalf of another party (such a different client or an end user). This document defines an HTTP authentication method which supports the ability to include two sets of credential with each request, one identifying the client and another identifying the resource owner on whose behalf the request is made.
|
|
|
|
|
IETF
draft
draft-ietf-oauth-web-delegation-01
(2009)
|
The OAuth Protocol: Web Delegation
|
This document specifies the OAuth protocol web delegation method. OAuth allows clients to access server resources on behalf of another party (such a different client or an end user). This document defines a redirection-based user-agent process for end users to authorize access to clients by substituting their credentials (typically, a username and password pair) with a different set of delegation-specific credentials.
|
|
|
|
|
IETF
draft
draft-ietf-keyprov-dskpp-09
(2009)
|
Dynamic Symmetric Key Provisioning Protocol (DSKPP)
|
DSKPP is a client-server protocol for initialization (and configuration) of symmetric keys to locally and remotely accessible cryptographic modules. This draft deals with how symmetric key based authentication credentials are provisioned (and connected with an existing identity), especially in the context of one-time password tokens.
|
|
|
|
|
3GPP
|
|
3GPP
Technical Specification
TS 33.222
(2008.06)
|
Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)(Release 8)
|
The present document specifies secure access methods to Network Application Functions (NAF) using HTTP over TLS in the Generic Authentication Architecture (GAA), and provides Stage 2 security requirements, principles and procedures for the access. The present document describes both direct access to an Application Server (AS) and access to an Application Server through an Authentication Proxy (AP).
|
|
|
|
|
3GPP
Technical Specification
TS 24.109
(2009.06)
|
Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details (Release 8)
|
The present document defines stage 3 for the HTTP Digest AKAbased implementation of Ub interface (UE-BSF), the Disposable-Ks model based implementation of Upa interface (NAF-UE) and the HTTP Digest and the PSK TLS based implementation of bootstrapped security association usage over Ua interface (UE-NAF) in Generic Authentication Architecture (GAA).
|
|
|
|
|
3GPP
Technical Specification
TS 29.109
(2009.09)
|
Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3(Release 9)
|
The present stage 3 specification defines the Diameter based implementation for bootstrapping Zh interface (BSF-HSS) and Dz interface (BSF-SLF) for HSS resolution for the BSF, the MAP based implementation for bootstrapping Zh' interface (BSF-HLR) and GAA Application Zn interface (BSF-NAF) in Generic Authentication Architecture (GAA). This specification also defines the Web Services based implementation for GAA Application Zn reference point (BSF-NAF). The definition contains procedures, message contents and coding. The procedures for bootstrapping and usage of bootstrapped security association are defined in 3GPP TS 33.220.
|
|
|
|
|
3GPP
Technical Specification
TS 33.221
(2008.12)
|
Generic Authentication Architecture (GAA); Support for subscriber certificates (Release 8)
|
The present document describes subscriber certificate distribution by means of generic bootstrapping architecture (GBA) TS 33.220. Subscriber certificates support services whose provision the mobile operator assists, as well as services that are offered by the mobile operator.
The scope of this specification presents signalling procedures for support of issuing certificates to subscribers and the standard format of certificates and digital signatures.
|
|
|
|
|
3GPP
Technical Specification
TS 33.222
(2008.06)
|
Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS) (Release 8)
|
The present document specifies secure access methods to Network Application Functions (NAF) using HTTP over TLS in the Generic Authentication Architecture (GAA), and provides Stage 2 security requirements, principles and procedures for the access. The present document describes both direct access to an Application Server (AS) and access to an Application Server through an Authentication Proxy (AP).
|
|
|
|
|
OASIS
|
|
OASIS
Standard
SAML Core
(2005)
|
Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0
|
This specification defines the syntax and semantics for XML-encoded assertions aboutauthentication, attributes, and authorization, and for the protocols that convey this information.
|
|
|
|
|
OASIS
Working Draft
SAML Bindings
(2009.12)
|
Bindings for the OASIS SecurityAssertion Markup Language (SAML)V2.0 – Errata Composite
|
The SAML V2.0 Bindings specification defines protocol bindings for the use of SAML assertions and request-response messages in communications protocols and frameworks.
|
|
|
|
|
OASIS
Working Draft
SAML Conformance Requirements
(2009.12)
|
Conformance Requirements for the OASIS Security Assertion MarkupLanguage (SAML) V2.0 – ErrataComposite
|
The SAML V2.0 Conformance specification provides the technical requirements for SAML V2.0conformance and specifies the entire set of documents comprising SAML V2.0.
|
|
|
|
|
OASIS
Standard
SAML Authentication Context
(2005.03)
|
Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0
|
This specification defines a syntax for the definition of authentication context declarations and an initial list of authentication context classes for use with SAML.
|
|
|
|
|
V. Security Issues
|
|
V.1 Security Technology and Mechanisms
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 17
Recommendation
ITU-T X.509
|
Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks
|
ITU-T Recommendation X.509 | ISO/IEC 9594-8 defines a framework for public-key certificates and attribute certificates. These frameworks may be used by other standards bodies to profile their application to Public Key Infrastructures (PKI) and Privilege Management Infrastructures (PMI). Also, this Recommendation | International Standard defines a framework for the provision of authentication services by Directory to its users. It describes two levels of authentication: simple authentication, using a password as a verification of claimed identity; and strong authentication, involving credentials formed using cryptographic techniques. While simple authentication offers some limited protection against unauthorized access, only strong authentication should be used as the basis for providing secure services.
|
ISO/IEC 9594-8
|
Published
|
|
|
ITU-T SG 13
Recommendation
ITU-T Y.2703
|
The application of AAA service in NGN
|
This Recommendation provides an application of authentication, authorization and accounting (AAA) for NGN release 1
|
Specifies AAA based on the recommendations of Y.2701 and Y.2702
|
Published
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
ITU-T Y.2704
|
NGN security mechanisms and procedures
|
This Recommendation describes security mechanisms that can be used to fulfill the requirements described in Y.2701, Security requirements for NGN release 1,and specifies a suite of options for a mechanism if that particular mechanism is selected
|
Specifies security mechanisms in support of the requirements of Y.2701
|
Determined at 09/2009 meeting of SG 13
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN Certificate Management
|
Certificate management
|
This Recommendation defines the procedures for managing X.509 certificates used for NGN security
|
Specifies management of the X.509 certificates in support of the requirements of Y.2720
|
Targeted for determination in 4Q/2010
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN IdM Mechanisms
|
NGN identity management mechanisms
|
This Recommendation describes the specific IdM mechanisms andsuites of options that should be used to meet the requirements specified in Y.NGN IdM Requirements
|
Specifies mechanisms in support of the requirements of Y.NGN IdM Requirements
|
Targeted for determination in 3Q/2010
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN mobile financial architecture
|
Architecture of secure mobile financial transactions in the next generation networks (NGN)
|
This Recommendation specifies the general architecture of the security solution for mobile commerce and mobile banking
|
Serves as a base for deriving the requirements of Y.NGN mobile financial requirements
|
Targeted for determination in 2Q/2010
|
NGN Specific
|
|
ITU-T SG 13
Draft Recommendation
Y.NGN Sec. Risk
|
Security risk assessment in NGN
|
This Recommendation specifies the security risk assessment in NGN. It addresses the security requirements, architecture and procedures for security riskassessment and control in NGN.
|
The document is based on the concepts of Y.2701
|
Targeted for determination in 2011
|
NGN Specific
|
|
ITU-T SG 17
Draft Recommendation
X.eaa
|
Information technology – Security techniques – Entity authentication assurance
|
This Recommendation International Standard addresses: methods for authentication; enables organizations to be better informed when making appropriate authentication design decisionsthrough the assignment of objective and consistent solutions to the various components ofauthentication; and provides guidelines for levels of assurance.
|
ISO/IEC WD 29115
(2009.07)
|
|
|
|
ITU-T SG17
Draft Recommendation
X.sap-4
|
The general framework of strong authentication on multiple authentication authorities environment
|
This Recommendation provides the general framework of strong authentication on multiple authentication authorities (AAs) environment for service provider to achieve strong authentication like multi-factor authentication. The framework in this Recommendation describes models, basic operations and security requirements against each model components and each messages between model components to keep the total assurance of authentication in case of the combination of multiple AAs. In addition, the framework also describes models, basic operations and security requirements to support the authentication service that manages combination of multiple AAs.
|
|
|
|
|
ETSI(Need to be supplemented)
|
|
|
|
|
|
|
|
|
IETF
|
|
IETF
RFC 4158
(2005)
|
Internet X.509 Public Key Infrastructure:Certification PathBuilding
|
This document provides guidance and recommendations to developers building X.509 public-key certification paths within their applications. By following the guidance and recommendations defined in this document, an application developer is more likely to develop a robust X.509 certificate-enabled application that can build valid certification paths across a wide range of PKI environments.
|
ITU-T X.509
|
|
|
|
IETF
RFC 3156
(2001)
|
MIME Security with OpenPGP
|
This document describes how the OpenPGP Message Format can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847.
|
|
|
|
|
IETF
RFC 4158
(2005)
|
Internet X.509 Public Key Infrastructure:Certification PathBuilding
|
This document provides guidance and recommendations to developers building X.509 public-key certification paths within their applications.
|
|
|
|
|
W3C
|
|
W3C
XML Signature Recommendations
(2008)
|
XML Signature Syntax and Processing (Second Edition)
|
This document specifies XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.
|
|
|
|
|
W3C
XML Encryption Recommendations
(2002)
|
XML Encryption Syntax and Processing
|
This document specifies a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it.
|
|
|
|
|
W3C
XML Key Management Specification (XKMS)
(2001)
|
XML Key Management Specification (XKMS)
|
This document specifies protocols for distributing and registering public keys, suitable for a client to obtain key information (values, certificates, management or trust data) from a web service.
|
|
|
|
|
V.2 Privacy Management
|
|
ITU-T
|
|
ITU-T SG 17
Draft Recommendation
X.priva
|
Criteria for assessing the level of protection for personally identifiable information in identity management
|
This Recommendation defines the criteria for assessing the level of protection for personally identifiable information (PII) of the identity provider and the relying party concerned in identity service, depending on the protection for personally identifiable information requested by them to the requesting/asserting party, and the type and use purpose of PII and maintain period of PII, as well as the technical and administrative measures for protection for PII.
|
|
Planned for determination in 2011
|
|
|
ITU-T SG 17
Draft Recommendation
ITU-T X.1275
|
Guidelines on protection of personally identifiable information in the application of RFID technology
|
This Recommendation recognizes that as RFID greatly facilitates the access and dispersion of information pertaining specifically to the merchandise that individuals wear and/or carry; it creates an opportunity for the same information to be abused for tracking an individual's location or invading their privacy in a malfeasant manner. For this reason the Recommendation develops guidelines and best practices regarding RFID procedures that can be used by service providers to gain the benefits of RFID while attempting to protect the privacy rights of the general public within national policies.
|
|
Determined in Sept. 2009
|
|
|
ISO/IEC
|
|
ISO/IEC
29100
|
Privacy Framework
|
This International Standard provides a framework for defining privacy control requirements related to personally identifiable information within an information and communication technology environment. This International Standard is designed for those individuals who are involved in specifying, procuring, architecting, designing, developing, testing, administering and operating ICT systems.
|
|
IS
(11-2011)
|
|
|
ISO/IEC
29190
|
A Privacy Capability Maturity Model
|
Provides guidance to organizations for assessing how mature they are with respect to their processes for collecting, using, disclosing, retaining and disposing of personal information. The document may also be used by third parties for the purpose of maturity assessment. This document also provides guidance to the use of group signatures for data minimization and user convenience.
|
|
IS
(11-2012)
|
|
|
ISO/IEC
29101
|
Privacy Reference Architecture
|
This International Standard provides a reference architecture that guides in the implementation of controls associated with a privacy framework to ensure the proper handling of personal identifiable information within an information and communication technology environment.
|
|
IS
(05-2011)
|
|
|
ISO/IEC
29115
|
Entity Authentication Assurance
|
This Recommendation | International Standard provides a life cycle framework for the assurance of an entity’s identities in given contexts which include:
•Processes and procedures for enrollment, proofing, vetting, issuance, credentialing, management, usage, auditing, and revocation of an identity;
•Guidelines for the evaluation of the strength of an authentication of identity;
•the basis for a set of identity authentication assurance measures that are general and applicable to the entire entity’s identity life cycle.
|
ITU-T, X.eaa
|
IS
(11-2011)
|
Common text project with ITU-T
|
|
ISO/IEC
29191
|
Requirements on relative anonymity with identity escrow
|
Defines requirements on relative anonymity with identity escrow based on the model of authentication and authorization using group signature techniques. It allows the users to control their anonymity within a group of registered users by choosing designated escrow agents.
|
|
IS
(11-2012)
|
|
|
ISO/IEC
24745
|
Biometric template protection
|
The following topics are within the scope of this International Standard:
- Biometric template generation mechanisms which meet the requirements.
- The raw biometric data should not be recoverable so that a third party can not guess the original biometric data from the template.
- The generated template from the raw data should be changeable so that the different template can be generated when it is exposed.
- Biometric template use but not in detail. Item considered out of scope and not addressed in this Standard include:
- Usage of biometric template for detail.
This International Standard focuses on the privacy issue of biometric template.
|
|
IS
(11-2010)
|
|
|
ISO/IEC
24761
2009-05-15
1stEdition
|
Authentication on context for biometrics
|
This document defines the structure and the data elements of Authentication Context for Biometrics (ACBio), by which the service provider (verifier) can judge whether the biometric verification result is acceptable or not.
|
|
1stPre Review in 2012
|
|
|
OASIS
|
|
OASIS
Standard
Security and Privacy Considerations
(2005.03)
|
Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0
|
This non-normative specification describes and analyzes the security and privacy properties ofSAML.
|
|
|
|
|
VI. Interoperability Issues
|
|
VI.1 Data Model and Interface
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 17
Draft Recommendation
X.idm-dm
|
Common identity data model
|
This Recommendation specifies a common data model for identity data that could be used to express identity related information among IdM systems
|
|
Planned for determination in Dec. 2010
|
|
|
Liberty Alliance
|
|
Liberty Alliance
Liberty Alliance ID-SIS 1.0 Specifications
|
Liberty ID-SIS Geolocation Service Specific V1.0
|
The Liberty ID-SIS Geolocation (ID-SIS-GL) defines a web service. It offers geolocation information regarding a Principal. ID-SIS-GL is an instance of a data oriented identity web service. ID-SIS-GL is using the Liberty ID-WSF Data Services Template and readers of this document should be familiar with that as well as the rest of the Liberty ID-WSF framework. The geolocation related data is mostly from the Mobile Location Protocol version 3.1 specified by the Open Mobile Alliance and readers should be familiar with that also.
|
|
|
|
|
Liberty ID-SIS Directory Access Protocol Specification V1.0
|
Describes a web service offering directory information as an instance of a data-oriented identity web service, based on the Liberty ID-WSF Data Services Template.
|
|
|
|
|
Liberty ID-SIS Content SMS and MMS Specification V1.0
|
Describes a web service that layers the ID-WSF 1.1 framework on MM7 to add identity-based invocation and addressing.
|
|
|
|
|
Liberty ID-SIS Personal Profile Service Specification V1.1
|
Describes a web service that provides a Principal's basic profile information, such as their contact details, or name.
|
|
|
|
|
Liberty ID-SIS Employee Profile Service Specification V1.1
|
Describes a web service that provides a Employee's basic profile information, such as their contact details, or name.
|
|
|
|
|
Liberty ID-SIS Contact Book Service Specification V1.0
|
Specifies a web identity service that allows a Principal to manage contacts for private and business acquaintances, friends, family members, and even for the Principal.
|
|
|
|
|
VI.2 Framework and Architecture
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 17
Draft Recommendation
X.idm-ifa
|
Framework architecture for interoperable identity management systems
|
This Recommendation proposes a blueprint for a modular framework architecture for identity management systems. The architecture is expected to serve as a reference while discussing, designing and developing future interoperable identity management (IdM) systems. The architecture is intended to be generic in order to satisfy versatile requirements of user-centric, network-centric and service-centric IdM systems.
|
|
Planned for determination in 2011
|
|
|
3GPP
|
|
3GPP
Technical Report
TR 33.980 (2008.12)
|
Liberty Alliance and 3GPP security interworking; Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Architecture (GAA) (Release 8)
|
The present document provides guidelines on the interworking of the Generic Authentication Architecture (GAA) and the Liberty Alliance architecture. The document studies the details of possible interworking methods between the Security Assertion Markup Language v2.0, SAML v2.0 (or alternatively the Liberty Alliance Identity Federation Framework, ID-FF), the Identity Web Services Framework (ID-WSF) , the Security Assertion Markup Language (SAML) and a component of GAA called the Generic Bootstrapping Architecture (GBA). This document only applies if Liberty Alliance and GBA or SAML v2.0 and GBA are used in combination.
|
|
|
|
|
3GPP
Technical Specification
TS 33.328
|
Identity Management and 3GPP Security Interworking; Identity Management and Generic Authentication Architecture (GAA) Interworking
(Release 9)
|
The objective is to extend the current identity management as outlined in TS 33.220, TS 33.222, TS 29.109 and TR 33.980 with the latest developments on identity management outside of the 3GPP sphere. This will allow a better integration and usage of identity management for services in 3GPP and seamless integration with existing services that are not standardized in 3GPP. This report outlines the interworking of GBA and OpenID.
|
|
|
|
|
Liberty Alliance
|
|
Liberty Alliance
Liberty Alliance Identity Assurance Framework (IAF) 1.1 Specification
|
Liberty AllianceIdentity Assurance Framework (IAF) 1.1 Specification
|
Liberty Alliance formed the Identity Assurance Expert Group (IAEG) to foster adoption of identity trust services. The goal is to facilitate trusted identity federation and to promote uniformity and interoperability amongst identity service providers, with a specific focus on the level of trust, or assurance, associated with identity assertions.
|
|
|
|
|
Liberty Alliance
Liberty Alliance ID-FF 1.2 Specifications
|
Liberty ID-FF Architecture Overview V1.2
|
This document presents an overview of the Liberty Identity Federation Framework (ID-FF), which offers a viable approach for implementing such a single sign-on with federated identities. This overview first summarizes federated network identity, describes two key Liberty ID-FF user experience scenarios, summarizes the ID-FF engineering requirements and security framework, and then provides a discussion of the Liberty ID-FF architecture.
|
|
|
|
|
Liberty ID-FF Bindings and Profiles Specification V1.2
|
This specification defines the bindings and profiles of the Libertyprotocols and messages to HTTP-based communication frameworks. This specification relies on the SAML core framework in SAML Core V1.1 and makes use of adaptations of the SAML profiles in SAML Bindings V1.1.
|
|
|
|
|
Liberty ID-FF Protocols and Schema Specification V1.2
|
This specification defines a core set of protocols that collectively provide a solution for identity federation management, cross-domain authentication, and session management. This specification contains the core protocols and schema for Liberty identity federation. The reader is presumed to be generally familiar with the SAML specifications.
|
|
|
|
|
Liberty ID-FF Guidelines V1.2
|
This document defines some recommended implementation guidelines for implementors of Liberty-based services.
|
|
|
|
|
Liberty ID-FF 1.2 Static Conformance Requirements V1.0
|
Static conformance requirements (SCR) describe features that are mandatory and optional for implementations conforming to the Liberty Alliance Identity Federation Framework Specifications (ID-FF version 1.2). This document defines these requirements.
|
|
|
|
|
VI. 3 Technology and Mechanisms
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
ITU-T
|
|
ITU-T SG 17
Draft Recommendation
X.giim
|
Generic identity management interoperability mechanisms
|
This Recommendation defines mechanisms to support interoperability across different IdM services. Consider current IdM approaches. This Recommendation describes the similarity and commonality of the different models while interoperating across domain boundaries.
|
|
|
Across different IdM systems
|
|
ITU-T SG 17
Draft Recommendation
X.authi
|
Authentication integration in identity management
|
This Recommendation provides a guideline for the telecom operators to implement the authentication integration of the network layer and the service layer, so that a user needn't to be re-authenticated again in the service layer if (s)he has been strictly authenticated when access the operator's network.
|
|
|
Across different layers
|
|
OASIS
|
|
OASIS
Standard
IMI1.0
(2009.07)
|
Identity Metasystem Interoperability
|
This document is intended for developers and architects who wish to design identity systems and applications that interoperate using the Identity Metasystem Interoperability specification.
|
|
|
Identity metasystem interoperability
|
|
IETF
|
|
IETF
RFC 5056
(2007)
|
On the Use of Channel Bindings to Secure Channels
|
The concept of channel binding allows applications to establish that the two end-points of a secure channel at one network layer are the same as at a higher layer by binding authentication at the higher layer to the channel at the lower layer. This allows applications to delegate session protection to lower layers, which has various performance benefits. This document discusses and formalizes the concept of channel binding to secure channels.
|
|
|
Different layers
|
|
VI.4 Identity-based Web Services
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
Liberty Alliance
Liberty Alliance ID-WSF 2.0 Specifications
|
Liberty ID-WSF Security & Privacy Overview V1.0
|
Provides an overview of the security and privacy issues in ID-WSF technology and briefly explains potential security and privacy ramifications of the technology used in ID-WSF. It is assumed that the audience is familiar with the Liberty Identity Federation Framework.
|
|
|
|
|
Liberty ID-WSF Discovery Service Specification V2.0
|
Describes protocols and schema for the description and discovery of ID-WSF identity services.
|
|
|
|
|
Liberty ID-WSF SOAP Binding Specification V2.0
|
Defines the Liberty Identity Web Services Framework (ID-WSF) SOAP binding. It specifies simple SOAP message correlation, consent claims, and usage directives.
|
|
|
|
|
Liberty ID-WSF Security Mechanisms Specification V2.0
|
Specifies security mechanisms that protect identity services.
|
|
|
|
|
Liberty ID-WSF Interaction Service Specification V2.0
|
Specifies an identity service that allows providers to pose simple questions to a Principal.
|
|
|
|
|
Liberty ID-WSF 2.0 Static Conformance Requirements V2.0
|
Defines what features are mandatory and optional for implementations conforming to this version of the Liberty Alliance Specifications.
|
|
|
|
|
Liberty ID-WSF Data Services Template Specification V2.1
|
Provides protocols for the querying and modifying of data attributes when implementing a data service using the Liberty Identity Web Services Framework (ID-WSF).
|
|
|
|
|
Liberty ID-WSF Architecture Overview V2.0
|
This primer is a non-normative document intended to provide an overview of the relevant features of the Liberty ID-WSF Version 2.0 Specifications.
|
|
|
|
|
Liberty ID-WSF Client Profiles Specification V2.0
|
Specifies profiles for some cases where a client performs an active role in such transactions, other than performing the functions of a standard browser.
|
|
|
|
|
Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification V2.0
|
Defines a SASL-based ID-WSF Authentication Protocol, along with an ID-WSF Authentication Service and ID-WSF Single Sign-On Service, based on the Authentication Protocol.
|
|
|
|
|
Liberty ID-WSF People Service Specification V1.0
|
Defines a secure, privacy-respecting access service by one user to another's identity information.
|
|
|
|
|
Liberty ID-WSF Subscriptions and Notifications Specification V1.0
|
Provides protocols for subscription and notification.
|
|
|
|
|
VII. Deployment and Application
|
|
VII.1 Internet Application
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
OpenID
|
|
OpenID
OpenID Authentication 2.0
|
|
OpenID Authentication provides a way to prove that an end user controls an Identifier. It does this without the Relying Party needing access to end user credentials such as a password or to other sensitive information such as an email address.
|
|
|
|
|
OpenID
OpenID Attribute Exchange 1.0
|
|
OpenID Attribute Exchange is an OpenID service extension for exchanging identity information between endpoints. Messages for retrieval and storage of identity information are provided.
|
|
|
|
|
OpenID
OpenID Simple Registration Extension 1.0
|
|
OpenID Simple Registation is an extension to the OpenID Authentication protocol that allows for very light-weight profile exchange. It is designed to pass eight commonly requested pieces of information when an End User goes to register a new account with a web service.
|
|
|
|
|
OpenID
OpenID Provider Authentication Policy Extension 1.0
|
|
This extension to the OpenID Authentication protocol provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User. This extension also provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant or multi-factor authentication method.
This extension also provides a mechanism by which a Relying Party can request that the OpenID Provider communicate the levels of authentication used, as defined within one or more sets of requested custom Assurance Levels, and for the OpenID Provider to communicate the levels used.
|
|
|
|
|
OpenID
OpenID User Interface Extension 1.0 - DRAFT 0.4
|
|
This specification defines a mechanism to support OpenID user interfaces optimized for different environments and languages.
|
|
|
|
|
OpenID
OpenID Trust Exchange Extension 1.0 - Draft 1
|
|
This extension to the OpenID Authentication protocol enables arbitrary parties to negotiate and create the mutually digitally signed legally binding "contract" that include the purpose and terms of use of the data being transfered from a party to another based on this contract. The digital signagure used is public key cryptography based so that it will give "non-repudiation" in addition to "confidentiality" and "integrity".
Also, this protocol extension aims to be "mobile friendly" by being very light weight on the indirect communication and most transaction happening as the direct communications.
|
|
|
|
|
OpenID
OpenID OAuth Extension
|
|
This draft describes a mechanism to combine an OpenID authentication request with the approval of an OAuth request token.
|
|
|
|
|
OpenID
Services and Metadata Discovery
|
|
OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration.
|
XRD 1.0 spec, being drafted by the OASIS XRI TC
|
|
|
|
Information Cards
|
|
CardSpace(Need to be supplemented)
|
|
|
|
|
|
|
|
|
Higgins
|
|
|
Higgins
|
A framework that will enable users and enterprises to integrate identity, profile, and relationship information across multiple systems. Using context providers, existing and new systems such as directories, collaboration spaces, and communications technologies (e.g. Microsoft/IBM WS-*, LDAP, email, IM, etc.) can be plugged into the Higgins framework. Applications written to the Higgins API can virtually integrate the identity, profile, and relationship information across these heterogeneous systems. A design goal is that Higgins be useful in the development of applications accessed through browsers, rich clients, and web services. Our intent is to define the Higgins framework in terms of service descriptions, messages and port types consistent with an SOA model and to develop a Java binding and implementation as an initial reference.
|
|
|
|
|
OASIS
|
|
New Technical Committee established
|
Identity in the Clouds
|
The purpose of the TC is to harmonize definitions/terminologies/vocabulary of Identity in the context of Cloud Computing. The work will define use cases and profiles to identify gaps in existing Identity Management standards as they apply in the cloud.
The TC may identify existing definitions, terminologies and vocabulary of Identity in the context of Cloud Computing for harmonizing the definitions, terminologies and vocabulary as the TC determines.
The TC may define use cases for Identity in the Clouds.
The TC may define profiles of existing interoperability protocols and formats for usage of Identity in the Clouds, based on the identified use cases. Profiles are subsets of specifications and combinations of such subsets.
The TC may identify gaps in existing Identity Management interoperability protocols and formats standards at OASIS and other standards bodies and utilize the OASIS liaison process for communicating the gaps.
In all of its work, the TC should, to the extent feasible, prefer widely implementable, widely interoperable, modular standards, extensions, profiles and methods that permit use by a variety of participants.
The TC will build on and use existing standards and specifications when possible.
|
|
|
Identity and Cloud Comput-ing
|
|
VII.2 Social Service
|
|
Type (standard, work in progress…)
|
Title of the (draft) standard
|
Summary of the (draft) standard
|
Relationship with other (draft) standards
|
Status and milestones
|
Remarks
|
|
EU eIDM
|
|
FIDIS
|
Future of Identity in the Information Society
|
Future of Identity in the Information Society is a NoE (Network of Excellence) supported by the European Union. FIDIS objectives are shaping the requirements for the future management of identity in the EIS and contributing to the technologies and infrastructures needed.
|
|
|
Future Network
|
|
STORK
|
Secure Identity Across Borders Linked
|
STORK (Secure identity across borders linked) will enable businesses, citizens and government employees to use their national electronic identities in any member state.
STORK aims to simplify administrative formalities by providing online access to public services across EU borders. STORK’s objectives are to:
Define common rules and specifications to assist mutual recognition of eIDs across national borders;
Test in real life environments, secure and easy-to-use eID solutions for citizens and businesses;
Interact with other EU initiatives to maximize the usefulness of eID services.
|
|
|
eGov
|
|
IDABC
|
|
IDABC stands for Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens. It uses the opportunities offered by information and communication technologies to encourage and support the delivery of cross-border public sector services to citizens and enterprises in Europe, to improve efficiency and collaboration between European public administrations and to contribute to making Europe an attractive place to live, work and invest.
|
|
|
eGov
|
|
GUIDE
|
Government User IDentity for Europe- creating an European standard for interoperable and secure identity management architecture for eGovernment
|
GUIDE is conducting research and technological development with the aim of creating architecture for secure and interoperable e-government electronic identity services and transactions for Europe. The project's approach is multi-disciplinary and includes technology, procedural and policy development across Europe. GUIDE consists of 23 organizations from 13 countries. There are many documents created by GUIDE, for example:
Identity Interoperability Services Report: Core Services Descriptions - the purpose of this document is to identify the full set of ‘core’ services that GUIDE should specify in order to achieve the required objective of creating a Pan-European architecture for identity interoperability.(IST-2003-507498)
|
|
|
eGov
|
|
TURBINE
|
Trusted revocable biometric identities
|
TURBINE (TrUsted Revocable Biometric IdeNtitiEs) is a research project awarded 6.3 Million Euro funding by the European Union under the Seventh Framework Programme (FP7) for Research and Technology Development.
TURBINE aims at defining, developing and demonstrating that fingerprint biometrics can be used in identity management systems for increasing the security while preserving at the same time privacy. The researched identity management solution will provide for the creation and verification of secure multiple identities (pseudo-identities), based on fingerprint protected templates, with the capability to revoke and renew such identity based on the same fingerprint in case of need.
|
|
|
ebanking, eGovernment, eHealth, physical access control, and mobile telecommunications
|
|
PRIMELIFE
|
Privacy and identity management in Europe for life
|
PrimeLife will address the core privacy and trust issues pertaining to the aforementioned challenges. Its long-term vision is to counter the trend to life-long personal data trails without compromising on functionality. It will build upon and expand the FP6 project Prime that has shown how privacy technologies can enable citizens to execute their legal rights to control personal information in on-line transactions. The main objective of the project is to bring sustainable privacy and identity management to future networks and services:
Fundamentally understand privacy-enhancing identity management ‘for life' (practical life, throughout life & beyond)
Bring Privacy to the Web and its Applications
Develop and make tools for privacy friendly identity management widely available -privacy live!
|
|
|
privacy
|
|
PICOS
|
Privacy and identity management for community services
|
With the emergence of services for professional and private on-line collaboration via the Internet, many European citizens spend work and leisure time in on-line communities. Users consciously leave private information; they may also leave personalized traces they are unaware of. PICOS will develop and build a state-of-the-art platform for providing the trust, privacy and identity management aspects of community services and applications on the Internet and in mobile communication networks.
|
|
|
Privacy
|
|
SWIFT
|
Secure widespread identities for federated Telecommunications
|
Identity Management is considered key to private, legal and business transactions as in the European eIDM2010. IdM frameworks are however currently confined to the web services domain. SWIFT goes beyond this by including user centricity and network operators as additional interdependent domains with IdM at the core.
This new view of user centricity provides a novel perspective: Identity as central for legal, business and network development trends. To enable this vision, SWIFT aims to build a cross-layer identity framework with emphasis on networks and services using identity also as key enabler to convergence.
|
|
|
Telecom.
|
|
OpenID & Infocard
|
|
Open Trust Government Framework
|
|
To bring open identity technologies and open government together, the OpenID Foundation and the Information Card Foundation are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.
|
|
|
eGov
|
|
Kantara Initiative(Need to be supplemented)
|
|
|
|
|
|
|
|