ATIS 1000035-2009 Next Generation Network (NGN) Identity Management (IdM) Framework.pdf

1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-1000035.2009(R2014) Next Generation Network (NGN) Identify Management (IdM) Framework As a leading technology and solutions development organization, ATIS brings together the top global ICT companies to advance the industrys most-pressing busin

2、ess priorities. Through ATIS committees and forums, nearly 200 companies address cloud services, device solutions, emergency services, M2M communications, cyber security, ehealth, network evolution, quality of service, billing support, operations, and more. These priorities follow a fast-track devel

3、opment lifecycle from design and innovation through solutions that include standards, specifications, requirements, business use cases, software toolkits, and interoperability testing. ATIS is accredited by the American National Standards Institute (ANSI). ATIS is the North American Organizational P

4、artner for the 3rd Generation Partnership Project (3GPP), a founding Partner of oneM2M, a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more infor

5、mation, visit . AMERICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of

6、 Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made to

7、wards their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the

8、standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the

9、American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American Nationa

10、l Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Notice of Disclaimer & Limitatio

11、n of Liability The information provided in this document is directed solely to professionals who have the appropriate degree of experience to understand and interpret its contents in accordance with generally accepted engineering or other professional standards and applicable regulations. No recomme

12、ndation as to products or vendors is made or should be implied. NO REPRESENTATION OR WARRANTY IS MADE THAT THE INFORMATION IS TECHNICALLY ACCURATE OR SUFFICIENT OR CONFORMS TO ANY STATUTE, GOVERNMENTAL RULE OR REGULATION, AND FURTHER, NO REPRESENTATION OR WARRANTY IS MADE OFMERCHANTABILITY OR FITNES

13、S FOR ANY PARTICULAR PURPOSE OR AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. ATIS SHALL NOT BE LIABLE, BEYOND THE AMOUNT OF ANY SUM RECEIVED IN PAYMENT BY ATIS FOR THIS DOCUMENT, AND IN NO EVENT SHALL ATIS BE LIABLE FOR LOST PROFITS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES. ATIS EXPRESS

14、LY ADVISES THAT ANY AND ALL USE OF OR RELIANCE UPON THE INFORMATION PROVIDED IN THIS DOCUMENT IS AT THE RISK OF THE USER. NOTE - The users attention is called to the possibility that compliance with this standard may require use of an invention covered by patent rights. By publication of this standa

15、rd, no position is taken with respect to whether use of an invention covered by patent rights will be required, and if any such use is required no position is taken regarding the validity of this claim or any patent rights in connection therewith. Please refer to http:/www.atis.org/legal/patentinfo.

16、asp to determine if any statement has been filed by a patent holder indicating a willingness to grant a license either without compensation or on reasonable and non-discriminatory terms and conditions to applicants desiring to obtain a license. ATIS-1000035.2009(R2014), Next Generation Network (NGN)

17、 Identity Management (IdM) Framework Is an American National Standard developed by the Cybersecurity (CSEC) Subcommittee under the ATIS Packet Technologies and Systems Committee (PTSC). Published by Alliance for Telecommunications Industry Solutions 1200 G Street, NW, Suite 500 Washington, DC 20005

18、Copyright 2014 by Alliance for Telecommunications Industry Solutions All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission of the publisher. For information contact ATIS at 202.628.6380. AT

19、IS is online at . ATIS-1000035.2009 American National Standard for Telecommunications NEXT GENERATION NETWORK (NGN) IDENTITY MANAGEMENT (IDM) FRAMEWORK Alliance for Telecommunications Industry Solutions Approved May 5, 2009 American National Standards Institute, Inc. Abstract This standard provides

20、a framework for Identity Management (IdM) in NGN. The primary purpose of this framework is to describe a structured approach for designing, defining, and implementing IdM solutions and facilitate interoperability in heterogeneous environment. ATIS-1000035.2009 ii Foreword The information contained i

21、n this Foreword is not part of this American National Standard (ANS) and has not been processed in accordance with ANSIs requirements for an ANS. As such, this Foreword may contain material that has not been subjected to public review or a consensus process. In addition, it does not contain requirem

22、ents necessary for conformance to the Standard. The Alliance for Telecommunication Industry Solutions (ATIS) serves the public through improved understanding between providers, customers, and manufacturers. The Packet Technologies and Systems Committee (PTSC) develops and recommends standards and te

23、chnical reports related to services, architectures, and signaling, in addition to related subjects under consideration in other North American and international standards bodies. PTSC coordinates and develops standards and technical reports relevant to telecommunications networks in the U.S., review

24、s and prepares contributions on such matters for submission to U.S. ITU-T and U.S. ITU-R Study Groups or other standards organizations, and reviews for acceptability or per contra the positions of other countries in related standards development and takes or recommends appropriate actions. ANSI guid

25、elines specify two categories of requirements: mandatory and recommendation. The mandatory requirements are designated by the word shall and recommendations by the word should. Where both a mandatory requirement and a recommendation are specified for the same criterion, the recommendation represents

26、 a goal currently identifiable as having distinct compatibility or performance advantages. Suggestions for improvement of this document are welcome. They should be sent to the Alliance for Telecommunications Industry Solutions, PTSC, 1200 G Street NW, Suite 500, Washington, DC 20005. At the time it

27、approved this document, PTSC which is responsible for the development of this Standard, had the following members: M. Dolly, PTSC Chair (AT&T) W. Downum, Technical Editor (Telcordia) C. Underkoffler, ATIS Chief Editor The Signalling, Architecture, and Control (SAC) Subcommittee, which was responsibl

28、e for the development of this document, had the following members: ATIS-1000035.2009 iii Table of Contents 1 Scope . 5 2 References 5 2.1 ATIS References 6 2.2 ITU-T References 6 3 Definitions . . 6 3.1 Terms defined in ITU Recommendations 6 3.2 Terms defined in this Standard 7 4 Abbreviations 8 5 I

29、ntroduction . 9 5.1 IdM Overview 9 5.2 Business Drivers and Motivations . 11 5.3 Identity Provider (IdP) . 13 5.4 NGN Functional Architecture and Use of Identifiers 14 6 IdM Framework Overview . 15 7 IdM in Context of NGN Architectures and Reference models 16 7.1 General Relationship with NGN Archit

30、ectures and Services 16 7.2 Y.2011 (General principles and general reference model for NGN) Reference Models 17 8 Identity Management Framework 18 8.1 Identity Lifecycle Management 18 8.1.1 Proofing and Enrolment 18 8.1.2 Issuance and Revocation . 19 8.2 Identity Management OAM&P Functions . 19 8.2.

31、1 Data Model and Schema 19 8.2.2 Identifier Management 20 8.2.3 Attribute Management . 20 8.2.4 Credential Management . 21 8.2.5 Logging and Auditing 22 8.3 Identity Management Signalling and Control Functions 22 8.3.1 Introduction . 22 8.3.2 Discovery of Identity Information . 22 8.3.3 IdM Communic

32、ations 23 8.3.4 Correlation and Binding 25 8.3.5 Authentication . 25 8.3.6 Authentication Assurance . 25 ATIS-1000035.2009 iv 8.3.7 Delegation . 26 8.3.8 Policy Enforcement 26 8.3.9 Support of Services Requiring Priority Treatment 27 8.4 Identity Management Federated Identity Functions . 27 8.4.1 Fe

33、derated Identity 27 8.4.2 Federation Discovery 27 8.4.3 Bridging and Interworking . 27 8.5 Identity Management User and Subscriber Functions . 27 8.6 Performance and Reliability . 28 8.6.1 Performance . 28 8.6.2 Timestamp Accuracy . 28 8.6.3 Reliability and Availability . 28 8.7 IdM Security 29 8.7.

34、1 Security Protection of Network Elements Providing IdM . 29 8.7.2 Protection of Personally Identifiable Information (PII) . . 29 9 Informative References . 29 Table of Figures Figure 1 IdM Overview . 10 Figure 2 Use of IdM Services 12 Figure 3 - Example NGN Identities . . 14 Figure 4 - IdM Framewor

35、k Overview . 15 Figure 5 Relation with NGN Architectures and Services . 16 Figure 6 Scope of IdM in Context of Figure 2/Y.2011 17 Figure 7 IdM in Context of the Figure 3/Y.2011 . 18 Figure 8 External Interfaces . 24 Table of Tables Table 1 IdM Drivers and Motivations . 12 AMERICAN NATIONAL STANDARD

36、ATIS-1000035.2009 American National Standard for Telecommunications Next Generation Network (NGN) Identity Management (IdM) Framework 1 Scope This standard provides an Identity Management (IdM) framework for Next Generation Network (NGN). The primary purpose of this standard is to describe the funda

37、mental concepts, functional components and capabilities of IdM that can be used to organize and guide structured solutions for NGN. The scope of this standard includes to: Describe the business motivations, benefits, and advantages of IdM services, and the generic capabilities used to provide identi

38、ty assurance and defining IdM concepts applicable to NGN and based on the NGN Functional Requirements and Architecture (FRA) as defined in ITU-T Recommendation Y.2012 Y.2012 and ATIS standard, NGN Architecture ATIS-1000018 Identify and describe the functional entities, roles, relationships, enablers

39、 and communications supporting IdM services and capabilities for NGN Identify and describe the (intra-network) relationships for supporting IdM services and capabilities within an NGN, Identify and describe the relationships for supporting IdM services and capabilities between NGN providers (e.g., w

40、ithin a federation), and between NGN providers and other providers (e.g., inter-federation) The framework provided in this standard is intended for NGN (i.e., managed packet networks) as defined in ITU-T Y.2001, General overview of NGN. However, it could be applied as appropriate to other types of n

41、etworks (e.g., private corporation and enterprise networks). This framework is intended to be used as a foundation to develop and specify specific aspects of IdM for NGN such as detailed requirements, mechanisms and procedures as needed. It also provides a clear and coherent overview of the totality

42、 of IdM in NGN. Note: the use of the term Identity in this standard relating to Identity Management (IdM) does not indicate its absolute meaning. In particular, it does not constitute any positive validation of a person. 2 References The following standards contain provisions which, through referenc

43、e in this text, constitute provisions of this American National Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this American National Standard are encouraged to investigate the possibility of applying

44、 the most recent editions of the standards indicated below. ATIS-1000035.2009 6 2.1 ATIS References 1ATIS-1000018 NGN Architecture. ATIS-1000029.2008 NGN Security Requirements. ATIS-1000030.2008 Authentication and Authorization Requirements for Next Generation Network (NGN). ATIS-1000005 Service Des

45、cription of ETS. ATIS-1000010.2006(R2011) Support of Emergency Telecommunications Service (ETS) in IP Networks. 2.2 ITU-T References 2ITU-T Y.2001 ITU-T Recommendation Y.2001 (2004), General overview of NGN. ITU-T Y.2011 ITU-T Recommendation Y.2011 (2004), General principles and general reference mo

46、del for Next Generation Networks. ITU-T Y.2012 ITU-T Recommendation Y.2012 (2006), Functional Requirements and Architecture of the NGN Release 1. ITU-T Y.2701 ITU-T Recommendation Y.2701 (2007), Security Requirements for NGN Release 1. ITU-T Y.2702 ITU-T Recommendation Y.2702 (2008), NGN Authenticat

47、ion and Authorization Requirements. ITU-T Y.2205 ITU-T Recommendation Y.2205 (2008), Next Generation Networks Emergency Telecommunications Technical Considerations ITU-T E.107 ITU-T Recommendation E.107 (2007), Emergency Telecommunications Service (ETS) and Interconnection Framework for National Imp

48、lementations of ETS. 3 Definitions 3.1 Terms defined in ITU Recommendations This standard uses the following terms defined in ITU-T documents. Anonymity X.1121: Ability to allow anonymous access to services, which avoid tracking of users personal information and user behaviour such as user location,

49、 frequency of a service usage, and so on. authentication X.811: The provision of assurance of the claimed identity of an entity. authorization X.800: The granting of rights, which includes the granting of access based on access rights. 1This document is available from the Alliance for Telecommunications Industry Solutions (ATIS), 1200 G Street N.W., Suite 500, Washington, DC 20005. 2This document is available from the International Telecommunications Union. ATIS-1000035.2009 7 claimant X.811: An entity which is or