1、 ETSI TS 102 747 V1.1.1 (2009-12)Technical Specification Human Factors (HF);Personalization and User Profile Management;Architectural FrameworkETSI ETSI TS 102 747 V1.1.1 (2009-12)2Reference DTS/HF-00123 Keywords profile, user ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.:
2、 +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made av
3、ailable in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on
4、 a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find
5、 errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction
6、in all media. European Telecommunications Standards Institute 2009. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Member
7、s and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 747 V1.1.1 (2009-12)3Contents I
8、ntellectual Property Rights 5g3Foreword . 5g3Introduction 5g31 Scope 6g32 References 6g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 9g33.1 Definitions 9g33.2 Abbreviations . 10g34 Summary of profile 11g35 User profile management architecture requirem
9、ents 13g35.1 Profile roles 13g35.2 Profile identification . 13g35.3 The UPM architecture model . 13g35.4 Procedures 15g35.4.1 Introduction. 15g35.4.2 Profile synchronization . 16g35.4.2.1 Synchronization conflict resolution/avoidance . 17g35.4.2.2 Protocol candidates for profile component synchroniz
10、ation . 17g35.4.3 Profile creation/update/deletion 17g35.4.3.1 Profile creation 17g35.4.4 Update of profile data according to context 18g35.4.5 Profile deletion 18g36 UP/UPM security . 19g36.1 UP/UPM and impact on privacy . 19g36.2 Key goal for UP/UPM security 19g36.3 Risk analysis - assumptions and
11、 objectives 20g36.4 Risk analysis - functional capabilities 22g36.4.1 Threats and threat agents in UP/UPM. 22g36.4.2 Identification . 22g36.4.3 Privacy 23g36.4.4 Integrity (data) 23g36.5 Detailed security requirements . 24g36.5.1 Identification SA . 24g36.5.2 Authentication SA 25g36.5.3 Authorisatio
12、n SA 25g36.5.4 Confidentiality SA 25g36.5.5 Integrity SA 25g3Annex A (normative): Mapping to services and networks . 26g3A.1 Introduction 26g3A.1.1 Mapping of user profile roles with TISPAN roles 26g3A.1.1.1 Introduction. 26g3A.1.1.2 Principles 26g3A.1.1.3 Involved use cases 27g3A.1.2 Common Profile
13、 Storage (CPS) defined in TR 132 808 28g3A.1.3 3GPP Generic User Profile (GUP) Release 8 architecture . 28g3A.1.4 Relationship to UPM distribution and synchronization capabilities . 30g3A.1.5 Universal Communications Identifier 30g3Annex B (informative): Core system objectives . 32g3ETSI ETSI TS 102
14、 747 V1.1.1 (2009-12)4B.1 Stakeholder categories and their objectives . 32g3B.2 Management of user profile data 32g3B.3 Processing of profile data . 33g3B.4 Activation/deactivation of situation profiles 33g3B.5 Information and feedback to users . 33g3B.6 Logging 33g3Annex C (informative): Related Wo
15、rk in other Standardization Bodies 34g3C.1 Open Mobile Alliance 34g3C.2 W3C . 35g3Annex D (informative): Security terms and concepts . 36g3D.1 Security associations 36g3D.2 Confidentiality 36g3D.3 Integrity 36g3D.4 Authenticity 37g3D.5 Authority 37g3Annex E (informative): Conflict resolution/avoidan
16、ce . 38g3E.1 Priorities for avoiding conflicts 38g3E.2 Avoiding conflicts by using templates . 38g3E.3 Conflict resolution/avoidance methods 38g3E.3.1 Method 1 38g3E.3.2 Method 2 39g3E.3.3 Comparing conflict resolution methods . 39g3E.3.4 User choices of handling conflicts at run-time . 39g3E.3.5 Co
17、nflict resolution without user involvement 40g3E.3.6 Method for capturing and utilizing the results of a resolution process . 40g3Annex F (informative): Analysis of candidate protocols and mechanisms for UP/UPM security provision . 41g3F.1 Overview 41g3F.1.1 Symmetric key solutions 41g3F.1.2 Asymmet
18、ric key solutions 41g3F.2 Authorisation Single-Sign On approaches . 41g3F.2.1 Generic Authentication Architecture (GAA) 41g3F.2.2 X.509 Privilege Management Infrastructure (PMI) 41g3F.2.3 XDM for Access Control . 43g3F.2.4 Kerberos . 43g3History 44g3ETSI ETSI TS 102 747 V1.1.1 (2009-12)5Intellectual
19、 Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPR
20、s); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searc
21、hes, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produce
22、d by ETSI Technical Committee Human Factors (HF). Introduction The present documents builds on the user profile concept described in EG 202 325 i.1. The concept of a user profile usually refers to a set of information, preferences and rules that are used by a device or service to deliver a customize
23、d version of capabilities to the user. Traditionally, many devices and services contain profiles specific to that product and unrelated to any other. This requires that, on change of service or device, the user has to re-educate themselves in how to personalize their services or devices and re-enter
24、 their information and preferences. This will result in variable success rate and user satisfaction. The user profile concept described in EG 202 325 i.1 provides an enhanced user experience. There will be a number of user characteristics and preferences that will apply independently of any particul
25、ar product (e.g. a users preferred language or their need for enlarged text). A key objective is that users should not be required to provide this information more times than is necessary. Users move between situations throughout the day (e.g. at home, driving, working). In each of these situations,
26、 users may have different needs for how they would like their ICT resources arranged. At present, an increasing number of products provide the user with ways of tailoring their preferences to these different situations. Users should be able to specify their context dependent needs in ways that requi
27、re the minimum need to understand the individual products. In addition, personalization and user profile management holds the promise of improving the uptake of new technologies and allowing greater access to their benefits. The present document provides an architectural framework for supporting per
28、sonalization and user profile management. ETSI ETSI TS 102 747 V1.1.1 (2009-12)61 Scope The present document defines an architectural framework supporting the personalization and user profile management concepts described in EG 202 325 i.1. The present document addresses issues related to network re
29、quirements, functions and procedures. It also covers User Profile security and privacy issues. Capabilities provided by the architecture are: data editing (e.g. creation, templates, update); data storage; synchronization; backup; access control respecting user preferences and legal policies; Profile
30、 solutions within the scope of the present document are: those provided for the primary benefit of the end-user; those which the end-user has rights to manage the profile contents; those where the end-user has the right to have a dialogue with the information owning stakeholder. Intended readers of
31、the present document are user profile providers, operators, service developers, service providers, device manufacturers, standards developers. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific refer
32、ence, subsequent revisions do not apply. Non-specific reference may be made only to a complete document or a part thereof and only in the following cases: - if it is accepted that it will be possible to use all future changes of the referenced document for the purposes of the referring document; - f
33、or informative references. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term vali
34、dity. ETSI ETSI TS 102 747 V1.1.1 (2009-12)72.1 Normative references The following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referenced document (inc
35、luding any amendments) applies. 1 ETSI ES 202 746: “Human Factors (HF); Personalization and User Profile Management; User Profile Preferences and Information“. 2 ITU-T Recommendation M.3050 Supplement 1: “Enhanced Telecom Operations Map (eTOM) - Supplement 1 - Interim view of an interpreters guide f
36、or eTOM and ITIL practitioners“. 3 OMA, Push-to-Talk over Cellular, Architecture. NOTE: See OMA-AD-PoC-V2_0-20080507-C. 4 ETSI TS 133 221: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Generic Authentication Architecture (GAA); Suppor
37、t for subscriber certificates (3GPP TS 33.221)“. 5 ETSI TS 184 002: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Identifiers (IDs) for NGN“. 6 ITU-T Recommendation E.164: “The international public telecommunication numbering plan“. 7 ETSI TS 188
38、 002-1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Subscription Management; Part 1: Requirements“. 2.2 Informative references The following referenced documents are not essential to the use of the present document but they assist the user
39、with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applies. i.1 ETSI EG 202 325: “Human Factors (HF); User Profile Management“. i.2 ETSI TR 132 808: “Telecommunication management; Study of Common Profile Sto
40、rage (CPS) Framework of User Data for network services and management (3GPP TR 32.808)“. i.3 ETSI TR 180 003: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Release 3 definition“. i.4 ETSI TS 102 165-1: “Telecommunications and Internet converged S
41、ervices and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis“. i.5 ETSI TR 187 011: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Application of
42、ISO-15408-2 requirements to ETSI standards - guide, method and application with examples“. i.6 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements“. i.7 UK Home Office; R.V.Clark; “Hot Products: understanding
43、, anticipating and reducing demand for stolen goods“, ISBN 1-84082-278-3. i.8 ETSI EG 202 067: “Universal Communications Identifier (UCI); System framework“. i.9 ETSI EG 203 072: “Universal Communications Identifier (UCI); Results of a detailed study into the technical areas for identification harmo
44、nization; Recommendations on the UCI for NGN“. i.10 IETF RFC 4510: “Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map“. ETSI ETSI TS 102 747 V1.1.1 (2009-12)8i.11 Open Mobile Alliance (OMA): “SyncML Sync Protocol“. NOTE: See http:/www.openmobilealliance.org/tech/affiliat
45、es/syncml/syncml_sync_protocol_v11_20020215.pdf. i.12 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. i.13 United Nations General Assembly resolu
46、tion 217 A (III) (10 December 1948): “Universal Declaration of Human Rights“. i.14 ITU-T Recommendation X.509: “Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks“. NOTE: Also available as ISO/IEC 9594-8. i.15 ETSI TS 123 240: “Univ
47、ersal Mobile Telecommunications System (UMTS); LTE; 3GPP Generic User Profile (GUP) requirements; Architecture (Stage 2)“. i.16 Open Mobile Alliance (OMA): “User Agent Profile, Specifications, Version 2.0“, OMA-TS-UAProf-V2-0-20060206-A. i.17 Open Mobile Alliance (OMA): “Device Profile Evolution V1.
48、0“. NOTE: See http:/www.openmobilealliance.org/Technical/release_program/dpe_V1_0.aspx. i.18 Open Mobile Alliance (OMA): “Device Management Working Group“. NOTE: See http:/www.openmobilealliance.org/Technical/DM.aspx. i.19 Open Mobile Alliance (OMA): “Device Management Protocol, Specifications“, OMA
49、-TS-DM-Protocol-V1-2-1-20080617-A. i.20 Open Mobile Alliance (OMA): XML Document Management V1.1. NOTE: See http:/www.openmobilealliance.org/Technical/release_program/xdm_v1_1.aspx. i.21 Open Mobile Alliance (OMA): Presence Simple V1.1. NOTE: See http:/www.openmobilealliance.org/Technical/release_program/presence_simple_v1_1.aspx. i.22 ETSI ES 283 030: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Presence Service Capability; Protoco
