News
ETSI completes first batch of Identity Management specifications
March 2011 by Marc Jacob
As a step towards bringing IT and network worlds closer, ETSI has completed its first batch of Identity Management specifications supporting interoperability and access control. The specifications can be used to simplify how users get authorized access to services and data beyond enterprise boundaries. They also support more privacy thus reducing the concerns in deploying these technologies.
Completion of this series of five pre-standardization specifications (known as Group Specifications) marks the end of the first phase of a successful transfer of European R&D projects of the European Commission’s 6th and 7th Framework projects into specifications for industrial use. The specifications were created by ETSI’s Industry Specification Group on "Identity and access management for Networks and Services" (ISG INS).
This first set of group specifications support interoperability and incorporate privacy into the telecoms services and networks domain. For example, Group Specification GS INS 001 on Identity Management (IdM) interoperability between Operators or Internet Service Providers (ISPs) and Enterprise provides mechanisms, interfaces and protocols allowing scenarios where third party providers share attributes with the operator, or reuses its authentication. A typical instance is Single Sign-On, a procedure by which a user gains access to all authorized communication services, thus avoiding the need for repeated authentication. GS INS 003 on distributed user profiles defines the relationship between access control and societal privacy needs and the associated legal framework.
Amardeo Sarma, Chairman of ETSI’s ISG INS, said: “This framework will further ease the transparent use of applications and services within and across enterprises and public networks. It addresses IT and telecommunications services and provides key specifications for the upcoming cloud environment.” New work items, which will lead to further specifications, have been defined for other highly relevant areas. These include establishing an enforcement framework to ensure that key actions are carried out when accessing data and processes, as well as for establishing user consent.
An example of R&D results that were transferred into the specifications is those from the EU project SWIFT that focused on extending identity functions and federation to the network. SWIFT had developed and validated a cross-layer Identity Framework to improve users’ “Single Sign-On” experience while supporting privacy and protecting data. The ISG’s future work foresees the participation of several other EU projects, thus ensuring that the transfer of R&D results into standards continues.
The efficiency with which the task of producing this batch of Identity Management specifications was achieved is further evidence of the effectiveness of this new form of ETSI committee, the Industry Specification Group, in fulfilling its promise to quickly develop pre-standardization specifications based on industrial interest.
The current members of ISG INS are: Deutsche Telekom AG, Fraunhofer Institute for Secure Information Technology SIT, NEC Europe Ltd., Portugal Telecom, Nokia Siemens Networks, Waterford Institute of Technology (WIT), Telenor ASA, Alcatel-Lucent, University of Patras (Greece) and University of Murcia (Spain). Other companies are welcome to join the ISG.
