Study Group 17 has been designated the Lead Study Group for Identity Management (IdM) in accordance with World Telecommunication Standardization Assembly (WTSA-20) Resolution 2.

As the lead study group for Identity Management, Study Group 17 is responsible for the study of the appropriate core Questions on IdM. In addition, in consultation with other relevant study groups and in collaboration, where appropriate, with other standards bodies, Study Group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.

All Study Groups are requested to keep Study Group 17 informed of their work plans regarding IdM so that they can be integrated into the overall IdM work programme.

Study Group responsibilities for IdM

WTSA Resolution 2 identifies study group responsibilities for IdM as:

• Study Group 2: Responsible for studies relating to ensuring the consistency of the format and structure of IdM identifiers and for studies specifying interfaces to management systems to support the communication of identity information within or between organizational domains.
• Study Group 13: Responsible for studies of functions and relevant capabilities including NGN-specific identity management functional architecture that supports value-added identity services, the secure exchange of identity information and the application of bridging/interoperability between a diverse set of identity information formats. Also to be studied are any identity management threats within the NGN and the mechanisms to counter them. In addition, Study Group 13 will study the protection of personally identifiable information (PII) in the NGN to ensure that only authorized PII is disseminated within the NGN, as well as future networks.
• Study Group 17: Responsible for studies relating to the development of a generic identity management model that is independent of network technologies and supports the secure exchange of identity information between entities. This work also includes studying the process for discovery of authoritative sources of identity information; generic mechanisms for the bridging/interoperability of a diverse set of identity information formats; identity management threats, the mechanisms to counter them, the protection of personally identifiable information (PII) and to develop mechanisms to ensure that access to PII is only authorized when appropriate.

Recommendations related to IDM

Approved Recommendations:

• F.511, Directory Service - Support of tag-based identification services
• F.748.1, Requirements and common characteristics of the IoT identifier for the IoT service
• H.642.1, Multimedia information access triggered by tag-based identification - Identification scheme
• H.642.2, Multimedia information access triggered by tag-based identification - Registration procedures for identifiers
• H.642.3, Information technology - Automatic identification and data capture technique - Identifier resolution protocol for multimedia information access triggered by tag-based identification
  
• L.207, Passive node elements with automated ID tag detection
  
• X.509 (ninth edition), Information technology – Open Systems Interconnection – The Directory – Public-key and attribute certificate frameworks​
  
• X.675, OID-based resolution framework for heterogeneous identifiers and locators
  
• X.676​, Object identifier-based resolution framework for IoT grouped services​​
  
• X.677, Identification mechanism for unmanned aerial vehicles using object identifiers​
  
• X.10​58, Information technology — Security techniques — Code of practice for personally identifiable information protection​
  
• X.1141, Security Assertion Markup Language (SAML) 2.0
• X.1142, eXtensible Access Control Markup Language (XACML 2.0)
  
• X.1144, eXtensible Access Control Markup Language (XACML) 3.0
  
• X.1154, General framework of combined authentication on multiple identity service provider environments
• X.1155, Guidelines on local linkable anonymous authentication for electronic services
• X.1158, Multi-factor authentication mechanisms using a mobile device
• X.1171, Threats and requirements for protection of personally identifiable information in applications using tag-based identification
• X.1250, Baseline capabilities for enhanced global identity management trust and interoperability
• X.1251, A framework for user of digital identity
• X.1252, Baseline identity management terms and definitions
• X.1253, Security guidelines for identity management systems
• X.1254, Entity authentication assurance framework
• X.1255, Framework for discovery of identity management information
• X.1256, Guidelines and framework for sharing network authentication results with service applications
• X.1257, Identity and access management taxonomy
  
• X.1258, Enhanced entity authentication based on aggregated attributes
• X.1275, Guidelines on protection of personally identifiable information in the application of RFID technology
  
• X.1276, Trust elevation protocol
  
• X.1277, Universal Authentication Framework (UAF)
• X.1278, ​Client To Authenticator Protocol/Universal 2-factor framework
  
• X.1365​, Security methodology for use of identity-based cryptography in support of Internet of Things (IoT) services over telecommunication networks
  
• X.1450​, Guidelines on hybrid authentication and key management mechanisms in client-server model
  
• Y.2015, General requirements for ID/locator separation in NGN
• Y.2057, Framework of node identifier and routing locator separation in IPv6-based next generation networks
• Y.2720, NGN identity management framework
  
• Y.2721, NGN identity management requirements and use cases
• Y.2722, NGN identity management mechanisms
• Y.2723, Support for OAuth in next generation networks
• Y.2724, Framework for supporting OAuth and OpenID in next generation networks
• Y.2725, Support of OpenID in next generation networks
• Y.3031, Identification framework in future networks
• Y.3034, Architecture for interworking of heterogeneous component networks in ID/locator split-based future networks 
• Y.4462​, Requirements and functional architecture of open IoT identity correlation service​     
• Y.4805​, Identifier service requirements for the interoperability of Smart City applications​                            
  

Other approved texts:

• X.Suppl.22, ITU-T X.1144 - Supplement on enhancements and new features in eXtensible Access Control Markup Language (XACML 3.0)
  
• X.Suppl.31, ITU-T X.660 - Supplement on guidel​ines for using object identifiers for the Internet of things​
• X.Suppl.32, ITU-T X.1058 - Supplement on code of practice for personally identifiable information (PII) protection for telecommunication organizations​
  
• Y.Suppl.12, ITU-T Y.2720 - Supplement on NGN identity management mechanisms
• Y.Suppl.18, ITU-T Y.2700-series - Supplement on next generation network certificate management​​
  
  

Recommendations under development:​

• X.1279 (X.eaasd), Framework of enhanced authentication in telebiometric environments using anti-spoofing detection mechanisms
• X.​1403 (X.dlt-sec)​, Security guidelines for using DLT for decentralized identity management​​
• X.pki-em, Information Technology - Public-Key Infrastructure: Establishment and maintenance
  
• Y.FW.IC.MDSC, Framework of identification and connectivity of moving devices in smart city
  
• Y.IoT-CSIADE-fw, Reference framework of converged service for identification and authentication for IoT devices in decentralized environment​
  
• Y.IoT-IoD-PT, Identity of IoT devices based on secure procedures and ensures privacy and trust of IoT system
  
• Y.SCid-fr, Requirements and converged framework of self-controlled identity based on blockchain
• Y.IoT-ITS-ID, Unified IoT Identifiers for Intelligent Transport Systems
  
• YSTR.Feas-DID-IoT, Feasibility of Decentralised Identifiers (DIDs) in IoT
  

Presentations and related information

• The ITU-T SG17 IdM standardization activity, Arkadiy Kremer, ITU-T SG17 Chairman. SIIC- SSEDIC Conference, 8-9 July 2013, Rome, Italy
  [PRESENTATION]
  

IDENTITY Summit, Geneva, 10 December, 2010.

• "Welcome and Overview of IdM related work in SG 17", Abbie Barbir, PhD., Rapporteur Q10/17 (IdM Question), and Erik Andersen Rapporteur Q11 (Directory services/Systems, public-key/attribute certificates)
  [PRESENTATION]
• "Open Identity Trust Frameworks: A Market Solution to Online Identity Trust", Don Thibeau, Chairman and President, The Open Identity Exchange and Joni Brenan, Kantara Initiative, Managing Director
  [PRESENTATION] [PRESENTATION]
• "OpenID & oAuth 2.0 achieving higher levels of assurance", John Bradley, OpenID Board of Directors
• "Identity Management in 3GPP", Silke Holtmanns, Nokia (Rapporteur of IdM related specifications/reports in 3GPP SA3 Security
  PRESENTATION]
• "Federating Trust Services", Peter Alterman, PhD., Senior Advisor to the CIO for Strategic Initiatives National Institutes of Health, USA, OASIS IDTrust Steering Committee
  [PRESENTATION]
• "ISO TC68 Financial Services – Identity and Authentication", Jeff Stapleton, Global Information Security, Bank of America – X9F4 Cryptographic Protocol and Application Security Working Group – CISSP, CTGA and former QSA
  [PRESENTATION]
• "The User-Managed Access protocol", Eve Maler, Paypal, Chair of Kantara UMA WG and Joni Brenan, Kantara Initiative, Managing Director [PRESENTATION]
•  Panel: "Data Protection, Privacy and root of Trust in the Cloud", Panel Chair: CA Technologies and Chair OASIS IDtrust Member Section

 Panelists: [PANEL] 

• Nat Sakimura, NRI, Japan, Chair OASIS Open Reputation Management work ORMS TC
• Dominique Nguyen, Ph.D., CISSP, Sr. Architect, Global Information Security, Bank of America
• Anil Seldana, Chair OASIS ID Cloud TC, IDtrust Member Section Steering Committee, Redhat
• Tony Nadalin, Microsoft
  
• "Privacy Management Standards What They Are and Why They Are Needed Now", John Sabo, CA Technologies and Chair OASIS IDtrust Member Section
  [PRESENTATION]
• "Bringing Root of Trust into IA", Shahrokh Shahidzadeh, Intel Corp. Sr Principal Technologist, Software and Services Group, Sergiu Ghetie, Intel Corp., Principal Security architect, Security and Business Integrity - Intel Corp.
•  John Bradley, Chair Kantara Leadership Council, Chair Federation Interoperability Work Group
• "An overview of KI Telco ID WG", Jonas Hogberg, Ericsson, Co-Chair Telecommunications Identity Group Kantara Initiative
  [PRESENTATION]
• “The ABA Legal Task Force Building an Online Identity Legal Framework “ by Thomas J. Smedinghoff, Co-Chair, ABA Federated Identity Management Legal Task Force
   [PRESENTATION]
• Summary and Closing Remarks, Abbie Barbir, PhD. 

 ITU-T workshop "New challenges for telecommunication security standardizations", Geneva, 9-10 February 2009.

• Session 1 presented networks, users, services and information as protected objects.
  • David Goodman, (EEMA): New business-models for network operators
    [ BIOGRAPHY | PRESENTATION ]
• Session 6 presented Identity Service which address current key challenges of identity management and its global vision in the future. This session also discussed standardization activities in this area in order to identify the future standardization work in ITU-T.
  • Tony Rutkowski, (VeriSign): Identity Management
    [ BIOGRAPHY | ABSTRACT | PRESENTATION ]
  • Erik Andersen, (Rapporteur, ITU-T SG 17): Identification Services as provided by directories (X.500 including X.509)
    [ BIOGRAPHY | ABSTRACT | PRESENTATION ]
  • Sang Rae Cho, (ETRI, Korea): Trend in User-Centric Identity Management Technology
    [ BIOGRAPHY | ABSTRACT | PRESENTATION ]

WTSA side event on cybersecurity was convened to address the global concern of security in information and communication technologies (ICT), as well as providing a high-level overview of the subject, Johannesburg, 23 October 2008.

• Richard Brackney, ITU-T JCA-IdM Co-Convener, Identity Management (IdM)
  [ PRESENTATION ]
• Heung Youl Youm, Korea, Korea Perspective on Standardization for PI/PII/LI Protection
  [PRESENTATION]

Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and FIDIS (Future of Identity in the Information Society) Workshop on Identity Management Standards, Lucerne, 30 September 2007. See ITU-T / ISO/IEC JTC 1/SC 27 Workshop on identity management.

ITU-T Workshop on Digital Identity for NGN , Geneva, 5 December 2006. See ITU-T Workshop on Digital Identity for NGN.

Identity Management Focus Group Deliverables:

• Report on Activities Completed and Proposed
• Report on the Deliverables
• Report on Identity Management Ecosystem and Lexicon
• Report on Identity Management Use Cases and Gap Analysis
• Report on Requirements for Global Interoperable Identity Management
• Report on Identity Management Framework for Global Interoperability

Cross Study Group efforts:

• Joint Coordination Activity on Identity Management (JCA-IdM)
• Global Standards Initiative for Identity Management (IdM-GSI) (discontinued)