该建议书标题尚未译为中文。 |
|
可能确有必要利用多属性机构提供的聚合属性,提升依赖方对其它方身份的信任度。聚合可视作必须处理一系列适用于全局的唯一标识符,这在所有属性机构之间十分常见。实践过程中,各实体并无全局统一的标识符,而是拥有不同的实体标识符和其它各种身份服务提供方(IdSP)分配的属性。
为解决此方案中的属性聚合问题,本文使用了身份联盟的概念。例如,若某网上书店计划向老年人出售产品,则该商店必须由两个IdSP分配一套聚合属性(信用卡和年龄段),但各IdSP之间相互并不了解对方的参与情况。在标准的联盟身份管理中,某实体只能提供来自一个身份的属性,但此交易要求两个身份均提供属性。目前存在多种身份联盟方法,例如安全断言标识语言(SAML)、Shibboleth、开放(OpenID)和公开鉴权(OAuth)等。
ITU-T X.1258建议书引入了属性聚合概念,使实体能够聚合来自多个IdSP的属性。属性聚合是一种收集某实体从多个IdSP那里检索到的属性的机制。属性聚合可用于按需动态汇聚各种属性。当某实体希望获得服务时,IdSP可实现聚合请求。此外,以实体为中心的属性聚合机制亦可用于缓解隐私泄露的鉴权。
|
|
Citation: |
https://handle.itu.int/11.1002/1000/12850 |
Series title: |
X series: Data networks, open system communications and security X.1200-X.1299: Cyberspace security X.1250-X.1299: Identity management (IdM) and Authentication |
Approval date: |
2016-09-07 |
Provisional name: | X.eaaa |
Approval process: | TAP |
Status: |
In force |
Maintenance responsibility: |
ITU-T Study Group 17 |
Further details: |
Patent statement(s)
Development history
|
|
|
Ed. |
ITU-T Recommendation |
Status |
Summary |
Table of Contents |
Download |
1
|
X.1258 (09/2016)
|
In force
|
here
|
here
|
here
|
|
ITU-T Supplement
|
Title
|
Status
|
Summary
|
Table of contents
|
Download
|
X Suppl. 7 (02/2009)
|
ITU-T X.1250 series – Supplement on overview of identity management in the context of cybersecurity
|
In force
|
here
|
here
|
here
|
Title |
Approved on |
Download |
Guidelines for identity-based cryptosystems used for cross-domain secure communications
|
2023
|
here
|
Overview of hybrid approaches for key exchange with quantum key distribution
|
2022
|
here
|
Guidelines for security management of using artificial intelligence technology
|
2022
|
here
|
Unified Security Model (USM) – A neutral integrated system approach to cybersecurity
|
2020
|
here
|
Successful use of security standards (2nd edition)
|
2020
|
here
|
Description of the incubation mechanism and ways to improve it
|
2020
|
here
|
Strategic approaches to the transformation of security studies
|
2020
|
here
|
|