Electronic Identity Directory
From wiki.enisa.europa.eu
The Electronic Identity Directory is to provide an understanding of the Identity management (IdM). It contains a description of IdM framework component interactions, existing Standards, Standards Development Organizations, Identity Management Systems, Research projects also Legislation that relates to the issue of Identity Management.
The document is based on ITU-T SG17 Focus Group for Identity Management deliverables "Report on Identity Management Ecosystem and Lexicon”[1] and “Report on Identity Management Framework for Global Interoperability” [2].
See also Living List of Identity Management Terminology.
This document provides a list of terms and associated definitions that are in common use in IdM. It was compiled by the ITU-T SG17 Focus Group for Identity Management (FG IdM) Living List Working Group during 2007.
Contents |
[edit] Identity management
Identity management means managing various partial identities of the subject, i.e. administration and design of identity attributes as well as choice of the partial identity to be (re-)used in a specific context or role. The identity management is called privacy enhancing if it does not provide more linkability than necessary between the partial identities.[3]
[edit] Identity management framework - Basic Structure
The following diagram below represents the functional components of a generic identity management system. These are divided up into various services with some providing functions to each of the frameworks actors (Requesting Entity, Identity Provider (IdP) and Relying Party (RP)). The services described below are the core components in almost every identity management system today. They are designed to use bridging services to allow cross-network, cross-identity-management-system and cross-application interoperability thus forming an Identity Management Framework for Global Interoperability.
[edit] IdM Generic Architectural Model
| Step | Title | Description |
|---|---|---|
| 1 | Request Access to Relying Party1 (RP1) | The Entity (Requestor (Identity Agent), Asserting Party, and Principal) identifies itself to the RP1 (the Resource or Service Provider) and requests a Resource or Service from that Relying Party. |
| 2 | RP1 requests to identify relevant Identity Provider (IdP) | The RP1 sends an attribute request to the Discovery service for the provision of the IdP. |
| 3 | Discovery service provides IdP | The Discovery Service responds by sending relevant IdP according to the attribute query. |
| 4 | RP1 requests Authentication from Identity Provider (IdP) | The RP1 needs to authenticate the requesting/asserting entity before giving them the requested Resource or Service. The RP1 turn queries to the IdP to confirm the Entity’s Identity assertion. |
| 5 | IdP prompts Requestor for Authentication | The IdP ask the Requestor to authenticate himself to the IdP. |
| 6 | Requestor Authenticates to IdP | |
| 7 | Identity Assertion | The IdP confirms the Entity’s Identity assertion by authenticating and validating the Entity, using on the information presented in the assertion. |
| 8 | User Authorised for access to RP1 | The RP1, after receiving confirmation of the Entity’s Identity assertion from the IdP(s), provides the requested resource or service to the requesting/asserting entity. |
| 9 | Request access to RP2 | The Entity requests a Resource or Service from the RP2 |
| 10 | RP2 request Authentication from IdP | The RP2 sends request to assert identity of the requesting/asserting entity. |
| 11 | Identity assertion | The IdP sends response to the RP2 asserting the Requestor’s Identity after determining that the Requestor authentication is still valid and single sign-on is applicable. |
| 12 | User Authorised for access to RP2 | The RP2, after receiving confirmation of the Entity’s Identity assertion from the IdP(s), provides the requested resource or service to the requesting/asserting entity. |
[edit] Identity management framework Examples
There are already a number of identity management systems in place today on a wide variety of platforms, and these need to be supported by a global interoperable identity management framework (Identity Plane). The infrastructure should potentially enable bridging between these different systems and support cross-system interaction as well as inter-operation and delegation between them. This presents IdM framework level architecture examples that will enable users to govern identity related information across IT systems and research projects for future IdM that will enhance privacy and security.
[edit] Standards
Gives the overview of standards and standards bodies related to IdM.
Click here for more information.
[edit] Surveys
Click here for a list of surveys.
