[KI-LC] Further comments to the Bridging IMS and Internet Identity Whitepaper

Thu Jul 1 09:45:56 EDT 2010

This message is to inform the LC & TIWG that staff has received the  
following comments to the Bridging IMS and Internet Identity Whitepaper.

Comments:
This draft Recommendation would greatly benefit from more contextual  
discussion regarding security and privacy considerations, particularly  
as they relate to identity and entity authentication, and the related  
ongoing activities in Standards Development Organizations, such as ITU- 
T and ISO-IEC JTC1.   As this draft Recommendation generally relates  
to the sharing of identity/entity authentication from the  
telecommunications world to identity authentication in the internet,  
it is necessary to further describe how: the security perimeter is  
extended from entity to user, and; how the privacy considerations are  
maintained, not only across jurisdictional boundaries, but also as  
they relate to user data that may be transported from applications, to  
entity hardware, to telecommunications operator.   Any implicit  
assumptions regarding these areas need to be more explicitly stated  
for maximum benefit of the document and its progression.

1)	Security Considerations:
Lines 125-127
"users of classic telco services like voice, fax, and SMS do not need  
to handle and maintain passwords, since they are authenticated by the  
network".
Lines 400-402
discusses operators providing "strong SIM authentication service  
towards originally much weaker security".
Lines 335-340
discusses the higher security and privacy protection via “the ability  
to ability to reuse the network embedded security mechanisms of  
operators for user interactions with all services inside the operator  
realm and across the Internet increases the level of security and  
privacy protection compared to what exists today. As well as enabling  
end-users to utilize a transaction broker brand like an operator that  
is trustable and that can legally be responsible for the security  
level involved in the transaction”

In the cases above where there is comparison, it would be instructive  
to define what is being compared, and what the assumptions are  
regarding a user authenticating to an entity (phone or SIM).   Is the  
binding of the user to the entity assumed to be through the possession  
of the entity, via a contractual obligation, or by a secondary means  
of authentication?   The distinction between user authentication and  
entity authentication is not clearly expressed in these sections, and  
the draft Recommendation requires further clarification.

Furthermore, it would be beneficial to explain how the "legal  
responsibility for the security level involved in the transaction"  
relate to the Levels of Assurance (LoA) used in NIST Special  
Publication 800-63 and Kantara Identity Assurance Framework (IAF)  
Version 2.0.   Is it intended that the entity authentication described  
in the draft Recommendation includes an implicit identity  
authentication via possession, or would it be used in conjunction with  
a second factor such as passwords or biometrics, to authenticate for a  
LoA 3 transaction, as is described in NIST 800-63 and Kantara IAF?

2)	Privacy Considerations
Lines 191-193
discusses "the exported "public identity" (e.g. a unique TELURI or  
SIPURI) a strong privacy constraint is inherited preventing the  
leveraging of 3rd parties services".   Presumably this is achieved  
through the use of persistent anonymous identifiers mapped to the real  
user ID, as described in lines 423-424:  "During this process, the  
telecom operator will provide an alias instead of real user ID's (i.e.  
phone number)”.
Lines 559-567
discusses using cookies to share the authentication context

Further description of how user data privacy is maintained throughout  
these and other processes in the draft Recommendation should be  
included.   In particular, the safeguards that are used to maintain  
the confidentiality of the user data in rest and in transit should be  
included.   It would also be very helpful to include a discussion of  
the expectations of the various stakeholders in the data flow process,  
such as applications running on the cell phone, the hardware itself  
(including SIM’s or TPM’s), and the telecommunications operators, as  
the data traverses the various jurisdictional and application  
boundaries.

I expect TIWG leadership to review and discuss these comments today at  
their F2F meeting in Berlin.  The review period will end close of  
business today, July 1.  If further comments arrive I will forward to  
LC and TIWG.

Cheers,
Dervla
________________________
Dervla O’Reilly
Program Manager
Kantara Initiative
+1 415 731 4487 business
+1 415 948 3650 mobile
+1 509 757 4487 fax
dervla[at]kantarainitiative[dot]org
http://www.kantarainitiative.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20100701/b6fe15bb/attachment.html 