Principles and Requirements

From ITUwiki

Contents 1 Discussion scope 2 General Principles to consider 3 Network Layering Requirements 4 Privacy and security requirements

[edit] Discussion scope

• Agreed not to discuss ITU-T requirements on IPR, or acceptable status of input materials (e.g. open standards).
• Focus on technical principles

[edit] General Principles to consider

• W3C general architecture principles of the Architecture of the World Wide Web
• Laws of Identity (PDF)

[edit] Network Layering Requirements

• Need to define network layers, and relationship to services? Discuss what needs to flow across the interface between network layers and services?
  • Note that layering not clear, perhaps consider other domains such as blogs etc
  • Need to consider all network layers up to and including TCP/IP
  • Structure horizontal/vertical.
  • Network/service are concurrent.
  • Service and network interface aspects
    • Authentication
    • Attributes
    • Management.
  • Convergence of mobility and fixed: FMC refers to "Fixed Mobile convergence"
  • Ability to choose from multiple network choices, relationship of this choice to identity should be considered
• CardSpace.
  • A way to manage a set of identities, in a framework where Mobile and Internet world are converging.
• Fragmented business model. Identity must be linked with subscription in some way.
• Management of the network. Linkability.
• The user does not want to authenticate to access the services generally.
• Considering network layers, where do identity considerations reach?
• Noted that difference between fixed land line and mobile line - fixed line does not identify individual but billing address , whereas mobile devices now tend to be linked to individuals
  • operator does not know everyone - prepaid subscription does not identify, another case: one can pay for someone elses phone, then that party not identified
• Billing is central to the relationship between end user and operator/ISP etc and potential for knowledge of identity and need for trust
• Consider operators as service providers, with need for identity management

[edit] Privacy and security requirements

• Privacy must be inherent/intrinsic to architecture.
• Distinct identities in the application layer should not be compromised by underlying network allowing correlation/linkage
  • Cryptography could be the solution?
• Trust can be impacted by roaming -> needs to be considered.
• Include intermediaries in network architecture.
• Network regulatory requirements considered with regards to privacy (linkability, etc).
• Support for anonymity, non-linkability
  • Contradictory requirements anonymity vs billing.
  • Who needs to know who you are? Operator? Bank?
• support emergency capabilities, etc.

• NGN
  • Enable local Administrative responsibility and control: UNI, NNI, ANI.

ngn is uni nni ani

uni is user network interface -

nni is network network inferface - e.g. between operators

ani is network provider and 3rd party application vendors

• • In NGN Release 2 end device is considered into the scope of the study -> privacy
  • Layering in NGN networks. Boundary between network/services (data transport, voice...). consider NGN defined as services in combination with transport
  • NGN requires stronger and more pervasive authentication than Internet.
  • In NGN operators have more information than on the Internet, so we must be more careful.
• Possible ability to offer varieties of service (e.g. guaranteed delivery) might have relationship to network quality of service (QoS), - question of relationship to identity, related to international.