A Network Management Essential: Commission implementation of Trusted Service Provide Identity
International Telecommunication Union
Implementation of Universal Global Trusted Service Provider Identity
(Trusted SPID)
Tony Rutkowski mailto:trutkowski@verisign.com Co-editor, ITU-T Rec X.idmreq
ITU HLEG member
V1.0
Trusted-SPID is like doing a “fingerprint” check on the identity of a Service Provider
Service Provider = everyone except end users
Why?
Historically, the Service Provider trust that is essential for network security was provided by
closed, fixed networks operating under substantial domestic and international regulatory regimes
During the past decade open public networks (e.g., Internet), wireless, globalization, smart terminal devices, application providers, and a shift away from legacy regulatory regimes occurred rapidly without the development of any kind of underlying global service provider trust infrastructure
The lack of a Service Provider trust infrastructure has contributed significantly to the operations, settlements, security and infrastructure protection problems that adversely affect consumers, providers, and government the abuses will likely continue to increase exponentially without effective Service Provider identity trust remedies
Provider Use Cases Signalling security T-SPID is used among providers to
control access to signalling and OA&M resources
Traffic exchange and settlements (eliminating Phantom Traffic)
T-SPID is used among providers to manage traffic peering and termination security and settlements
Roaming settlements T-SPID is facilitate roaming setup and settlements
Content IPR protection; control and fee settlement
T-SPID is used to enable content provider so protect and collect for their IPTV and music programmes
Access of content/application providers to traffic termination providers
T-SPID is used to facilitate access of content and application providers to transport termination capabilities
Threat management; incident response trust capabilities
T-SPID is used to defend against network attacks; do tracebacks; participate in CERTs
Federation interoperability; provider bridging capabilities
T-SPID is used to facilitate federation use and interoperation; provider bridging
Consumer Use Cases Access trust T-SPID enables nomadic end user to know the
identity and trust of a local access Service Provider
Transaction trust T-SPID enables an end user to know the identity and trust of a transaction Service Provider
Protection against identity theft
T-SPID enables an end user to know the identity and trust Service Provider to evaluate potential identity theft
Protection of Personally Identifiable Information
T-SPID enables an end user to know the support levels for PPII (i.e., privacy) offered by the Service Provider
Disability assistance T-SPID enables an end user to know the level of disability assistance supported by the Service Provider
Preventing unwanted intrusions
T-SPID enables SPAM/SPIT reduction
Universal Caller/ Sender ID
T-SPID enables the ability of end users to access accurate identity information of callers; call harassment and stalking
Government Use Cases Government networks T-SPID is used by agencies to constitute
their own global networks
Critical infrastructure protection T-SPID is used to protect critical national communications and SCADA infrastructure
Emergency telecommunication services
T-SPID is used to enable ETS during disasters
Law enforcement forensics T-SPID is used to enable the production of criminal evidence
Public safety services T-SPID is used to enable users to reach emergency call centers or government to send emergency alerts
Universal Service contributions T-SPID is used to facilitate collection of Universal Service contributions
Number resource allocations T-SPID is used to manage allocation of telephone numbers, IP addresses, Signalling Point Codes, etc
Network Neutrality T-SPID is used to enable fair, protected use of transport services
What is required?
A universal global ability to achieve some trust level in a Service Provider’s identity in today’s complex network and service environment
essential to achieve increased cybersecurity constitutes a special Identity Management implementation known as Trusted Service Provider Identity (SPID)
Trusted SPID necessitates a universally recognized, globally unique identifier (a kind of call-sign) for each provider combined with the ability to allow instant interoperable discovery and lookup of identity trust resources associated with the provider
Trusted SPID enables other providers and users to make trust decisions when relying on a provider’s identity and assertions in any context or situation Governmental and Intergovernmental action
Historically a basic role of the ITU Unlikely to occur without governmental support
How?
Language:English
Score: 560651.9
-
https://www.itu.int/dms_pub/it.../15/05/T15050000020005PDFE.pdf
Data Source: un
Herein, we also describe IPTV service platform as a sub-layer between eclectic mixes of service providers and network providers. (...) A service provider can optionally be a customer of another service provider.
(...) IPTV retail service providers do not provide a complete service on its own functionalities.
Language:English
Score: 560268.16
-
https://www.itu.int/dms_pub/it...-TUT-IPTV-2010-ISPF-MSW-E.docx
Data Source: un
A service provider can optionally operate a network. (...) NOTE ‑ This configuration applies also to the relation between an IPTV service provider and IPTV content providers.
Figure 6‑1: Architecture for full integration by service provider
For this configuration, the IPTV service provider will have to open its platform to Internet content providers over the Internet.
(...) After this, the IPTV service provider will acquire the contents from the Internet content provider.
Language:English
Score: 556495
-
https://www.itu.int/dms_pub/it...T-TUT-IPTV-2011-AISC-MSW-E.doc
Data Source: un
A detailed explanation is as follows: The DSF service provider configures the single virtual volume based on the cloud storages provided by DSF local storage provider. (...) In addition, DSF service providers provide real-time monitoring of the performance of each data storage and use it with a mirroring mechanism to provide optimized services for stability and performance. For example, when a DSF service customer uses his or her own data, virtual data storage provides a service by selecting a data storage that can provide optimal service among the mirrored data storage; B. enhancement of performance without storage mirroring (b): DSF service provider provides real-time performance monitoring for each data storage.
Language:English
Score: 556002.93
-
https://www.itu.int/en/publica.../files/basic-html/page284.html
Data Source: un
A detailed explanation is as follows: The DSF service provider configures the single virtual volume based on the cloud storages provided by DSF local storage provider. (...) In addition, DSF service providers provide real-time monitoring of the performance of each data storage and use it with a mirroring mechanism to provide optimized services for stability and performance. For example, when a DSF service customer uses his or her own data, virtual data storage provides a service by selecting a data storage that can provide optimal service among the mirrored data storage; B. enhancement of performance without storage mirroring (b): DSF service provider provides real-time performance monitoring for each data storage.
Language:English
Score: 556002.93
-
https://www.itu.int/en/publica.../files/basic-html/page142.html
Data Source: un
22 May 2008 Palais des Nations, Geneva
1.1
Introduction
In the Cybersecurity Ecosystem, it is infrastructure- based capabilities that are most important Cybercrime arrangements are worth little except as they drive infrastructure forensic capabilities Among infrastructure-capabilities, it is trusted Identity Management that is most important Infrastructure includes all telecommunications/ICT of which internets are just a small part Among Identity Management, it is trusted service provider identity capabilities that are the most important These capabilities have also the largest benefit-cost ratio: easily and quickly achievable at negligible cost and adverse impact The challenge is how to bring about infrastructure- based cybersecurity capabilities, especially global interoperable trust
Universal Trusted Service Provider Identity is essential
Significantly diminishes existing and potential threats for
Governments Providers Consumers
Enhances infrastructure stability Provides developers and service providers with new “trust service” opportunities A universal service provider trust infrastructure can be implemented quickly, easily, and at minimal cost
Trusted-SPID is like doing a “fingerprint” check on the identity of a Service Provider
Service Provider = everyone except end users (enhances privacy)
1995-2008: the cybersecurity “Perfect Storm”
Service Provider trust that is essential for network security was provided by
closed, fixed networks operating under substantial domestic and international regulatory regimes
During the past decade open public networks (e.g., Internet), wireless, nomadicity, globalization, smart terminal devices, application providers, and a shift away from legacy regulatory regimes without the development of any kind of underlying global service provider trust infrastructure
The problem: provider identity and trust have disappeared
In the legacy telecom world, service providers were identified and trust levels established through common carrier regulation
In the IP-enabled, deregulated network world, it is difficult to identify who the service providers are, much less assess trust levels
? (...) The lack of a trust infrastructure produced inevitable results
“Battlefield conditions” Provider fraud, identity theft, phishing, SPAM, “phantom traffic,” Denial of Service attacks, CallerID spoofing, Critical Infrastructure vulnerabilities, etc
The increasing transition of public IP- enabled network infrastructures will exacerbate vulnerabilities The problems and abuses will likely continue to increase significantly without effective Service Provider identity trust remedies
What is required?
A network platform for a universally recognized, globally unique identifier (a kind of call-sign) for each provider the ability to allow instant interoperable discovery and lookup of identity “trust information” associated with the provider
Enable other providers and users to make trust decisions when relying on a provider’s identity and assertions in any context or situation Governmental and Intergovernmental action to implement the platform
Historically a basic role of the ITU and governments Unlikely to occur without governmental support
Enabling Service Provider Trust
666. 01.6
6666 661+
525.02.12345678+ 464.01.87654321+
333.10.12345678+
What trust information is available for 333.10.12345678+
Standard universal “overlay” means for discovering and providing structured Service Provider Trust Information
Standard universal means of uniquely identifying Service Providers and capturing available structured Trust Information
Needs for Trusted Service Provider Identity
Amongst Service Providers
End Users Government
Infrastructure security and integrity
Access trust Critical infrastructure protection
Traffic exchange and settlements
Transaction trust, i.e., minimize fraud
Emergency telecommunication services
Roaming settlements Protection against identity theft
Law enforcement forensics
Content IPR protection, controls and fee settlements
Protection of Personally Identifiable Information
Public safety services
Access of content/application providers to traffic termination providers
Preventing unwanted intrusions, e.g., SPAM, cyberstalking
Universal Service contributions
Threat management; incident response trust capabilities
Trusted Caller/Sender ID Number resource allocations
Federation interoperability; provider bridging capabilities
Government network security and integrity
“Network Neutrality” Disability assistance “Network Neutrality”
Service Provider Trust Information
Service Provider Credentials o X.509 PKI digital certificates o Other credentials
Service Provider Assigned identifiers
o Operational identifiers (e.g., OIDs, ITU Carrier Codes, E.212 MCC/MNCs, Autonomous System Number blocks, IP address handles)
o Signalling point codes (SANS) o Public safety and emergency telecommunications identifiers o Billing and settlement identifiers o Regulatory identifiers o Tax identifiers o Law Enforcement identifiers (LI and retained retention)
Service Provider Allocated Public Numbering Resources
o E.164 number blocks o IPv4/v6 addresses blocks o Autonomous System Number blocks
Service Provider Attributes o Legal name o Business names o Headquarters jurisdiction o Billing and settlement attributes o Federations o Emergency services authorizations and capabilities o Disability assistance capabilities o Customer support contacts o Privacy support capabilities o Additional regulatory, infrastructure protection, and security
attributes
Service Provider Patterns o Reputation datastores or metadata
Trusted Service Provider Identity Architecture
TSPID Registration Authority
1.Accepts TIPs
2.Places TIPS in Query system
3.Issues unique SPID
Identifier + digital key
TSPID Registration Authority
1.Accepts TIPs
2.Places TIPS in Query system
3.Issues unique SPID
Identifier + digital key
Other Providers & End Users
1.Gets appropriate TAP for a transaction
2.Queries for TIPS from Registration Authority
3.Obtains Service Provider Trust Information
4.Assesses trust level
Other Providers & End Users
1.Gets appropriate TAP for a transaction
2.Queries for TIPS from Registration Authority
3.Obtains Service Provider Trust Information
4.Assesses trust level
TSPID Information Profile (TIP)
TSPID Information Profile (TIP)
Service Provider
1.Submits TIPS
2.Receives SPID Identifier + digital key
Service Provider
1.Submits TIPS
2.Receives SPID Identifier + digital key
TSPID Information Profile (TIP)
TSPID Information Profile (TIP)
TSPID Information Profile (TIP)
TSPID Information Profile (TIP)
TSPID Assurance
Profile (TAP)
TSPID Assurance
Profile (TAP)
Service Provider Trust Information
Service Provider Trust Information
Service Provider Trust Information
Service Provider Trust Information
Service Provider Trust Information
Service Provider Trust Information
TSPID Assurance
Profile (TAP)
TSPID Assurance
Profile (TAP) TSPID
Assurance Profile (TAP)
TSPID Assurance
Profile (TAP)
Published templates that describe how to express Service Provider Trust Information
Published templates that describe how to express Service Provider Trust Information
Published templates that describe how to assess Service Provider Trust Information
Published templates that describe how to assess Service Provider Trust Information
Service Provider Trust Information can exist either at
the Registration Authority or at any accessible network
address
Service Provider Trust Information can exist either at
the Registration Authority or at any accessible network
address
Trusted Service Provider Identity is core to cybersecurity
All technical implementation components exist today
Trusted SPID requirements can be readily implemented on many different technical platforms Highest performance platform is found in the past seven years of work on for telephone numbers and product codes on Domain Name System Standards activity now underway in ITU-T and regional/national standards bodies All of the “running code” is available, open-source with no intellectual property constraints Highly synergistic with ongoing trust “federation” activities, NGN, and other industry developments The work incents an existing developer community to produce new “trust applications”
All legal system implementation components exist today
ITU Constitution Art. 42 obligates signatories (nearly every nation) to take steps to avoid harm to facilities and telecommunications
Maintaining the integrity of telecommunication infrastructure and services goes back to earliest treaty instrument in 1850 The obligation became a core component of the 1903 draft wireless radio convention Became integrated in 1920 as an obligation to “organize as far as possible in such a manner as not to disturb the services of other Administrations…” Reflected in later instruments as an obligation “to avoid harmful interference” Expanded in 1989 in the ITU Constitution to avoid "technical harm…to the operation of other telecommunication services of other Member States”
Every nation has the authority to implement registration capabilities for those constituting public ICT/telecommunication networks or offering services to the public over those networks
Registration authority is widely implemented by telecom regulatory, justice, infrastructure protection, consumer protection, tax, and business agencies
A requirement to register is not “regulation”
Is history repeating itself
One hundred years ago New wireless digital networks and services were operating in chaos and harming each other's communications Nations joined together to adopt basic global norms and mechanisms
Cooperate to minimize harm to another party’s infrastructure and communications Facilitate interoperation Institute trusted service provider identity
Agreement was finally achieved immediately after Titanic sinking
Language:English
Score: 555938.53
-
https://www.itu.int/osg/csd/cy...080522_wsisC5_session2_1.1.pdf
Data Source: un
Page 828 - Cloud computing: From paradigm to operation
Basic HTML Version
Table of Contents
View Full Version
Page 828 - Cloud computing: From paradigm to operation
P. 828
5 Intercloud and interoperability 3.1.7 peer cloud service [ITU-T Y.3502]: A cloud service of one cloud service provider which is used as part of a cloud service of one or more other cloud service providers. 3.1.8 peer cloud service provider [ITU-T Y.3502]: A cloud service provider who provides one or more cloud services for use by one or more other cloud service providers as part of their cloud services. 3.1.9 primary cloud service provider [ITU-T Y.3511]: In inter-cloud computing, a cloud service provider which is making use of cloud services of peer cloud service providers (i.e., secondary cloud service providers) as part of its own cloud services. 3.1.10 role [ITU-T Y.3502]: A set of activities that serves a common purpose. 3.1.11 secondary cloud service provider [ITU-T Y.3511]: In inter-cloud computing, a cloud service provider which provides cloud services to a primary cloud service provider. NOTE – The primary cloud service provider can use the services of secondary cloud service providers as part of its services offered to cloud service customers. 3.1.12 sub-role [ITU-T Y.3502]: A subset of the activities of a given role. 3.2 Terms defined in this Recommendation None. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: API Application Programming Interface BSS Business Support System CSC Cloud Service Customer CSP Cloud Service Provider CSU Cloud Service User KPI Key Performance Indicator OSS Operations Support System QoS Quality of Service SLA Service Level Agreement 5 Conventions None. 6 Overview 6.1 Inter-cloud functional architecture with different patterns Inter-cloud computing describes the interworking of cloud service providers (CSPs) in order to deliver cloud services to cloud service customers (CSCs) and cloud service users (CSUs) [ITU-T Y.3511]. (...) CSP A plays the role of secondary CSP when providing services to CSP B, who plays the role of primary CSP and provides services to its own customers, CSC B1 and CSC B2 (highlighted by grey coloured arrows). 820
823 824 825 826 827 828 829 830 831 832 833
Language:English
Score: 555702.54
-
https://www.itu.int/en/publica.../files/basic-html/page828.html
Data Source: un
Transport Service Provider (Carrier or Forwarder)
The provider i.e. seller of transport services as stipulated in a Transport Service Contract.
(...) Begins When The Transport Service Buyer sends a Booking Request to the Transport Service Provider
Ends When The Transport Service Provider returns a Response back to the Transport Service Buyer.
(...) ● The Transport Service Provider confirms the booking to the Transport Service Buyer.
Language:English
Score: 555572.5
-
https://unece.org/fileadmin/DA.../cefact/brs/BRS_Booking_v1.pdf
Data Source: un
A service provider can optionally operate a network. (...) NOTE - This configuration applies also to the relation between an IPTV service provider and IPTV content providers.
Figure 6-1: Architecture for full integration by service provider For this configuration, the IPTV service provider will have to open its platform to Internet content providers over the Internet.
(...) After this, the IPTV service provider will acquire the contents from the Internet content provider.
Language:English
Score: 555509.57
-
https://www.itu.int/dms_pub/it...T-TUT-IPTV-2011-AISC-PDF-E.pdf
Data Source: un
Page 111 - Cloud computing: From paradigm to operation
Basic HTML Version
Table of Contents
View Full Version
Page 111 - Cloud computing: From paradigm to operation
P. 111
Framework and requirements for cloud computing 1 As is the case with the cloud service customer-cloud service provider relationship there are two functional components to the relationship between two cloud service providers: • the use of secondary provider cloud services by a primary provider; • the use of secondary provider's business and administration capabilities by the primary provider's CSP:cloud service operations manager and CSP:cloud service manager to establish and control the use of the secondary provider's cloud services. For the secondary provider, the primary provider assumes the role of a cloud service customer. Services of the secondary cloud service provider are offered to and used by customers of the primary cloud service provider.
Language:English
Score: 555245.6
-
https://www.itu.int/en/publica.../files/basic-html/page111.html
Data Source: un
