OpenID Connect identifies a set of personal attributes that can be exchanged between Identity Providers and the apps that use them, and includes an approval step so that users can consent (or deny) the sharing of this information.
<rephrase>Mobile Connect service is a single, trusted, mobile phone number-based authentication solution</rephrase>
<quote>The standard-based Mobile Connect service will utilise the OpenID Connect protocol, offering broad interoperability across mobile operators and service providers, further ensuring a seamless experience for consumers. </quote>
Supporters: Axiata Group Berhad, China Mobile, China Telecom, Etisalat, KDDI, Ooredoo, Orange, Tata Teleservices, Telefónica, Telenor, Telstra, VimpelCom.
With the rapid growth of GSM telecommunication, special requirements arise in digital forensics to identify mobile phones operating in a GSM network. This paper introduces a novel method to identify GSM devices based on physical characteristics of the radio frequency hardware. An implementation of a specialised receiver software allows passive monitoring of GSM traffic along with physical layer burst extraction even for handover and frequency hopping techniques. We introduce time-based patterns of modulation errors as a unique device-dependent feature and carefully remove random effects of the wireless communication channel. Using our characteristics, we could distinguish 13 mobile phones at an overall success rate of 97.62% under realworld conditions. This work proves practical feasibility of physical layer identification scenarios capable of tracking or authenticating GSM-based devices.
Federated identity management (FIM) enables a user to authenticate once and access privileged information across disparate domains. FIM’s proponents, who see the technology as providing security and ease of use, include governments and leaders in the IT industry. Indeed, a cornerstone of the current U.S. government’s efforts to secure cyberspace is its “National Strategy for Trusted Identities in Cyberspace” (U.S. Department of Commerce, 2011). Yet adoption of federated identity management systems has been slow. From disputes over liability assignment for authentication failures to concerns over privacy, there have been many explanations for the slow uptake of federated identity management systems. We believe the problem is embedded in stakeholder incentives. We present an economic perspective of stakeholder incentives that sheds light on why some applications have embraced FIM while others have struggled. To do so, we begin by briefly analyzing seven use cases of successful and unsuccessful FIM deployments. From this we identify four critical tussles that may arise between stakeholders when engineering a FIM system. We show how the successful deployments have resolved the tussles, whereas the unsuccessful deployments have not. We conclude by drawing insights on the prospects of future FIM deployments.
The four areas are
Who gets to collect transactional data?
Who sets the rules of authentication?
What happens when things go wrong?
Who gains and who loses from interoperability?
Levels of Assurance of the U.S. National Institute of Standards and Technology (NIST)
(Level 1) => no identity proofing (bearer tokens)
(Level 2) => some identity proofing (some external authority, some revocation, etc.)
(Level 3) => verified identity documents, two-factor identification, crypto protection of the primary auth token
(Level 4) => in person only, hard crypto tokens, FIPS 140–2 plus more, data transfer tied to a bound auth token
Systems & Schemes
SAML 2.0 (Security Access Markup Language)
IdP data sharing to SPs is limited in practice
(with user consent) Google will share name, country, e–mail address and language (Google, 2011).
Facebook wins because it shares lots and lots of data with SPs
Programs (Government Programs)
Global Federated Identity and Privilege Management (GFIPM)
Department of Justice and Department of Homeland Security
a federated identity management system for the sharing of secure and trusted information.
Criminal Information Sharing Alliance Network (CISA)
The Pennsylvania Justice Network (JNET)
The Regional Information Sharing System Network (RISS)
The Georgia Institute of Technology
Table 2: Comparing use cases for their susceptibility to the tussles described earlier. A “yes” indicates that stakeholder interests are aligned, while a “no” indicates that the tussle is a source of conflict that may undermine the success of the identity management application.