DOCSLIB.ORG

The Venn of Identity Options and Issues in Federated Identity Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Venn of Identity Options and Issues in Federated Identity Management Identity Management The Venn of Identity Options and Issues in Federated Identity Management Federated identity management lets users dynamically distribute identity information across security domains, increasing the portability of their digital identities. It also raises new architectural challenges and significant security and privacy issues. EVE MALER espite aging and psychological and cosmetic Identity Sun changes, who you are as a person is fairly management Microsystems constant—Eve and Drummond will remain Eve and Drummond over time. The same and single sign-on DRUmmOND Disn’t true of your digital identity. Currently, eve@ Although many objects have digital identities—from Reed xmlgrrl.com is tied to Eve, for example, but might RFID-tagged equipment to software applications to Cordance later be tied to someone else or disappear entirely. companies—digital identities for humans raise the This is just one of the challenges people have with most interesting issues and challenges, whether in an digital identities. enterprise context or on the open Internet. Federated identity management is a set of tech- Large-enterprise IT departments view identities nologies and processes that let computer systems as the user accounts for employees (and others) that dynamically distribute identity information and they manage through a user store (often based on the delegate identity tasks across security domains. Fed- Lightweight Directory Access Protocol). As enterpris- erated identity is the means by which Web appli- es grow, management teams must synchronize their cations can offer users cross-domain single sign-on account stores, both to ensure proper account provi- (SSO), which lets them authenticate once and there- sioning and to govern users’ application access. Due after gain access to protected resources and Web to mergers, acquisitions, and joint ventures, however, sites elsewhere. enterprises often find that managing identities this However attractive its benefits, federated identity way is costly and brittle. imposes costs as well, entailing new and increased Most Web sites and applications view identities as security and privacy risks because it shares valuable the accounts they host on behalf of their users, who information across domains using loosely coupled access email, buy goods, engage in social activities, network protocols. Such risks require mitigation, and so on. While Web applications manage user ac- which can range from preventing message replay to counts much as their enterprise counterparts do, users collecting user consent for data sharing in both on- tend to think of these identities as personal resources line and offline scenarios. under their own control. And, unlike in enterprise Here, we describe the federated identity model and scenarios, the biggest problems with Web identity are discuss its security and privacy risks and architectural borne by users: they must create and remember their challenges. We also profile three popular federated usernames and passwords for each site, populate each identity protocols for implementing the model: the profile with the same data, and remember each site’s Security Assertion Markup Language (SAML),1 the arcane rules. OpenID specification,2,3 and the InfoCard specifica- Federated identity offers solutions to many prob- tion underlying Microsoft’s Windows Cardspace.4 lems shared by both environments, and SSO is often 16 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/08/$25.00 © 2008 IEEE ■ IEEE SECURITY & PRIVACY Identity Management the first federated identity capability that organiza- SSO, in which an IdP, such as a health insurance site, tions add. SSO offers Web users a friendlier experience acts as a portal through which Alice accesses various through a more consistent and less frequent login proc- SPs, such as online pharmacies and billing statement ess, and gives employees more time to make products aggregators. In either case, if Alice’s relationship with or provide services. Further, combining SSO with ac- an SP predates her IdP relationship, the IdP and the count linking lets Web portals unify diverse online SP accounts must be linked (with her permission) to interactions—a popular feature that can, for example, make SSO successful. let e-government initiatives present many different When the architecture separates the identity infor- agency sites as a unified whole. Finally, SSO can sim- mation’s source from its usage, everyone benefits: plify the architecture of each participating site. SSO involves sharing information about when • Alice can log in once—with one set of credentials— and how users authenticate using a particular iden- and access multiple Web sites without revealing her tity. It can also involve sharing user attributes such as credentials to all of them. employee roles and shipping addresses. With all this • SPs can delegate many account-management tasks information in hand, receiving sites can make sophis- (such as password resets) and receive accurate just- ticated authorization decisions, such as ensuring that in-time user data. managers see only their direct reports’ salaries, and • IdPs can focus on improving authentication meth- present customized user interfaces, such as automati- ods and adding attractive features to account- cally calculating shipping costs and schedules based on management interfaces. the user’s address. But this loose coupling of identity tasks also introduces Overview: Federated identity model several security, privacy, and architectural challenges. Whenever a human is involved in an identity interaction, the federated model involves four logical components: Security considerations Like all outsourcing, federated identity can offer bet- • The user is a person who assumes a particular digi- ter service at a lower cost, but it also entails new risks. tal identity to interact with an online network First, federated identity involves crossing security application. domains. Ideally, all parties should secure their com- • The user agent is a browser or other software applica- munication channels against replay attacks, man-in- tion that runs on anything from a PC to a mobile the-middle attacks, session hijacking, and other threats phone to a medical device. A user’s online interac- that allow malicious use of user information or Web tions always take place through an agent, which can resources. In an HTTP context, security architects passively allow identity information flow or actively consider Secure Sockets Layer/Transport Layer Secu- mediate it. rity (SSL/TLS) with mutual authentication as a secu- • The service provider (SP) site is a Web application— rity baseline. Still, application deployers often avoid, such as an expense-reporting application or an open overlook, or only partially implement this step. source community—that offloads authentication to User authentication is another weak link in the a third party, which might also send the SP some Web identity chain. Currently, most sites rely on user attributes. Because the SP relies on external in- username/password pairs because this method poses formation, it’s often called a relying party (RP). the smallest initial burden for users and site admin- • The identity provider (IdP) is a Web site that users log istrators. However, it’s notoriously weak and suscep- in to and that sometimes stores attributes of com- tible to phishing attacks. mon interest to share with various SPs. For SPs, federated identity is less expensive than In SSO, data about identification, authentication, Most sites rely on username/password pairs and sometimes attributes flows from the IdP to the SP. However, SSO has several variants, each of which because this method poses the smallest initial dictates different flows and data choices. To illustrate this, we’ll offer examples with a user named Alice. In burden for users and site administrators. It’s one common variant, Alice begins her browsing at an SP, such as an investment management site, which she notoriously weak to phishing attacks. might visit frequently by using a browser bookmark. If Alice wants to access protected resources there, implementing a high-quality authentication infra- the SP must send an explicit authentication request structure because it offloads the authentication task to Alice’s bank (the IdP). This pattern is known as to an IdP. However, IdP-based SSO can magnify the SP-initiated SSO. An alternative pattern is IdP-initiated costs of a stolen password because it expands the scope www.computer.org/security/ ■ IEEE SECURITY & PRIVACY 17 Identity Management of malicious activity. Most SSO protocols offer ways she’s of legal drinking age. To achieve similar “un- to mitigate this risk. For example, they might limit to linkability,” federated identity protocols must apply a minute or less the valid lifetime of the security to- special data flows and careful encryption to prevent ken that an IdP sends to SPs; some protocols also offer IdP visibility into a user’s SP relationships.5 a single logout (SLO) feature that offers users near- simultaneous sign-out of all SSO-accessed Web sites. Architectural challenges Also, while most protocols let the parties to federated Federated identity’s loosely coupled nature presents identity interactions choose the authentication meth- interesting design challenges. od used, they usually offer a way for IdPs to describe the method they applied in each instance so that SPs IdP discovery. To provide portal-style IdP-initiated can consider it when making authorization decisions.
Load more

Recommended publications
  • Trusted Computing Or Distributed Trust Management?
    Trusted computing or distributed trust management? Michele Tomaiuolo Dipartimento di Ingegneria dell’Informazione Università di Parma Via Usberti, 181/A – 43100 Parma – Italy [email protected] Abstract Nowadays, in contrast with centralized or hierarchical certification authorities and directory of names, other solutions are gaining momentum. Federation of already deployed security systems is considered the key to build global security infrastructures. In this field, trust management systems can play an important role, being based on a totally distributed architecture. The idea of distributed trust management can be confronted with the concept of trusted computing. Though having a confusingly similar denomination, the different interpretation of trust in these systems drives to divergent consequences with respect to system architectures and access policies, but also to law, ethics, politics. While trusted computing systems assure copyright holders and media producers that the hosting system will respect the access restrictions they defined, trust management systems, instead, allow users to grant trust to other users or software agents for accessing local resources. Keywords Data security, Security Management, Authentication, Authorization, Intellectual Property Rights, Information Access, Digital Books, Multimedia, Web Technologies Introduction A number of architectures and systems are being proposed as a ground for improved interoperability among diverse systems, mainly exploiting the idea of service-oriented architecture. Yet, some issues remain open. In fact, composition of services requires some delegation of goals and duties among partners. But these delegations cannot come into effect, if they’re not associated with a corresponding delegation of privileges, needed to access some resources and complete delegated tasks, or achieve desired goals.
    [Show full text]
  • Verified Implementations of the Information Card Federated Identity
    Verified Implementations of the Information Card Federated Identity-Management Protocol Karthikeyan Bhargavan∗ Cédric Fournet∗ Andrew D. Gordon∗ Nikhil Swamy† ∗Microsoft Research †University of Maryland, College Park ABSTRACT We describe reference implementations for selected configurations of the user authentication protocol defined by the Information Card Profile V1.0. Our code can interoperate with existing implemen- tations of the roles of the protocol (client, identity provider, and relying party). We derive formal proofs of security properties for our code using an automated theorem prover. Hence, we obtain the most substantial examples of verified implementations of crypto- graphic protocols to date, and the first for any federated identity- management protocols. Moreover, we present a tool that down- loads security policies from services and identity providers and Figure 1: InfoCard: Card-based User Authentication compiles them to a verifiably secure client proxy. Categories and Subject Descriptors and (2) to check consistency between the reference implementation and the informal specification in the same way as for any imple- D.2.4 [Software Engineering]: Software/Program Verification mentation, via interoperability testing with other implementations. This paper reports the techniques underpinning the most com- Security, Verification General Terms plex examples to date of such verified implementations. Keywords Information Card Profile V1.0 (InfoCard). We have built and Cryptographic protocol verification, Verified implementations, Web verified reference implementations of various configurations of the Services Security, Federated identity management, CardSpace. card-based user authentication protocol defined by the Information Card Profile V1.0 [InfoCard Guide, Nanda, 2006]. We refer to this 1. INTRODUCTION protocol as InfoCard. InfoCard is the core of a federated identity-management frame- Verified Reference Implementations of Protocols.
    [Show full text]
  • Cardspace Web Integration
    A Guide to Supporting Information Cards within Web Applications and Browsers as of the Information Card Profile V1.0 December 2006 Author Michael B. Jones Microsoft Corporation Copyright Notice © 2006 Microsoft Corporation. All rights reserved. Abstract The Identity Metasystem allows users to manage their digital identities from various identity providers and employ them in different contexts where they are accepted to access online services. In the Identity Metasystem, identities are represented to users as “Information Cards” (a.k.a. “InfoCards”). One important class of applications where Information Card- based authentication can be used is applications hosted on web sites and accessed through web browsers. This paper documents the web interfaces utilized by browsers and web applications that support the Identity Metasystem. The information in this document is not specific to any one browser or platform. This document supplements the information provided in two other Information Card Profile references: the Guide to the Information Card Profile V1.0 [InfoCard-Guide], which provides a non-normative description of the overall Information Card model, and the Technical Reference for the Information Card Profile V1.0 [InfoCard-Ref], which provides the normative schema definitions and behaviors referenced by the Guide to the Information Card Profile V1.0. Status The Information Card Profile V1.0 was used to implement Windows CardSpace V1.0, which is part of Microsoft .NET Framework 3.0 [.NET3.0], and Internet Explorer 7. Other implementations following these specifications should be able to interoperate with the Microsoft implementation. Version 1.0 Page 1 of 13 Table of Contents 1. Introduction 2.
    [Show full text]
  • Security Policy Page 1 of 20
    Security Policy Page 1 of 20 Security Policy This security policy contains data to configure services and network security based on the server’s role, as well as data to configure registry and auditing settings. Server: VENGWIN207 Services Service Name Startup Mode Description Issues, manages, and removes X.509 certificates for such applications such as Active Directory Certificate S/MIME and SSL. If the service is stopped, Disabled Services certificates will not be issued. If this service is disabled, any services that explicitly depend on it will fail to start. AD DS Domain Controller service. If this service is stopped, users will be unable to log Active Directory Domain Services Disabled on to the network. If this service is disabled, any services that explicitly depend on it will fail to start. AD FS Web Agent Authentication The AD FS Web Agent Authentication Service Disabled Service validates incoming tokens and cookies. Adobe Acrobat Updater keeps your Adobe Adobe Acrobat Update Service Automatic software up to date. Sends logging messages to the logging database when logging is enabled for the Active Directory Rights Management Services role. If this service is disabled or stopped AdRmsLoggingService Disabled when logging is enabled, logging messages will be stored in local message queues and sent to the logging database when the service is started. Processes application compatibility cache Application Experience Disabled requests for applications as they are launched Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this Application Host Helper Service Disabled service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
    [Show full text]
  • A One-Page Introduction to Windows Cardspace Michael B
    A One-Page Introduction to Windows CardSpace Michael B. Jones, Microsoft Corporation, January 2007 © 2007 Microsoft Corporation. All rights reserved. Many of the problems facing the Internet today stem from the lack of a widely deployed, easily understood, secure identity solution. Microsoft’s Windows CardSpace software and the “Identity Metasystem” protocols underlying it are aimed at filling this gap using technology all can adopt and solutions all can endorse, putting people in control of their identity interactions on the Internet. One problem people face is knowing whether they’re at a legitimate web site or a malicious site. This is an identity problem: a problem with reliably identifying authentic sites to their users. People also face numerous problems in identifying themselves to the sites they use. Username/password authentication is the prevailing paradigm, but its weaknesses are all too evident on today’s Internet. Password reuse, insecure passwords, forgotten passwords, and poor password management practices open a world of attacks by themselves. Combine that with the password theft attacks enabled by counterfeit web sites and man-in-the-middle attacks and today’s Internet is an attacker’s paradise. CardSpace is part of the solution to all of these problems. The Windows CardSpace software enables people to maintain a set of personal digital identities that are shown to them as visual “Information Cards”. These cards are easier to use than passwords. Furthermore, they employ strong cryptography, making them significantly more secure than passwords and other information typed into web forms. There are three participants in any digital identity interaction using CardSpace: Identity Providers issue digital identities for you.
    [Show full text]
  • Tweakhound, Windows 7 Beta Default Services
    Sheet1 Name Startup Type Adaptive Brightness Manual AppID Service Manual Application Experience Manual Application Information Manual Application Layer Gateway Service Manual Application Management Manual Background Intelligent Transfer Service Automatic (Delayed Start) Base Filtering Engine Automatic BitLocker Drive Encryption Service Manual Block Level Backup Engine Service Manual Bluetooth Support Service Manual BranchCache Manual Certificate Propagation Manual CNG Key Isolation Manual COM+ Event System Automatic COM+ System Application Manual Computer Browser Automatic Credential Manager Service Manual Cryptographic Services Automatic DCOM Server Process Launcher Automatic Desktop Window Manager Session Manager Automatic DHCP Client Automatic Diagnostic Policy Service Automatic Diagnostic Service Host Manual Diagnostic System Host Manual Disk Defragmenter Manual Distributed Link Tracking Client Automatic Distributed Transaction Coordinator Manual DNS Client Automatic Encrypting File System (EFS) Manual Extensible Authentication Protocol Manual Fax Manual Function Discovery Provider Host Manual Function Discovery Resource Publication Automatic Group Policy Client Automatic Health Key and Certificate Management Manual HomeGroup Listener Manual HomeGroup Provider Manual Human Interface Device Access Manual IKE and AuthIP IPsec Keying Modules Automatic Interactive Services Detection Manual Internet Connection Sharing (ICS) Disabled IP Helper Automatic IPsec Policy Agent Manual KtmRm for Distributed Transaction Coordinator Manual Link-Layer
    [Show full text]
  • Next Generation Shopping and Windows Cardspace at Otto Group
    Next Generation Shopping and Windows CardSpace at Otto Group Next Generation Shopping needs next generation Identity Management Technologie 1 Next Generation Shopping and Windows CardSpace at Otto Group NEW LINE NEW About me . .NET Architect since 2001 . VB6 -> Migration from client server to SOA . Implemented a Security Token Service . Employed by ATE Software GmbH CIO Connected Identity & Directory Group . Technology, Technology, Technology . ATE is specialized for .NET 3.0 and architecture . Contact: . http://www.windowscardspace.de . [email protected] Technologie 2 Next Generation Shopping and Windows CardSpace at Otto Group NEW LINE NEW Agenda . The OTTO Group . Microsoft & Otto Group Strategic Partnership Digital Shopping Experience . Vista OTTO-Store: Next Generation Online Shopping . Demo . Why we decided to use Windows CardSpace . System Architecture . What´s next Technologie 3 Next Generation Shopping and Windows CardSpace at Otto Group NEW LINE NEW The Vista OTTO-Store overcomes traditional boundaries to pioneer a new shopping world Technologie 12 Next Generation Shopping and Windows CardSpace at Otto Group NEW LINE NEW Agenda . The Otto Group . Microsoft & Otto Group Strategic Partnership Digital Shopping Experience . Vista OTTO-Store: Next Generation Online Shopping . Demo . Why we decided to use Windows CardSpace . System Architecture . What´s next Technologie 13 Next Generation Shopping and Windows CardSpace at Otto Group NEW LINE NEW Why we decided to use Windows CardSpace as the first retail company worldwide? . We want to map to the common shopping manner . Otto backend is based on Intershop, so we talk about WebServices . We need a way to talk to this webservices in a secure manner .
    [Show full text]
  • Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers
    Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers Keith Brown Pluralsight, LLC Sesha Mani Microsoft Corporation 2 Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers Legal Information The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
    [Show full text]
  • An Efficient Windows Cardspace Identity Management Technique in Cloud Computing
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 3, Ver. VII (May-Jun. 2014), PP 61-66 www.iosrjournals.org An Efficient Windows Cardspace identity Management Technique in Cloud Computing Smita Saini1, Deep Mann2 1(Dept. of Computer Science Engineering, Lovely Professional University, India) 2(Dept. of Computer Science Engineering, Lovely Professional University, India) Abstract: Cloud computing provides the shared infrastructure to the user this lead to the privacy and security violation. Privacy is regarding to the user’s sensitive information that resides onto the cloud, unauthorized secondary usage of the data. Windows Cardspace is a digital identity management system that deals with the privacy. It is managed the digital identities inform of Security Token. This paper described the shortcoming of the windows Cardspace that direct to a privacy violation. First issue is reliance on the single layer authentication, second is relying on service provider judgment and third is token storage on cloud. This proposed work will overcome the limitation of the windows cardspace identity management solution. Keyword: windows Cardspace I. Introduction Web applications are moving toward the share infrastructure it raises the privacy and security issues for user data. Cloud computing provides the large storage capacity and platform to the user (There user can deploy services without installation). Users are stored his/her sensitive data onto cloud server but users are not aware how the data are used by administrator (lack of user control) this lead to the privacy violation. For accessing the services users sends a request to the service provider and service providers ask for the claims, these claims can be inform of name, email-id, date of birth, sensitive information(credit card information) and this lead to the phishing attack, identity theft and pharming attack.
    [Show full text]
  • Release Notes for Cisco CTI OS, Release 7.5(1)
    Release Notes for Cisco CTI OS, Release 7.5(1) April 13, 2011 Contents • Introduction, page 2 • System Requirements, page 2 • Related Documentation, page 2 • New and Changed Information, page 3 • Important Notes, page 17 • Resolved Caveats in the CTI OS 7.5(1) Release, page 17 • Open Caveats in CTI OS 7.5(1) Release, page 20 • Obtaining Documentation, Obtaining Support, and Security Guidelines, page 20 • Documentation Feedback, page 20 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2008-2011 Cisco Systems, Inc. All rights reserved. Introduction Introduction These release notes describe the new features and caveats for Cisco CTI OS release 7.5(1). Note To view the release notes for previous versions of Cisco CTI OS, go to: http://www.cisco.com/univercd/cc/td/doc/product/icm/icmentpr/ Before you install Cisco CTI OS, Cisco recommends that you review the section Important Notes, page 17 for information about issues that may affect your system. For a list of the open and resolved caveats for Cisco CTI OS Release 7.5(1), see the Resolved Caveats in the CTI OS 7.5(1) Release, page 17 and the Open Caveats in CTI OS 7.5(1) Release, page 20. Updates for these release notes occur with every maintenance release and major release. Note While CTI OS Release 7.5(1) supports updates from previous releases, Release 7.5(1) requires a full installation/setup. No rollback is available. The CTI OS software Release 7.5(1) supports: • ICM Enterprise Edition [Unified Intelligent Contact Management Enterprise (ICME)] • ICM Hosted Edition [Unified Intelligent Contact Management Hosted (ICMH)] • IPCC Enterprise Edition [Unified Contact Center Enterprise (CCE)] – System IPCC Enterprise Edition [Unified System Contact Center Enterprise (SCCE)] • IPCC Hosted Edition [Unified Contact Center Hosted (CCH)] Additional information on new features, and on many of the product changes, is available in the relevant end-user documentation.
    [Show full text]
  • Managing the Windows 7 Desktop Environment
    Chapter 5 Managing the Windows 7 Desktop Environment INFORMATION IN THIS CHAPTER ■ Local Management Tools ■ Managing Hardware Devices and Drivers ■ Managing Disks and File Systems ■ Summary Windows 7 comes with a variety of tools for managing your system. There are tools for managing the local system, managing hardware and devices, and managing disks and file systems. Some of these tools are new, and some have been around for a while. Windows 7 can be a quite complex operating system. So you need to make sure that you understand all the tools that have been created to make the job of managing systems easier. LOCAL MANAGEMENT TOOLS Windows 7 includes many management tools to help manage your system. We will review a few of the most commonly used ones. These are as follows: ■ Control Panel ■ Microsoft Management Console 3.0 ■ Computer Management Console ■ Local Group Policy Editor ■ Windows Registry Each of these management tools serves a different purpose and provides dif- ferent functionality. It’s important that you have a good understanding of all these tools in order to properly manage your system. © 2010 Elsevier Inc. All rights reserved. DOI: 10.1016/B978-1-59749-561-5.00005-X 305 306 CHAPTER 5 Managing the Windows 7 Desktop Environment Control Panel The Control Panel has long been a central place to go to configure your Win- dows system. The look has changed over the years, but tools have stayed pretty similar, with a few additions. The Windows 7 Control Panel is broken down into several categories and subcategories. Control Panel is accessed from the Start menu.
    [Show full text]
  • Gs Ins 006 V1.1.1 (2011-11)
    ETSI GS INS 006 V1.1.1 (2011-11) Group Specification Identity and access management for Networks and Services; Study to Identify the need for a Global, Distributed Discovery Mechanism Disclaimer This document has been produced and approved by the Identity and access management for Networks and Services (INS) ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. 2 ETSI GS INS 006 V1.1.1 (2011-11) Reference DGS/INS-006 Keywords access, control, ID, management, network, service ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]