Identity Management in a Fixed-Mobile Convergent Environment
MetadataShow full item record
The unification of fixed and mobile telecommunication networks could potentially lead to new and better services for the customers and allow telecommunication operators to re-use existing network infrastructure and lower costs. However, even with the advantageous offer by unification, this has not been realized in practice. A major problem has been with the concepts and use of identities in the different fixed and mobile networks. To be able to converge the different networks, the challenges related to identity must be handled. This paper looks at the Liberty Alliance, OpenID, Microsoft CardSpace and SAML 2.0 identity management systems, and how these systems, or parts of their functionalities, could be used to provide identity management in telecommunication networks. Next a study was performed on the structure and concepts of identity in the PSTN, ISDN, ADSL, VoIP, GSM and IMS systems, and this was used to get an accurate assessment of the problems related to identity in the existing systems. Based on the information gathered, the specification of an identity federation for fixed-mobile networks was defined. This identity federation allows fixed and mobile networks and services provided by both operators and third-parties (including Internet services) to be unified into a single circle of trust with a common platform for identity management, authentication and authorization across all systems and services. This identity federation also provides the telecommunication operators with the opportunity to act as identity providers, and provide this as a service to third-party service providers. An architecture for the fixed-mobile convergent environment was designed and specified based on the identity federation. The primary focus when designing the architecture was to provide seamless authentication similar to that of single sign-on to all systems and services and identity mapping between both fixed and mobile subscribers in the convergent network. The architecture solves this by a number of methods. One was to define a new component responsible for the identity mapping and identity provider service called Identity Mapping System (IDMS). Another one was to add new interfaces and functionalities to existing systems and components, and the last was to define extensions and new messages to the SIP protocol to facilitate the communication of this new functionality. An implementation of the architecture was developed for testing purposes and as a proof of concept. Tests scenarios were defined and executed using this implementation, and resulting network traffic was captured and analyzed.