IDM in telecom industry

IDM in Telecom

What is IDM?

What is Identity?

What is Digital Identity?

“Identity Management (IDM) comprises the set of

business processes, and a supporting infrastructure,

for the creation, maintenance, and use of digital

identities within a legal and policy context.”

http://www.ifour-consultancy.com Offshore software development company India

http://www.ifour-consultancy.com/




Key Steps in IDM

• Authentication : Verification that an entity is who/what it claims to be using a password, biometrics such as a fingerprint, or distinctive behaviour such as a gesture pattern on a touchscreen.

• Authorization : Managing authorization information that defines what operations an entity can perform in the context of a specific application. For example, one user might be authorized to enter a sales order, while a different user is authorized to approve the credit request for that order.

• Roles : Roles are groups of operations and/or other roles. Users are granted roles often related to a particular job or job function. For example, a user administrator role might be authorized to reset a user's password, while a system administrator role might have the ability to assign a user to a specific server.

• Delegation : Delegation allows local administrators or supervisors to perform system modifications without a global administrator or for one user to allow another to perform actions on their behalf. For example, a user could delegate the right to manage office-related information.






Why IDM in Telecom?

Telcos need to manage users efficiently and accurately while granting them access to telecom resources and managing the lifecycle of the customer account from the time it is created till it is deleted.

Keeping customers loyal through service personalization

Manage the flow of users entering, using, and leaving the telecom provider

Security improvements that reduce the risk of internal and external attacks.

Greater access to information by partners, and customers —

driving increased productivity, satisfaction, and revenue.

Eliminating duplicate identity data can streamline administration processes

and reduce TCO.






Features

Authorization/ Authentication

Digital Self-Portal

Single Sign-On

Attribute Query

Identity Linking






Features & Benefits

IDM Feature End User Benefit Operator Benefit

Single Sign On/Off Improved service experience through simplified sign-on (less admin time)

Fewer barriers (time and sign-on) to use of new apps/services

Improved security and privacy

Greater pull from Web parties to join operator’s circle of trust for more revenue opportunities

Improved customer satisfaction with smooth and rich data experience

Authorization / authentication

Trusted or strong authentication of end user needs (eg. mobile payments)

Control of unauthorized activity (eg parental control)

Faster activation of service with fewer barriers to use of new apps/services

Revenue stream for providing authentication (eg. legal age verification)

Improved customer service with convenience of additional services (eg. mPayments)






Features and Benefits Contd.

IDM Feature End User Benefit Operator Benefit

Attribute Query More personalized services from Web providers (quick and easy access to chosen services)

More relevant advertisements (less spam)

Revenue stream from advertisers for shared data

Revenue stream from Web 2.0 parties for valuable attributes like ‘legal age’ to activate a service

Less lead time to add third party services, for faster revenue collection

Digital self-portal

More control of shared personal data with parties involved via single portal (eg personal, work etc)

Less fear of exploring new services

Ability to flag desired personal services to range of Web 2.0 parties

Increased customer security builds trust in operator and more use of services

Greater pull from web parties to join operator’s circle of trust for more revenue sharing opportunities






Operators

Internet players(ASPs, third-party software vendors, content providers, ad companies)

Newservice opportunitiesStrong relationship

Identity provider

• Trusted provider of high-quality services

• Trusted billingrelationship

• Unique authentication capabilities

Focus on

Users1. Controlled access to

online applications2. Portable identities across

domains3. Protected user privacy

IdentityManagement

(IDM)

Business Transformation and the Role of Telecom Companies

Service provider

• Countless attractive services

• Need for user authentication






http://www.kpn.com/

http://www.kpn.com/

Challenges

Kinds of users Insiders

Outsiders

Providing flexible IDM to the user (data, identity and privacy)

IT support Forgotten passwords

Intruder lockouts.

Access denied errors

Change Management

Ensuring end-to-end consistency

User termination






Solutions

Enterprise Single Sign-on

Password Management

Directories

Meta-directories

Proper user-provisioning

Role-Based access control

Identity federation

“Diadalos” Architecture






11

Geneva, 9

-1

0

Febru

ary

2

00

9

Identity Management Framework

Identity federation

Attribute query/push

Authorization & trust managementMutual authentication

Single sign-on (SSO)

Customerprofiles

Close & trusted relationship with subscribers

and communities

Identity management will enable new revenue opportunities, and enhance the user experience

Network-agnostic identity management is the key component of tomorrow’s multi-access network

The role of identity information will evolve, strengthening the operator’s position in the value chain






Case

Designing a complete

IDM solution for SONATE

L

Profile

• The first telecom operator

in Senegal.

• A France Telecom

subsidiary.

Users • 2500 employees

in

4 African countries

• Offices in all of Senegal's

14 regions.

Benefits

• Central point to define and

audit accesses.

• Major reduction in the

number of passwords

used.

• Quick deletion of useless

accounts.

Challenges • Simplify and secure

access.

• Adapt to the existing

information system.

• Scale with market growth.






Tool – IBM TAMeb

TAMeb: Tivoli Access Manager for e-business

Provides an access control management solution to centralize network and application security policy for e-business applications.

IBM Tivoli Access Manager (TAM) is an authentication and authorization solution for corporate web services, operating systems, and existing applications.

Tivoli Access Manager runs on various operating system platforms such as Unix (AIX, Solaris, HP-UX), Linux, and Microsoft Windows.






IBM TAMeb - Architecture

The user makes a request for a Tivoli Access Manager protected resource. The policy enforcer (in this case WebSEAL) intercepts that request and collects the appropriate information from the user to verify his or her identity.

Once the user ID and password is verified against the user registry a second call is made to the user registry to create the user credential

Once the user credential is created it is returned to the policy enforcer for authorization

Authorization is performed using the authorization database replica that resides on the policy enforce






References Offshore software development company India

Symbiosis students Preyas Vasavada

Nikhil Karkera

Prateek Patni

Yogesh SHahdadpuri







Technology

IDM in telecom industry