TR303A Federated Identity and Authentication Management for Multi-Domain Zero Trust Architecture: Requirements Snapshot v1.0.0

There are significant government programs supported by IT industry activity to improve cybersecurity resilience of the IT systems used by Critical Infrastructure Providers such as Communication Service Providers .

Several government programs are resulting in legal requirements and guidance to improve resilience thought adoption of modern security concepts including Zero Trust Architecture. The need for Federated Identity Management and Zero Trust support in ODA has been established from two sources of use cases:

  1. The Digital Business Marketplace Catalysts Phase 3, 4 and 5 results, where multiple partners, each with their own ODA instances and Identity Management Systems need to establish secure interactions and exchange of information.
  2. A Deutsche Telekom study on practical steps and opportunities to evolve Legacy OSS and BSS Systems to have finer grain Zero Trust based security as compared to current practice based on using Network Perimeter Zone security using enterprise Gateways.

In each use case it has been necessary to Federated Identity Provider (IdP) systems and establish trust and governance arrangements amongst them. In the first use case amongst different organizations, and in the second use case between  governance domains within a single organization. 

In analyzing these two use cases, it is apparent that the current ODA Architecture has not fully considered the implications of secure interactions between multiple ODA instances.

This snapshot is focused on capturing the known requirements for Federated Identity Management in ODA.

General Information

Document series: TR303A
Document version: 1.0.0
Status: Member Evaluated
Document type: Exploratory Report
Team approved: 16-Jun-2023
IPR mode: RAND
Published on: 19-Jun-2023
Date modified: 17-Jul-2023