Introduction of ISO/IEC Identity Proofing

Slides:

Advertisements

Similar presentations

DG INFSO- Grid Research & Infrastructures: W. Boch, M. Campolargo 1 Delivery of Industrial-strength Grid Middleware: establishing an effective European.

Advertisements

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

European Electronic Identity Practices Country Update of …………… Speaker: Date:

Functional component terminology - thoughts C. Tilton.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.

Intra-ASEAN Secure Transactions Framework Project Progress Report

Geneva, Switzerland, 4 December 2014 ISO work on Mobile Financial Services Patrice Hertzog, Chairman, ISO T68/SC7 ITU Workshop.

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

ISO Initiatives & CSR in the EU Deborah Evans Business Manager: Corporate Reporting & Assurance LRQA A member of the Lloyd’s Register Group.

Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.

Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.

Ronny Depoortere 19th March, 2012 Warsaw. Identification – Business Case The ability to uniquely identify citizens and foreign residents.

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

PIV 1 Ketan Mehta May 5, 2005.

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

The Porvoo Group Tapio Aaltonen Director, CA-services, co- chair Porvoo Group Population Register Centre Finland.

Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.

Some identification needs related to workers’ mobility eGovernment – eIDM ad hoc group meeting 4-5 May 2006 CBSS Crossroads Bank for Social Security Frank.

Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.

MEDIN Work Plan for By March 2011 MEDIN will be 3 years into the original 5 year development plan started in Would normally ask for continued.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,

Identity Assurance Emory University Security Conference March 26, 2008.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Geneva, Switzerland, September 2014 ITU-T SG 17 Identity management (IdM) Progress Report Abbie Barbir Ph.D., ITU-T Study Group 17 Q10/17 (Identity.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Geneva, Switzerland, September 2014 Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior.

Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.

Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.

An Overview on Risk Management

Cross-sector and user-centric AAI

HIPSSA/SA-1. HIPSSA/SA-1 Support for Harmonization of the ICT Policies in Sub-Sahara AfricaФ or the HIPSSA project is part of a programme funded by.

Guidance for the Cloud: An EU Example - CloudWatch

InCommon Steward Program: Community Review

Summary and Conclusions

Anupam Agrawal Chair Internet Society Kolkata Chapter

NIST Cybersecurity Framework

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

An introduction to ACSA

ICAO EUR HLSC Preparatory Seminar

The Role of European Standards in Support of the Cybersecurity Act

Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop

Assessing Combined Assurance

E-Commerce for Developing Countries (EC-DC)

PASSHE InCommon & Federated Identity Workshop

Update - Security Policies

Supporting communities with harmonized policy

HIMSS National Conference New Orleans Convention Center

Dashboard eHealth services: actual mockup

Session 5 Trust services and cloud security

ISO management systems

ITU-T Study Group 17 Security

Appropriate Access InCommon Identity Assurance Profiles

Introduction of ISO/IEC Identity Proofing

E-identities (and e-signatures)

Operator Based Authentication

Joint ITU-WHO Workshop on e-Health Standards and Interoperability (Geneva, Switzerland, April 2012) Session 7 chair’s notes from session 7 open.

Module 1.1 Overview of Master Facility Lists in Nigeria

Presentation transcript:

Introduction of ISO/IEC 29003 Identity Proofing ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority (& SC27 WG5) patrick.curry@federatedbusiness.org Geneva, Switzerland, 15-16 September 2014

Why is identity proofing so important? Trust is globally, strategically essential Authentication is key to trust Strength of credential usually depends on strength of enrolment & registration Core of enrolment is identity proofing and verification Situation is evolving fast and becoming more complex National eID Employee credentials Consumer credentials Low and high maturities Federation is key. Not to be confused with Mutual Recognition Geneva, Switzerland, 15-16 September 2014

Why is identity proofing so important? Strength of credential usually depends on strength of enrolment & registration. But: Anonymity Partial anonymity Pseudonymity Depends on the use case Geneva, Switzerland, 15-16 September 2014

What is identity proofing? Process from application to entry into a register = authoritative source Questions Does the identity exist? Can it be bound to a real person? Identity proofing Checking the application & evidence of identity for Level of Assurance (LoA) Checking binding to the subject Verification Examining corroborative sources of data Looking for contra-indicators No involvement with the subject Geneva, Switzerland, 15-16 September 2014

Business Administration Identity vs PII Identity Identity proofing and verification Eligibility Capability Service Delivery Business Administration Identity – the minimum number of attributes needed to determine one identity record from another. (core identity attributes) Some information will be about establishing that the identity information is real. Everything else is about eligibility, capability, business administration and service provision. Some could be used for more than one aspect e.g. Date of birth Identity – the minimum number of attributes that allow the person to be unique from all others in the context

Key points Identity is the minimum One identity proofing process will always rely on other previous processes – unless it is the first. Authentication is only the act of identifying a returning user. Geneva, Switzerland, 15-16 September 2014

The Key Entities Person Organisation Device Software Complicated Much national variation Organisation Register(s) of Legal Organisations 6 categories of attributes; 2 mandatory Device TPM best practice – where do FIDO and IBOPS fit? Secure issuance Software To be confirmed Geneva, Switzerland, 15-16 September 2014

The fast changing international situation National cyber strategies Cyber control frameworks Pressure for strong authentication New regulations EU eID Authentication & Signature Regulations Emerging US ID Verification standard Many national e-ID programmes More authentication requirements in supply chains Geneva, Switzerland, 15-16 September 2014

The role of international standards Enable interoperability = agility Enable deployment and affordability Reduces risks and costs Standards bodies need to: Engage with governments and industry Establish better coordination Move faster Geneva, Switzerland, 15-16 September 2014

Conclusions and Recommendations Too slow Spread the load Avoid gaps Broadening communities Based on national policies Become more proactive Collaborate with ISO and ? Framework approach Communicate better Governments need to participate Geneva, Switzerland, 15-16 September 2014