Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Slides:



Advertisements
Similar presentations
TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.
Advertisements

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
Trustworthy Repository Criteria, Virtual Organizations, and Infrastructure MacKenzie Smith, MIT Libraries NDIIPP Meeting, July 2010.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap – DRAFT Version 1.0 Joint FACA Meeting Chartese February 10, 2015.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
1 Tuesday, August 16, 2005 W E B C A S T August 16, 2005 Policy Development Theory & Practice: An Emphasis on IT Pat Spellacy Director of Policy & Process.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
21st Century Customs Solution
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Circulation of authentic instruments under Regulation 650/2012 speaker – Ivaylo Ivanov – Bulgarian Notary Chamber.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The InCommon Federation The U.S. Access and Identity Management Federation
Authentication and Payments 27 June 2000 Ann Terwilliger Product Director eCommerce Authentication Visa International.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
1 Click to Check Public FTAA.ecom/inf/122 February 13, 2002 Original: English.
James Aiello PricewaterhouseCoopers Africa Utility Week 06 International Good Practice in Procurement.
Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO,
CORPORATE COMPLIANCE PROGRAM The Office of Corporate Integrity
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state November.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
The Insurance Fraud Register – progress so far and future aims Mark Allen Manager, Fraud & Financial Crime Association of British Insurers.
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
1 David C. Kibbe, MD MBA DirectTrust A Discussion About Scalable Trust May 9,
Consumer Authentication for Networked Personal Health Information Redwood Health Information Collaborative March 18, 2008 Josh Lemieux Director, Personal.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Scalable Trust Community Framework STCF (01/07/2013)
16/11/ Semantic Web Services Language Requirements Presenter: Emilia Cimpian
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
ATIS Identity Management Standards Development DOCUMENT #:GSC13-PLEN-37 FOR:Presentation SOURCE:ATIS AGENDA ITEM:Plenary; IdM and Identification Systems;
Advanced research and education networking in the United States: the Internet2 experience Heather Boyles Director, Member and Partner Relations Internet2.
Protecting your Managed Services Practice: Are you at Risk?
The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.
1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Authority Recognition GGF9
Higher Education’s Role in the Identity Ecosystem
Model Contract for Health
HIMSS National Conference New Orleans Convention Center
The E-Authentication Initiative
4th Annual Conference on Technology and Standards Washington
Presentation transcript:

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004

Copyright PingID Network, 2003 Identity Federation The Linking of Identity Systems Enables Cross-Boundary Security & Convenience

Copyright PingID Network, 2003 Thinking about the Issues Issues and component parts Technical Federation Standards: Liberty Alliance, SAML, WS-*, Shibboleth Certificates and Certificate Policy: Private industry (Verisign, Entrust), Identrus Privacy: ISTPA, Liberty Alliance Contracts are most common approach to formalizing specifics Existing business alliances augment contracts New federations attempt bilateral agreements

Copyright PingID Network, 2003 Don’t Underestimate the Challenges !! Dan Farber in his article on ZDNET referring to Tony Scott, CTO of General Motors (10/19/03): " The technology challenges, according to Scott, weren't significant, but the unforeseen business issues turned a three-month project into a year of hurdling social obstacles, such as coming up with agreements among the parties within the federation on enforcing compliance, liability definitions, dispute resolution procedures and auditing requirements"

Copyright PingID Network, 2003 Identity Federation Issues 1.Which standards and which versions for my business ? (that’s the easy part) 2.How to establish trust with federation partners ? 3.How to manage risk and liability ? 4.How to control costs ? 5.Will it scale ?

Copyright PingID Network, 2003 An Identity Network is the Solution An Identity Network provides … Minimum standards to establish Confidence Established Interoperability Test bed for new partners and new function Rules and regulations to control Risk and Liability Procedures to handle disputes Programs to address Risk Management Services to facilitate use, solutions, control

Copyright PingID Network, 2003 Members: Own & Govern the Network Operating Regulations: Defined by Membership Mutual Confidence: Minimum Standards and Reviews Risk of Identity Fraud: Management programs based on Pooling of breach data Analysis of data Security & transactional activity monitoring Liability : Definition and control Defined liability conditions Dispute resolution procedures, based on rules Programs: for compliance Compliance with industry-specific regulation, ie Health Federation specific agreements, processes Legal Framework

Copyright PingID Network, 2003 As the need for Federation expands… Adding New Partners to any Federation… Avoid negotiating new agreements on technology, process, risk, and liability Expand to new partners and provide new services quickly and easily Create effective risk management processes through Pooled expertise on breaches Network-wide deployment of risk techniques Network alert mechanisms to provide early warnings Take advantage of interoperability tools to avoid re-tooling

Copyright PingID Network, 2003 Network Overview Shared Legal Framework Standards | Risk | Liability | Quality | Disputes | Brand