Digital ID and Authentication as a Platform Peter Watkins.

Slides:

Advertisements

Similar presentations

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Advertisements

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

Information Assurance Management Key Escrow Digital Cash Week 12-1.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

Secure Communication Architectures.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

Digital ID and Authentication Enabling Services for the Digital Economy IDENTITY NORTH November 20 th, 2012 Dave Nikolejsin Government.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP The Emerging Legal Framework for Identity and Access Management Thomas J. Smedinghoff.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.

Functional Model Workstream 1: Functional Element Development.

Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?

Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

, Josef NollNISnet NISnet meeting Mobile Applied Trusted Computing Josef Noll,

The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.

WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Click to edit Master title style © by Nat Sakimura. Coping with Information Asymmetry SESSION G: Managing Risk & Reducing Online Fraud Using New.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University

API Task Force Josh Mandel, Co-Chair Meg Marshall, Co-Chair December 4, 2015.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Data and Applications Security Developments and Directions

EMV® 3-D Secure - High Level Overview

Yahoo mail customer service helpline ( ) Canada/USA

2016 Annual CPNI Training CPNI & PI Awareness Beth Slough,

The E-Authentication Initiative

Matthew Levy Azure AD B2B vs B2C Matthew Levy

SharePoint Online Authentication Patterns

Appropriate Access InCommon Identity Assurance Profiles

Web Information Systems Engineering (WISE)

Presentation transcript:

Digital ID and Authentication as a Platform Peter Watkins

Canonical Use Cases Digital ID and Authentication Ecosystem The beer store The medical lab results The bank account

Canonical Use Cases Digital ID and Authentication Ecosystem The beer store The medical lab results The bank account

Step 0

Step 1

Touch “New Customer” Step 2

Be advised about what info they need, why, what they will do with it etc.. Step 3

Passcode and/or Card Tap etc. Authentication Step 4

Authentication and authorization agent shows you the request and asks you to proceed… Step 5

Full activation may take 24-48hrs; meanwhile… Step Done!

Considerations Key Actors Applicant (user) Bank app from the app store Government entity trusted for name, dob, address Agent (for the user) that ran on the phone

Considerations Not Shown Technical architecture, technical specifications, protocols Phone registration / agent activation Credential used during phone registration Credential issuance / activation User’s registration with government entity that provided name, dob, address Bank app development/developer/registration Agent accreditation/certification Privacy enabling infrastructure/services Assurance standards Evidence of identity standards …

Plan to see session by Dick Hardt on Authentication and Authorization Privacy Protecting Protocol A2P3 Tomorrow

Segue… Even with answers to all the previous items How was it that the bank was able to meet its obligations per: KYC/AML etc. through this approach?

What else?

Barriers to Collective Success (some of the things we have to talk about, or ignore at our peril) Ensuring Privacy By Design Liability Rules Reputation Risk Ubiquity Of Platform Access, Interoperability Equality Of Service Irrespective Of Technology Access, (Dis)ability, Age, Etc. What Will The Trust Frameworks Be? Compelling Use Cases Responsibility to Educate Consumers Enabling Consumer Power – Vs. Relying Party Power – Vs. Identity Provider Power