John Wandelt Mar 2015
National Information Sharing and Safeguarding How can the ISE support? Reduce information sharing frictionReduce information sharing friction – increase volume and velocity, reduce cost and time, etc. Reduce RiskReduce Risk – Allow for better risk assessment and decision making - does not mean eliminate risk Increase Agility and ResiliencyIncrease Agility and Resiliency
Trusted Information Sharing Between Organizations Requires Agreement Resource Owner Resource Requester Resource Requester 3
Agreement Often Necessary Across Many Dimensions Resource Owner Resource Requester An agreement between stakeholders consisting of: Business Requirements Selection of standards and profiles of those standards Identity Proofing Acceptable credential types Levels of Assurance Levels of Protection- Security Controls Privacy Policies Auditing expectations Legal obligation and liability clauses Dispute resolution process Governance structure
Direct Trust 3 rd Party Trust Reputational Trust Residual Risk Trust Models and Concepts
It Is Challenging to Establish Trust Across a Large Diverse COI or ISE Resource Requester Resource Requester Resource Requester Resource Requester Resource Owner Resource Owner Resource Owner Resource Owner Resource Requester Resource Requester Resource Requester Resource Owner Resource Owner Resource Owner Resource Owner Resource Owner Resource Owner Resource Owner Resource Owner Resource Requester 6
Agreement (and Trust) Is Hard To Scale Agreement # of Participants, COIs, Use Cases The Need The Reality
Not all use cases are known up front Not all requirements are known up front Not all stakeholders are known up front Must leverage much of what is in place Adoption will happen over an extended period of time in varying degrees and rates By the time we think we get it figured out something will change…. ISE Facts of Life 8
Information Sharing Environment Challenge
The Perspective from the LE Community Required to share data across jurisdictions Law Enforcement COI has over 1 million people in the US alone 18,000 US LE agencies LE agencies are autonomous (NOT centrally funded) LE agencies are autonomous (NOT centrally funded) Trust between agencies is a fundamental requirement But must obey applicable access controls when sharing 3 rd party trust is required due to COI size and complexity Federal Agencies State Agencies Local Agencies Tribal Agencies Task Forces Fusion Centers LE agencies are highly heterogeneous Legitimate business need to interact with many other COIs Most users must have high-assurance credentials
ISE Vision: What if?
Realization: “Identity the Great Enabler”
Today’s Identity Mgmt. Macro Environment GFIPM is no longer the “only game in town” Must consider GFIPM touch-points to other IdM programs FICAM, SICAM, NSTIC, BAE, FirstNet, etc. Non-operational programs cannot lead the way Must incorporate operational experience into GFIPM specs
Identity Federation Implication Application (Service Provider) Application (Service Provider) Identity Provider Identity Provider User Application (Service Provider) Application (Service Provider) Application (Service Provider) Application (Service Provider) Application (Service Provider) Application (Service Provider) Application (Service Provider) Application (Service Provider) Standard Protocols So what about Trust, Liability, Security, Privacy, Interoperability? Decouple Identities from Applications! Attribute Provider Attribute Provider 14
15 ABA Trust Framework Perspective Contract: “I Agree” to... Existing Law Warranties Dispute Resolution Measure of Damages Enforcement Mechanisms Termination Rights Liability for Losses Existing Law Privacy Standards Credential Issuance Authentication Requirements Reliance Rules Audit & Assessment Oversight Credential Management Security Standards Identity Proofing Technical Specifications Enrolment Technical and Operational Specifications Legal Rules Enforcement Element 15
Trust Frameworks Business Requirements Selection of standards and profiles of those standards Identity Proofing Acceptable credential types Levels of Assurance Levels of Protection- Security Controls Privacy Policies Auditing expectations Legal obligation and liability clauses Dispute resolution process Governance structure CSDII 16
Current State of the Identity Ecosystem ISE A IDP AP RP IDP RP Federation B Federation B IDP AP RP IDP RP Community of Interest C Community of Interest C IDP AP RP IDP RP ID Trust Framework A ID Trust Framework B ID Trust Framework C There exist many Trust Frameworks. Each Trust Framework requires agreement across many dimensions. Many Trust Frameworks are monolithic and opaque. 17
Achieving Cross-Framework Trust ISE A IDP AP RP IDP RP Federation B Federation B IDP AP RP IDP RP Community of Interest C Community of Interest C IDP AP RP IDP RP Suppose this user needs access to this RP. ID Trust Framework A ID Trust Framework B ID Trust Framework C 18
National Identity Exchange Federation (NIEF) Objectives Share user identity and attribute information for authentication, identification, authorization, auditing Share agency and resource metadata information Provide onramp and roadmap other relevant ICAM initiatives Provide an operational trust framework for doing the above Educate and provide technical assistance Established in 2008 as an outgrowth of the Global Federated Identity and Privilege Management (GFIPM) Initiative with a focus on justice and public safety agencies at the federal, state, and local level. 19
NIEF Challenges 20
NSTIC Trustmark Pilot Team 21
Our Approach: Componentization and Machine Readability (“Trustmarks”) …then we get: If the frameworks were modular… Greater transparency of trust framework requirements Greater ease of comparability between frameworks Greater potential for reusability of framework components Greater potential for participation in multiple trust frameworks by ID Ecosystem members with incremental effort and cost And, most importantly: ID Trust Framework B ID Trust Framework A NIST LOA 3 NIST LOA 3 OAuth ID Trust Framework C FIPS 200 FICAM SAML SSO FIPPs OpenID
A Trustmark Framework ID Trust Framework B ID Trust Framework A NIST LOA 3 NIST LOA 3 ID Trust Framework C FICAM SAML SSO FIPPs OAuth OpenID FIPS 200 These modular components are called Trustmarks. Think of trustmarks as mini reusable certifications. These modular components are called Trustmarks. Think of trustmarks as mini reusable certifications. 23
FICAM SAML SSO Profile NIST / FICAM LOA 3 Identity Fair Information Practice Principles (FIPPs) FIPS 200 Security Practices GFIPM Metadata Registry (User Attributes) Scope of Trustmarks Trustmark Policies & Trustmark Agreements 24
Bundling of Components for Business Context Components COI A Federation B Trust Framework C Privacy Security Interoperability Legal Business Continuity Personnel Other Component Types (Examples) 25
A Trustmark-Based Ecosystem IDP AP RP IDP AP RP IDP RP IDP RP IDP RP AP IDP ID Trust Framework B ID Trust Framework A ID Trust Framework C Existing Trust Frameworks could be expressed as a set of components called a TIP. Trust Interoperability Profile B Trust Interoperability Profile A Trust Interoperability Profile C 26
A Trustmark-Based Ecosystem IDP AP RP IDP AP RP IDP RP IDP RP IDP RP AP IDP Then each member of the community can acquire the necessary Trustmarks based on the TIP. TIP B TIP A TIP C Trustmarks can be acquired through a Trustmark Provider. Trustmark Provider There can be many Trustmark Providers in the ID Ecosystem. Trustmark Provider 27
A Trustmark-Based Ecosystem IDP AP RP IDP AP RP IDP RP IDP RP IDP RP AP IDP Trustmarks can be stored in a searchable Trustmark Registries or shared directly with partners. TIP B TIP A TIP C Trustmark Registry IDP X: RP Y: Etc. Trustmark Registry IDP X: RP Y: Etc. Trustmark Registry IDP X: RP Y: Etc. 28
Trustmark Defining Organization Stakeholder Community Trustmark Definition Is Represented By Defines Trustmark Recipient Trustmark Relying Parties Org. 1 Org. 2 End User Trust Interop Profile Trustmark A Trustmark B Trustmark C Is Used By Is Required By Is Trusted By Trustmark Provider Is Required By Issues The Trustmark Framework Normative Specs Required
Trustmark Definitions Metadata: Publisher: U.S. General Services Administration Name: NIST/FICAM LOA 2 IDPO TD URL: Description and Intended Purpose: … Target Stakeholder Audience: … Date of Publication: 15 Apr 2014 Version: 1.0 Visual Icon: Metadata: Publisher: U.S. General Services Administration Name: NIST/FICAM LOA 2 IDPO TD URL: Description and Intended Purpose: … Target Stakeholder Audience: … Date of Publication: 15 Apr 2014 Version: 1.0 Visual Icon: Conformance Criteria: Conformance to the Identity Provider Organization (IDPO) conformance target of this TD requires the following. 1.The IDPO MUST … 2.The IDPO MUST … 3.The IDPO MAY … 4.… Conformance Criteria: Conformance to the Identity Provider Organization (IDPO) conformance target of this TD requires the following. 1.The IDPO MUST … 2.The IDPO MUST … 3.The IDPO MAY … 4.… Assessment Process: Before issuing a trustmark subject to this TD, a Trustmark Provider MUST complete the following assessment steps. 1.The TP MUST … 2.The TP MUST … 3.The TP MUST … Assessment Process: Before issuing a trustmark subject to this TD, a Trustmark Provider MUST complete the following assessment steps. 1.The TP MUST … 2.The TP MUST … 3.The TP MUST … Certification as a Trustmark Provider: Before an entity may issue trustmarks subject to this TD, it MUST complete the following certification process. 1.The entity MUST … 2.The entity MUST … 3.The entity MUST … Certification as a Trustmark Provider: Before an entity may issue trustmarks subject to this TD, it MUST complete the following certification process. 1.The entity MUST … 2.The entity MUST … 3.The entity MUST … Trustmark Extension Schema: Trustmarks issued subject to this TD MUST conform to the Trustmark Base Schema, and MUST also conform to the following Trustmark Extension Schema. Trustmark Extension Schema: Trustmarks issued subject to this TD MUST conform to the Trustmark Base Schema, and MUST also conform to the following Trustmark Extension Schema. XSD XML ?
CJISPIV-I GFIPM FICAM NIEF Others Creating Modular Common Components Transformation Process Step 1: Gather trust and interop requirements from many frameworks Step 2: Break down and reassemble requirements into modular, reusable components Step 3: Express modularized requirements in a standard format to encourage broad reuse Trustmark Definition Trustmark Definition Trustmark Definition
Sample Trustmark Definition
Example Conformance Criteria: Registration and Issuance 33
Example Assessment Steps: Registration and Issuance 34
Trust Interoperability Profile (TIP): Bundling Trustmarks for Business Context Metadata: Publisher: U.S. Dept. of Justice URL: Name: U.S. Law Enforcement Community Info Sharing TIP Description and Intended Purpose: … Date of Publication: 15 Jun 2014 Version: 1.0 Digital Signature of Issuer: Metadata: Publisher: U.S. Dept. of Justice URL: Name: U.S. Law Enforcement Community Info Sharing TIP Description and Intended Purpose: … Date of Publication: 15 Jun 2014 Version: 1.0 Digital Signature of Issuer: Trust and Interoperability Criteria: Identity Provider Organization (IDPO) Trustmark Requirements: Service Provider Organization (SPO) Trustmark Requirements: Trust and Interoperability Criteria: Identity Provider Organization (IDPO) Trustmark Requirements: Service Provider Organization (SPO) Trustmark Requirements: XML TrustmarkRequirementApproved Trustmark Providers FICAM SAML SSO IDP MUST HAVENIEF or IJIS NIEF/FICAM LOA 2 IDPO MUST HAVENIEF or Kantara NIEF Attribute Profile IDPO MUST HAVE(ANY) XYZ Privacy Policy IDPO SHOULD HAVE(ANY) TrustmarkRequirementApproved Trustmark Providers FICAM SAML SSO SP MUST HAVENIEF or IJIS NIEF Attribute Profile SPO MUST HAVE(ANY) XYZ Privacy Policy SPO MUST HAVE(ANY)
Development & Refinement of Trustmark Concept Technical Framework framework/1.0/ framework/1.0/ NIEF Trustmark (Component) Definitions (62) definitions/ definitions/ NIEF Trust Interoperability Profiles (10) interoperability-profiles/ interoperability-profiles/ Development of Software Tools Trustmark Assessor Tool, Trust Fabric Registry, & Others Socialization of Trustmark Concept NPO, NIEF, IDESG, & Others Trustmark Pilot Website: Progress to Date
The NIEF Trustmark Legal Framework Trustmark Provider Trustmark Recipient Trustmark Relying Party Trustmark Policy Trustmark Trustmark Recipient Agreement Trustmark Relying Party Agreement Explicit Relationship Explicit Relationship Implicit Relationship Explicit Reference
Phase1 Trustmark Pilot Participants “As DPS moves toward enabling more services through federated standards, the ability to expose these services via the NIEF trustmark framework will allow DPS to better serve the Texas law enforcement and first responder community.”
ALABAMA SECURE SHARING UTILITY for RECIDIVISM ELIMINATION (ASSURE) Goals Improve communication among entities responsible for providing and coordinating mental health and substance use services Improve continuity of care to individuals who move between incarceration and the free world Increase awareness of availability of community-based mental health services Produce a more accurate and complete profile of offenders Increase effectiveness and efficiency of the intake and classification process Reduce reliance on emergency department services Refer people leaving correctional facilities to community-based behavioral health and substance use treatment services Provide clinical information to assist with their treatment Ensure timely access to essential medications for people entering or leaving jail or prison Link correctional health providers to ADMH and community-based behavioral health services Reduce recidivism by ensuring that offenders – whether in a community or incarceration setting – receive services matched to their individual needs such as Educational, Vocational, Rehabilitation and Treatment Justice-to-Health Collaboration Alabama Board of Pardons and Paroles (ABPP) Alabama Department of Corrections (ADOC) Alabama Department of Mental Health (ADMH) Community Mental Health Centers (CMHC) ADMH Substance Abuse Contract Providers Contact Richard Fiore at or Purpose Create a secure, web-based portal to share appropriate information regarding clients, probationers and inmates Highlights Based on Global Standards: GRA, NIEM, GFIPM as well as Trustmark framework Funded by BJA 2013-DB-BX-K059 and 2014-DB-BX-K003
Trustmark Assessment Tool Process Flow Trustmark Assessment Tool Database Trustmark Assessment Tool FICAM LOA 2 Authn Process TD FICAM LOA 2 Authn Process TD Trustmark Provider Trustmark Recipient Candidate Trustmark Definitions 1. Load TDs into Assessment Tool 2. Receive request for trustmark from Trustmark Recipient Candidate 3. Perform assessment of Trustmark Recipient Candidate 4. Store assessment artifacts / evidence in database 5. Issue trustmark to Trustmark Recipient
Sample Screen Shot from Trustmark Assessment Tool
NIEF Trustmark Issuance and Binding NIEF Trust Fabric Registry NIEF Trust Fabric Registry NIEF Trustmark Assessment Processes Trustmark 1 Trustmark 2 Trustmark N NIEF Trust Fabric Entry Trustmark 1 Trustmark 2 Trustmark N Signed by NIEF NIEF Member Agency (Trustmark Recipient) NIEF Member Agency (Trustmark Recipient) Trustmark Assessment Tool Trust Fabric Entry Editor Trust Fabric Registry Manager Tool
NIEF Trustmark Usage by TRPs NIEF Trust Fabric Registry NIEF Trust Fabric Registry Trustmark Relying Party 1. Query for trust fabric entries with required trustmarks, in accordance with local TIP Trust Interoperability Profile (TIP) 2. Receive matching trust fabric entries 3. Install entries in local product
See previous lessons learned and open questions at: Previous Lessons Learned
We learned new lessons in the areas of: Trustmark Practicalities and Tradeoffs Trustmark Assessment, Issuance, and Mgmt. Trustmark Legal Agreements Trustmark Binding Some New Lessons Learned
Tradeoffs in Decomposition of Requirements Best Practices for Communities in Defining and Documenting Requirements Staged Adoption of Trustmarks Reputational Trust and Residual Risk Reuse of Assessment Results Value of Software Tools Within the Trustmark Framework Value of a Trustmark Framework Technical Spec Handling “Partial” Conformance Realities of Rigorous Trustmark Assessment Legal Framework is Acceptable to NIEF Members Trustmark Binding New Lesson Highlights
What does an IDESG Trustmark mean? What is the basis for Trust? How do I use it? How does it relate/map to my COI/TFP/Federation/requirements? Can it be extended and/or constrained? How does it get life-cycle managed? What is the motivation for adoption? Some Questions
Learn More Here