1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

Slides:

Advertisements

Similar presentations

Single Sign-On and Federated Authentication at NIH and Beyond

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

The Changing Face of Higher Ed and the Role of IT as a Strategic Enabler Dave Wallace Chief Information Officer University of Waterloo December 4, 2012.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.

NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.

Open Identity for Open Government and the Open Identity Exchange (OIX): A Market Solution to Online Trust June 2010.

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Federal Identity Management

PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.

Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Functional Model Workstream 1: Functional Element Development.

The InCommon Federation The U.S. Access and Identity Management Federation

The Open Identity Framework Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

+1 (801) Standards for Registration Practices Statements IGTF Considerations.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Identity Ecosystem Framework and Charter Gap Analysis.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University

GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.

OIX initiative, US only? Mapping Swedish Academic Identity Federation 2.0 Policy Framework to Open Identity Exchange (OIX) Trust Framework Provider Assessment.

The InCommon Federation The U.S. Access and Identity Management Federation

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.

E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.

The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Higher Ed Certificate Authority by CREN: Update CSG February 2, 2000.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.

Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

OASIS IDtrust Member Section June Leung Chair, OASIS IDtrust Member Section Steering Committee

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

Access Policy - Federation March 23, 2016

Data and Applications Security Developments and Directions

InCommon Steward Program: Community Review

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Federal Requirements for Credential Assessments

The E-Authentication Initiative

The Use of Open Identity Technologies in Government

Presentation transcript:

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation Drummond Reed, ED, Information Card Foundation

2 Topics  The Open Identity Solutions for Open Government Initiative Policy Foundation  Understanding the U.S. Government Approach Identity Schemes Trust Frameworks  Open Identity Schemes OpenID InfoCards  Introducing the Open Trust Framework Key Design Principles Participant Roles The Basic Workflow Components of Specific Trust Framework  Next Steps/How to Get Involved

3 Goals of Open Identity Solutions for Open Government Program  Make Government more transparent to citizenry  Make it easier for citizenry to access government information  Avoid issuance of application-specific credentials  Leverage Industry credentials for Government use  Leverage Web 2.0 technologies  See presentation and document posted on

4 Policy Foundation: OMB M04-04 Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1234 Inconvenience, distress or damage to standing or reputation LowMod High Financial loss or agency liabilityLowMod High Harm to agency programs or public interestsN/ALowModHigh Unauthorized release of sensitive informationN/ALowModHigh Personal SafetyN/A LowMod High Civil or criminal violationsN/ALowModHigh  Risks

5 Policy Foundation: NIST Special Pub  SP Technical Guidance Allowed Token Types1234 Hard crypto token  One-time Password Device  Soft crypto token  Password & PINs  Assurance Level

6 US Government Approach  Adopt technologies in use by industry “Identity Scheme Profiles” Identity Scheme Adoption Process (ISAP)*  Adopt industry trust models “Trust Framework Providers” Trust Framework Provider Adoption Process (TFPAP)*  See documents posted on

7 Identity Scheme Adoption

8 Open Identity Schemes: OpenID  OpenID Open Source roots OpenID Foundation serves as steward and provides necessary infrastructure Used/supported by Google, Yahoo, Facebook, AOL, MySpace, Novell, Sun, etc. 1 billion+ OpenID-enabled accounts 40,000+ web sites support OpenID  ICAM Profile Profile based on OpenID 2.0 Requires SSL/TLS on all endpoints Requires Directed Identity Approach Requires pair-wise unique pseudonymous identifiers Requires Short lived association handles

9 OpenID Flow

10 Open Identity Schemes: Information Cards  Information Card Analogous to the cards you carry in wallet Open Source & industry standards Supported by Microsoft, Intel, Oracle, Novell, Equifax, Google, Citi, etc. Built into MS Vista; option for XP Lower rate of adoption than OpenID ALs 1 thru 3; possibly AL 4  ICAM Profile Profile of Identity Metasystem Interoperability Document 1.0 (IMI) Requires encryption of PII Requires use of optional Private Personal Identifier (PPID) Currently managed cards only

11 Information Card Flow

12 Trust Framework Adoption  The Open Identity Solution approach is to enroll industry trust frameworks Specify relevant identity scheme profiles Map Levels of Assurance (LOA) to requirements of NIST SP Incorporate privacy requirements  The GSA made an outreach to the OpenID Foundation, Information Card Foundation, InCommon, and Liberty/Kantara  Participating trust frameworks are being submitted under the ICAM Trust Framework Provider Adoption Process

13 The Open Trust Framework  Jointly developed by the OpenID Foundation and the Information Card Foundation  Reflects our common interests in providing a trust framework adapted to open identity technologies – technologies that: Are open standards Operate at Internet scale Support user-controlled identity management Do not presume any pre-existing trust relationships between identity providers and relying parties  A draft application was submitted to GSA on 8 September 2009 for review and feedback under the TFPAP  Currently being further revised to reflect GSA feedback and OIDF and ICF member review

14 Core Design Principles of the Open Trust Framework 1) Open to all identity providers 2) Open to any qualified auditor 3) Open to provider self-certification 4) Open to change and evolution

15 Participant Roles  Trust Framework Provider OIDF and ICF in collaboration  OTF Administrator Contractor to OIDF and ICF  Identity Providers OpenID or Information Card providers desiring to serve the applicable trust communities  Auditors Organizations who offer technology auditing and certification services as part of their business  Relying Parties Do not participate directly in the first version of the Open Trust Framework, but may be involved in future versions

16 The Basic Workflow  Auditor Registration OTF Administrator verifies qualifications  Identity Provider Certification Provider self-certification is available to all provider Self-certification is audited OTF Administrator verifies the authenticity of the application OTF Administrator provisions the certification metadata  Ongoing Operations Updates to certification metadata Quality assurance and quality control Renewals Trust framework revisions  Dispute Resolution

17 Components of a Specific Trust Framework  Purpose Statement  Auditor Registration Requirements  Identity Provider Certification Requirements  Identity Provider Self-Certification Form  Dispute Resolution Supplement

18 Next Steps  A pilot of both the ICAM OpenID and Information Card identity schemes is underway with the National Institute of Health  The two foundations are expanding our circle of collaboration on the Open Trust Framework Harvard Berkman Center Center for Democracy and Technology  We invite NIST and industry’s continued participation Please contact us for more information