Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Slides:

Advertisements

Similar presentations

Armand Racine Consultant Chemicals Branch

Advertisements

DG INFSO- Grid Research & Infrastructures: W. Boch, M. Campolargo 1 Delivery of Industrial-strength Grid Middleware: establishing an effective European.

1 The Britvic IT Academy – In partnership with Staffordshire University The Employer Perspective Rob Pritchard Group IT Director Hanifa Shah Strategic.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

Functional component terminology - thoughts C. Tilton.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.

Jan Hull Acting Director of Development

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.

Intra-ASEAN Secure Transactions Framework Project Progress Report

Geneva, Switzerland, 4 December 2014 ISO work on Mobile Financial Services Patrice Hertzog, Chairman, ISO T68/SC7 ITU Workshop.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

ISO Initiatives & CSR in the EU Deborah Evans Business Manager: Corporate Reporting & Assurance LRQA A member of the Lloyd’s Register Group.

Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.

Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.

Functional Model Workstream 1: Functional Element Development.

PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

PIV 1 Ketan Mehta May 5, 2005.

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

The Porvoo Group Tapio Aaltonen Director, CA-services, co- chair Porvoo Group Population Register Centre Finland.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Data Access and Security in Multiple Heterogeneous Databases Afroz Deepti.

Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.

MEDIN Work Plan for By March 2011 MEDIN will be 3 years into the original 5 year development plan started in Would normally ask for continued.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,

Identity Assurance Emory University Security Conference March 26, 2008.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Geneva, Switzerland, September 2014 ITU-T SG 17 Identity management (IdM) Progress Report Abbie Barbir Ph.D., ITU-T Study Group 17 Q10/17 (Identity.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Jeju Island, Korea, 13 – 16 May 2013Identity Management and Identification Systems GSC17-PLEN-43 ITU-T IDENTITY MANAGEMENT UPDATE Bilel Jamoussi, Chief,

Geneva, Switzerland, September 2014 Towards a partnership-based framework for secure ICT Infrastructure in developing countries Bill McCrum Senior.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.

Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.

Cross-sector and user-centric AAI

Anupam Agrawal Chair Internet Society Kolkata Chapter

E-Commerce for Developing Countries (EC-DC)

Introduction of ISO/IEC Identity Proofing

Session 5 Trust services and cloud security

Appropriate Access InCommon Identity Assurance Profiles

Introduction of ISO/IEC Identity Proofing

E-identities (and e-signatures)

Presentation transcript:

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority (& SC27 WG5) ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, September 2014)

Geneva, Switzerland, September Why is identity proofing so important? Trust is globally, strategically essential Authentication is key to trust Strength of credential usually depends on strength of enrolment & registration Core of enrolment is identity proofing and verification Situation is evolving fast and becoming more complex National eID Employee credentials Consumer credentials Low and high maturities Federation is key. Not to be confused with Mutual Recognition

Geneva, Switzerland, September Why is identity proofing so important? Strength of credential usually depends on strength of enrolment & registration. But: Anonymity Partial anonymity Pseudonymity Depends on the use case

Geneva, Switzerland, September What is identity proofing? Process from application to entry into a register = authoritative source Questions Does the identity exist? Can it be bound to a real person? Identity proofing Checking the application & evidence of identity for Level of Assurance (LoA) Checking binding to the subject Verification Examining corroborative sources of data Looking for contra-indicators No involvement with the subject

Identity vs PII Identity – the minimum number of attributes that allow the person to be unique from all others in the context Identity Identity proofing and verification Eligibility Capability Service Delivery Business Administration

Key points Identity is the minimum One identity proofing process will always rely on other previous processes – unless it is the first. Authentication is only the act of identifying a returning user. Geneva, Switzerland, September 20146

7 The Key Entities Person Complicated Much national variation Organisation Register(s) of Legal Organisations 6 categories of attributes; 2 mandatory Device TPM best practice – where do FIDO and IBOPS fit? Secure issuance Software To be confirmed

Geneva, Switzerland, September The fast changing international situation National cyber strategies Cyber control frameworks Pressure for strong authentication New regulations EU eID Authentication & Signature Regulations Emerging US ID Verification standard Many national e-ID programmes More authentication requirements in supply chains

Geneva, Switzerland, September The role of international standards Enable interoperability = agility Enable deployment and affordability Reduces risks and costs Standards bodies need to: Engage with governments and industry Establish better coordination Move faster

Conclusions and Recommendations Too slow Spread the load Avoid gaps Broadening communities Based on national policies Become more proactive Collaborate with ISO and ? Framework approach Communicate better Governments need to participate Geneva, Switzerland, September