TSCP Early Work on Trust Framework Agreement Developing a Flexible Trust Agreement PAGE 1 | TSCP.

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.

Western Australian Emergency Medicine Research Online WAEMRO Dis-integrating healthcare information systems Professor Peter Sprivulis MBBS PhD FACEM FACHI.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.

Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – FIRST SESSION – RHIO GOVERNANCE CONNECTING COMMUNITIES.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Queensland University of Technology CRICOS No J The OAK Law Project Legal Issues in Data Management: A Practical Approach.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

WIPO Pilot Project - Assisting Member States to Create an Adequate Innovation Infrastructure to Support University – Industry Collaboration.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.

Special Railways Phase III Proposed approach to regulatory changes Jakarta 16 May 2011.

S&I Integration with NIEM (DRAFT) Standards Development Support June 8, 2011.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

Academic Year 2014 Spring Academic Year 2014 Spring.

“Empowering captive members & authenticated users to confidently promote and encourage fair, secured and efficient bilateral and multi-lateral trades”

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Shared Services and Third Party Assurance: Panel May 19, 2016.

Overview 1/11/2017 Welcome to a briefing to the ESIP Federation Meeting from the All Hazards Consortium (AHC) and its Multi-State Fleet Response Working.

Geo-Collaboration Testbed Project

Higher Education’s Role in the Identity Ecosystem

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

Improving Resiliency w/Better Data

A Business Case for Identity Management in Higher Education

HIMSS National Conference New Orleans Convention Center

HIPAA Policy & Procedure Strategies

Introduction to Personal Health Records –

Appropriate Access InCommon Identity Assurance Profiles

Baseline Expectations for Trust in Federation

Presentation transcript:

TSCP Early Work on Trust Framework Agreement Developing a Flexible Trust Agreement PAGE 1 | TSCP

Early TSCP Work on Bilateral Trust Framework Agreement TSCP started the concept of the flexible trust agreement with a bilateral agreement that its members were interested in using between themselves PAGE 2 | CONFIDENTIAL | TSCP Flexibility to change technical requirements without changing the business and legal terms of the agreement was a key need of the parties Flexibility is achieved by putting the technical requirements in an Appendix which the parties can change over time Greg Roecker will discuss this work later this afternoon

TSCP Work on Multilateral Agreement Once the Bilateral Agreement was sent to the members for their consideration, TSCP began work on a Multilateral Agreement The Multilateral Agreement allows a matrix of technical requirements that fosters trust amongst parties at varying levels of assurance with flexibility to bolster trust through the use of attributes PAGE 3 | CONFIDENTIAL | TSCP

Critical Infrastructure – All Hazards Consortium Developing a Flexible Data Sharing Trust Agreement PAGE 4 | TSCP

DHS Contract – Agreement for Data Sharing By Use Cases Use Case #1 - Regional Fleet Movement –Provider: Electric Sector Regional Mutual Assistance Groups (RMAGs) –Consumers: Specific private and public sector members of the FWG and EC3 work groups –Level of Assurance: Minimum LoA 2 for read access –Process: Use username/password or PIV-I cards on TSCP portal –Results Draft agreement Demo PIV-I Cards Educate to build trust PAGE 5 | TSCP

Focus On Use Cases Use Case #2 - Access to Open/Closed Data App –Provider: Hughes Network System’s Satellite Dish Status Database –Consumers: Specific private and public sector members of the FWG and EC3 work groups –Level of Assurance: LoA 4 –Process: Use PIV-I cards on TSCP portal to link to Hughes Data Portal on FWG site –Results Provide regional/national situation awareness on private sector businesses Demo PIV-I Cards Educate to build trust Tom Moran will discuss this in more detail PAGE 6 | TSCP

Scope of Trust for Data Sharing PAGE 7 | TSCP The TSCP Trust Framework provides a set of rules around identity & access management Some rules are imposed technically and others by policy (i.e., by agreement) By following the rules, parties are able to create a trusted environment where the information is shared with only vetted and authorized individuals who have agreed to the limitations on use of data specified in the agreement Again, some limitations can be controlled technically and others by the agreement From the Critical Infrastructure agreement : Scope of the Trust. The Parties to this agreement intend to voluntarily facilitate the sharing of certain critical information for operational purposes only during periods of emergency response, e.g. information concerning where there is available gas, working ATMs, hotels, where supplies can be obtained. Controlling access to the shared information is of paramount concern to the Parties because of the nature of the data and the limitations on use. Data will be shared for the agreed use cases specified in Appendix A of this Agreement. The Transglobal Secure Collaboration Participation, Inc. (TSCP) has developed a Federation Trust Framework that includes an information labeling and handling specification that the Parties desire to leverage to achieve their data sharing objectives. Relying on the requirements of TSCP’s Federation Trust Framework infrastructure and the terms of this Agreement, authorized users of the TSCP Secure Information Sharing Environment (SISE), a cloud-based situational data repository, are able to share and access data. Access to data is limited by the controls and restrictions applied to the data by policy. Specifically, data is uploaded and used solely to support operational need during regional emergency response. The system allows for: Multi-layered Identity Authentication of users accessing the system with trusted credentials; Policy labeling of data by users based on the type of data uploaded; Enforced access control (upload, edit, view, download) to data based on the policy labels applied to data; and a single sign-on cloud environment.

Status of the Critical Infrastructure Agreement PAGE 8 | TSCP Agreement covers all aspects of governance - business, technical, legal, and policy But the minimum technical requirements are included in an Appendix which can be changed without changing the rest of the agreement allowing maximum flexibility Use Cases are also in an Appendix to the agreement so the parties can add use cases without changing the rest of the agreement TSCP has been working on the agreement between AHC, TSCP and Data Consumers (an Appendix to the Data Provider Agreement) The Agreement is modeled on the AHC agreements in place today but they impose the TSCP Trust Framework to increase the identity assurance and access management rules to increase the trust

NSTIC Pilots Changing Paradigms PAGE 9 | TSCP

NSTIC Grant – Challenges to Sharing Information and Lessons Learned TSCP explored an agreement for the use of employer- issued trusted identity credentials for employee personal transactions While there was serious interest, resistance to changing the current legal and privacy paradigms was an impediment to near-term success –Employer permission for use –Distinguishing personal vs. professional use –Managing personal information PAGE 10 | CONFIDENTIAL | TSCP

PAGE 11 | TSCP 11 CONFIDENTIAL Questions? TSCP Inc. Keith Ward | President and CEO 8000 Towers Crescent Drive, Suite 1350, Vienna, VA (M): (703) | (F): (703) | | Steve Race Vice President Operations 8000 Towers Crescent Drive, Suite 1350, Vienna, VA (M): (703) | (F): (703) | Shauna Russell, cipp/us Vice President for Legal, Privacy, and Policy 8000 Towers Crescent Drive, Suite 1350, Vienna, VA (M): (202) | (F): (703) |