IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.

Slides:

Advertisements

Similar presentations

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Advertisements

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.

TIER – before, now and after If you do not talk this will be a very long hour because we can only repeat the same stuff for so long… 1.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

Going for the Silver Winter 2010 CSG January 13, 2010.

Identity Assurance Profiles & Trust Federations David Bantz, U Alaska Tom Barton, U Chicago Ann West, Internet2 & InCommon David Bantz, U Alaska Tom Barton,

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.

Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Mary Dunker Common Solutions Group January 12, 2010.

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Winter 2011 CSG Workshop: InCommon Silver January 12, 2011.

Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.

Refining Silver CSG January 2011, Duke University Renee Shuey, RL "Bob" Morgan, Tom Barton.

Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

TFTM Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

The InCommon Federation The U.S. Access and Identity Management Federation

Jack Suess, CIO University of Maryland, Baltimore County April 5, 2009.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.

(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Identity Ecosystem Framework and Charter Gap Analysis.

Stuff, including interfederation stuff Dr Ken Klingenstein, Director, Middleware and Security, Internet2.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

InCommon Town Hall Meeting 19 October Town Hall Meeting When, in some obscure country town, the farmers come together to a special town-meeting,

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.

Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)

Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University

GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.

The InCommon Federation The U.S. Access and Identity Management Federation

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

The UK Access Management Federation John Chapman Project Adviser – Becta.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Winter 2011 CSG Workshop: InCommon Silver Campus Panel: University of Iowa January 12, 2011.

Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

Keeping Your Federation in Shape Discussion with InCommon Technical Advisory Committee Members Jim Basney Scott Cantor Tom Barton.

The Venn of Levels RL “Bob” Morgan, University of Washington / Internet2 / InCommon TERENA/Refeds, October 2009 Rome, IT.

LoA In Electronic Identity Jasig Dallas Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

Tom Barton, Senior Director for Integration, University of Chicago

Preparing For An InCommon Silver Audit – Lessons From the First Phase

InCommon Participant Operating Practices: Friend or Foe?

Higher Education’s Role in the Identity Ecosystem

InCommon Steward Program: Community Review

GakuNin: Federated Identity Management Activities in Japan

Federal Requirements for Credential Assessments

InCommon Participant Operating Practices: Friend or Foe?

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1

Topics Background Big pic Detailed pic 12/12/12 2

Program Basics: Documents Identity Assurance Assessment Framework Identity Assurance Profiles Bronze (NIST Level 1) Silver (NIST Level 2) Assurance Addendum to the Participation Agreement 3 12/12/12

Program Basics: Assurance Advisory Committee (AAC) What is the AAC, and what does it do? Represents stakeholders in the assurance process: IdPs, SPs, auditors Oversight for program Advisory to Steering Assess applications, recommend approval (or denial) to Steering Recommend changes to documents or program

Program Basics: Assurance Advisory Committee (AAC) Who is the AAC? Tim Cameron, National Student Clearinghouse (SP) Mary Dunker, Chair, Virginia Tech University (IdP) Steve Devoti, University of Wisconsin-Madison (IdP) 2 nd Auditor Jacob Farmer, Indiana University (member at large) Chris Holmes, Baylor University (InCommon Steering) Scott Koranda, University of Wisconsin-Milwaukee/LIGO (SP) Steve Kurncz, Michigan State University (auditor) Ann West, InCommon/Internet2 (InCommon staff) 12/12/12 5

Assurance Advisory Committee (AAC) Ex-Officio (non-voting) Marilyn McMillan, New York University (InCommon Steering) Tom Barton, University of Chicago (InCommon TAC) Renee Shuey, Penn State (InCommon TAC) Jack Suess, UMBC (InCommon Steering) For more information, visit 12/12/12 6

FICAM Trust Framework Providers Identity Credential and Access Management Subcommittee Federal CIO Council Information Security and Identity Management Committee Trust Framework Provider Adoption Process (2009) Comparability assessment as basis for LoA requirements. Incorporates previous work done by the Feds as well under E-Authentication Initiative Privacy, organizational maturity, legal status, authority for InCommon and for InCommon to assess for IdP Operators Web SSO SAML2 Profile: Over the wire Trust Framework Providers InCommon, Kantara, OIX, Safe/BioPharma 12/12/12 7

InCommon’s History with FICAM Spring begun review by FICAM. Community implememtatino begun. Fall - Refining of Silver begun due to community feedback 2011 Spring – 1.1 Reviewed and approved by community Fall – FICAM asks for Simplified Bronze. InCommon develops Spring – 1.0 and InCommon fullly approved TFP. 1.2 reviewed and approved by community. InCommon submits1.2 to FICAM for their approval. Est January – 1.2 approved by FICAM. 12/12/12 8

What’s the hold up? This is a new audit! Federal availability FICAM program evolving Negotiating on behalf of Higher Ed Changes reflected in 1.2 requires resubmission for the spec Big pic items 12/12/12 9

Alternative Means IAAF 1.1: “From time to time, InCommon may identify alternative means developed by experts from the Research & Higher Education sector as specifying means that are comparable or superior to identified requirements in one or more of its IAPs. “ Page 2: “Normative criteria to be used in an assessment process are expressed in separate Identity Assurance Profile and approved alternative means documents.” 12/12/12 10

Who’s Spec is it Anyway? Hot potato Time and Trust How do we evaluate these things? Who gets to say? Where will this show up? Authentication technologies: multifactor Cryptography: AD Silver Cookbook Identity proofing: knowledge-based 12/12/12 11

Other Big Pics: Where we are… Bronze audit and no-audit option Bronze and Credential Issuance and Management Bronze and protection of PII Registration and Credential Records Retention – 7.5 years  Approved Algorithm – Alternative Means  Scope: Profiles are password only – Alternative Means 12/12/12 12

What’s Next? Develop Process for Alternative Means with Assurance Advisory Committee Continue discussion to work through a couple detailed questions Work on FICAM approval expected January 2013 Publish FICAM-approved spec for community review Announce implementation extravaganza and programs! 12/12/12 13