A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM 01-02 The Identity Ecosystem 2014-05-14 DISCUSSION DRAFT 1.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Advertisements

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Functional component terminology - thoughts C. Tilton.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

Use Case Development Scott Shorter, Electrosoft Services January/February 2013.

The ISO 9000 family of standards

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

National Smartcard Project Work Package 8 – Security Issues Report.

Chapter 10: Authentication Guide to Computer Network Security.

Functional Model Workstream 1: Functional Element Development.

NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.

Identifying the Baseline IDESG Security Committee Discussion 10/23/

TFTM Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.

Requirements Development & Template Presentation to All Chairs 8/12/2014.

Identity Management Report By Jean Carreon and Marlon Gonzales.

المحاضرة الثالثة. Software Requirements Topics covered Functional and non-functional requirements User requirements System requirements Interface specification.

InCommon Assurance Discussion on NSTIC Acitivities Jack Suess April 10, IDESG TFTM Committee1.

Roles and Responsibilities

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state November.

TFTM Deliverable Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, IDESG TFTM Committee1.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Privacy and Security Solutions For Interoperable Health Information Exchange Presented by Linda Dimitropoulos, PhD RTI International Presented at AHRQ.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

Compliance Audit Subcommittee Reporting Work Plan Copenhagen, Denmark 6th of May 2010.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Requirements and Use Cases

Proposed Privacy Taxonomy for IOT Scott Shorter, Electrosoft, These slides are based on work contributed to the IDESG Use Case AHG in January.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

The Demand for Audit and Other Assurance Services

Higher Education’s Role in the Identity Ecosystem

Tokens & Proofing De-Mystified

Service Organization Control (SOC)

Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1

DRIVERS, CORE STRUCTURE, REQUIREMENTS Ecosystem From The Inside DISCUSSION DRAFT

A Note on Role Names Role names are used to keep the entities and their functions separate Any entity or organization could play one or more Role in the ID Ecosystem  Online Services Supplier  The Relying Party, Service Provider  Online Services Client  The consumer or customer or recipient of the Supplier’s services  Online Trust Provider  All roles associated with establishing facts, provisioning credentials/tokens, verifying conformance, testing, audit  Common names IdP, TM, CM, CSP, TFP, CA, RA DISCUSSION DRAFT 3

The Online Interaction The goal of NSTIC is to improve the state of online interactions The interaction or transaction between online service supplier and their client is the primary source of requirements for security, privacy and ease of use Describing a coherent ID Ecosystem is possible by extending the ‘Interaction-centric’ concept DISCUSSION DRAFT 4

The Central Pattern Central tenet: Supplier and Client engage in an online interaction only if certain Conditions are presented, potentially negotiated and fulfilled. (Arrows should probably be bi-directional) DISCUSSION DRAFT 5

The Central Pattern: ‘Conditions’ ‘Conditions’ might be:  Provide the username and password associated with your account  Provide payment information  Produce a validated electronic authentication token issued by a trusted Credential Service Provider  Accept these Terms of Service  Possess these Trustmarks DISCUSSION DRAFT 6

The Central Pattern: Suppliers The Online Service Supplier wishes to control access to the service and provide the right service to the correct Client ‘Conditions’ are used to gather the information needed to make the service access decision DISCUSSION DRAFT 7

The Central Pattern: ID Risk The Online Service Supplier must guard against misidentification, fraud, impersonation, inability to distinguish one client from another The stringency and number of Conditions increase with greater transaction risks DISCUSSION DRAFT 8

The Central Pattern: Requirements The Interaction, Conditions and Fulfillment drive all requirements  System, transaction, technical, policy, interoperability, trust, assurance, operations, data formats, security, privacy, user experience DISCUSSION DRAFT 9

Trust Infrastructure: Trust Providers Online Trust Provider box  Intended to represent any security, trust or privacy service available to the Supplier-Client  Entirely determined by the Transaction requirements  Might be standard & shared  Might be custom & secret  Might deliver high certainty or low certainty  Might be reliable or not DISCUSSION DRAFT 10

‘Trust’ Infrastructure The Trust Infrastructure is secondary to the transactions and exists to support the supplier- client interaction  Credentials, tokens, certificates, secrets  Identity information, relationship/membership  Federations, Trust Frameworks, Assurance Frameworks DISCUSSION DRAFT 11

Trust Infrastructure: Community NSTIC ‘Online Community’  NSTIC defines ‘online communities’ which have shared risks, a stable set of transactions, common rules, common trust requirements Community Governance  Indicates the operator and manager of the community rules, their implementation and enforcement  Sometimes named the Federation Operator or Trust Framework Provider DISCUSSION DRAFT 12

Rationale for Transaction-Centric Why focus on the transaction instead of the normal focus on Trust Infrastructure?  Clarifies the value of the ID Ecosystem  The Transaction drives all requirements, not the Trust Providers  Each element can be broken down and mapped to real and future implementations DISCUSSION DRAFT 13

The ID Ecosystem Online communities using this pattern are candidate participants in the NSTIC-envisioned ID Ecosystem NSTIC requires certain things of the Community Rules and other community features DISCUSSION DRAFT 14

Compare to the NSTIC Definition A Trust Framework  Is developed by a community  Defines the rights and responsibilities of that community’s participants  Specifies the policies and standards specific to the community  Defines the community-specific processes and procedures that provide assurance  Considers the level of risk associated with the transaction types of its participants - NSTIC Strategy Document DISCUSSION DRAFT 15

THE ID ECOSYSTEM FROM ABOVE Ecosystem From 30k DISCUSSION DRAFT

The Central Concern DISCUSSION DRAFT 17 The Interaction is central  Trust Providers exist to express and satisfy ‘conditions’  All activity must fall within the rules of the Community

Many Transactions in a Community DISCUSSION DRAFT 18 Within the Community context many transaction types are possible The picture shows a single trust infrastructure supporting all community transaction types All activity must fall within the rules of the Community

Many Trust Providers in Community DISCUSSION DRAFT 19 The picture shows two trust infrastructures within the same community The trust infrastructures are federated All activity must fall within the rules of the Community

ID Ecosystem Perspective A Many ‘communities’ exist today  Some are verified by 3rd party assessors  Some are closed/walled gardens  Some are Enterprise-Enterprise federations  Some involve Trust Framework Providers and Trust Frameworks  Some are multi-party federations Some happen to follow the NSTIC Guiding Principles Next slide is a sketch of this state DISCUSSION DRAFT 20

ID Ecosystem Perspective A DISCUSSION DRAFT 21

ID Ecosystem Perspective A One perspective of the path forward is to increase the number and type of Ecosystem Communities that follow the NSTIC Guiding Principles  And, as a consequence, end-users will begin to experience NSTIC-oriented services This might be characterized as the path to building a Compliance/Conformance Program DISCUSSION DRAFT 22

ID Ecosystem Perspective A DISCUSSION DRAFT 23

ID Ecosystem Perspective B One perspective of the path forward is to build on the GTRI Trustmark ideas  Define Trust Interoperability Profiles (TIP) for participating Stakeholder Communities  Establishing Trustmark Defining Organizations (TDO)  Trustmark Definitions and Trustmarks: statement of conformance to identity trust/interoperability requirements plus its formal assessment process DISCUSSION DRAFT 24

The GTRI Trustmark Concept Map DISCUSSION DRAFT 25

ID Ecosystem Perspective B DISCUSSION DRAFT 26

ID Ecosystem Perspective C Suggestions for other alternative views are welcome DISCUSSION DRAFT 27