STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

Slides:



Advertisements
Similar presentations
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Advertisements

Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.
Regional Portfolio Model Redevelopment Presentation to System Analysis Advisory Committee August 23, 2013.
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.
BA_EM 02 ELECTRONIC MARKETING Pavel Kotyza, VŠFS,
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
SCC Activities C. Tilton. Standards Are applied to SOMETHING Within some CONTEXT Something = ID Ecosystem Context = Use Cases 2.
Functional Model Workstream 1: Functional Element Development.
Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.
Identifying the Baseline IDESG Security Committee Discussion 10/23/
Requirements Development & Template Presentation to All Chairs 8/12/2014.
SCC Report Out C. Tilton. Workplan PriorityWork ItemLead 1Use CasesS. Shorter 2Standards Adoption PolicyJ. Clark 3aStandards InventoryS. Shorter 3bCatalog.
Authentication, Access Control, and Authorization (1 of 2) 0 NPRM Request (for 2017) ONC is requesting comment on two-factor authentication in reference.
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
SCC Workplan C. Tilton. Press Releases The IDESG announces the availability of the IDESG knowledge base which provides access to a repository of information.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
High Level Architecture Overview and Rules Thanks to: Dr. Judith Dahmann, and others from: Defense Modeling and Simulation Office phone: (703)
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
Identity Ecosystem Framework and Charter Gap Analysis.
MC Sub-Committee for Workplanning: Recommendations Report Chair/presenter: Paul Laurent.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
IEEE SCC41 PARs Dr. Rashid A. Saeed. 2 SCC41 Standards Project Acceptance Criteria 1. Broad market application  Each SCC41 (P1900 series) standard shall.
Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” ​ Marco Carugi.
UNCLASSIFIED 1 Authorization and Attribute Service Tiger Team (AATT) Update & Status January 13, 2008
Use Case Development Cathy Tilton, Daon Scott Shorter, Electrosoft Services 7 February 2013.
Categorization Recommendations for Implementing the E-Gov Act of 2002 Richard Huffine U.S. Environmental Protection Agency Co-chair, Categorization Working.
OGF DMNR BoF Dynamic Management of Network Resources Documents available at: Guy Roberts, John Vollbrecht.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.
TGDC Meeting, July 2010 Report of the UOCAVA Working Group John Wack National Institute of Standards and Technology DRAFT.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
Commission 1: Landscape challenges Chairperson: Aslam Raffee Issues in the current environment : – Lack of sponsorship and accountability – No coordination.
CCSSO Task Force Recommendations on Educator Preparation Idaho State Department of Education December 14, 2013 Webinar.
Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)
Framing Identity Management Recommendations Transport & Security Standards Workgroup November 19, 2014.
Technology-enhanced Learning: EU research and its role in current and future ICT based learning environments Pat Manson Head of Unit Technology Enhanced.
National Geospatial Advisory Committee State of the Committee National Geospatial Advisory Committee May 2009.
ACWG Charge Make recommendations to the Health IT Policy Committee on how HHS policies and programs can advance the evolution of a health IT infrastructure.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
DOCUMENT #:GSC15-PLEN-27 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities.
Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.
Group 9: Matilda Akkola, Reetta Arokoski, Lauri Kokkila, Miikka Laitila CROWDSOURCING: HOW TO BENEFIT FROM (TOO) MANY GREAT IDEAS? “The article gives recommendations.
Access Policy - Federation March 23, 2016
BA_EM 02 Electronic Marketing
GEOSS Federated Single Sign-On
Cross-sector and user-centric AAI
EGI Updates Check-in Matthew Viljoen – EGI Foundation
Welcome to the Revolution – Day Two
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
WMO WIGOS is an all-encompassing, holistic approach to the improvement and evolution of the present WMO global observing systems into … (the next slide)
Policy and Best Practice … in practice
FDA Objectives and Implementation Planning
Presentation transcript:

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements

Agenda  Introduction  Requirements presentation (M. Garcia)  Review of the derived requirements on interoperability (Tilton) o o Note: Hold off on discussion till later  Functional relationship diagram exercise (Paul & Joe) o Identify interoperability points o Potential applicable standards  Preliminary pilot view (Tilton) o Understanding & interpreting the requirements  Prioritization of requirements o Identify requirements to be addressed in “baseline” framework/trustmark  What can we do NOW to support the initial IDEF development?  Next steps

Interoperability Requirements Organizations shall accept external users authenticated by third parties. NSTIC, page 13 Organizations shall issue credentials capable of being utilized by multiple different service providers. NSTIC, page 13 Organizations shall utilize technologies that communicate and exchange data based upon well-defined and testable interface standards. NSTIC, page 13 Organizations shall adopt common business policies and processes (e.g., liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems. NSTIC, page 13 Organizations shall implement modular identity solutions. NSTIC, page 14 Organizations shall utilize solutions and technology that allow for identity portability. NSTIC, page 14

Pilot notes Cathy is sharing some notes from the pilot collaboration meetings where the derived requirements were discussed. This does NOT constitute an official contribution from the pilots.

Considerations The pilots reviewed the interoperability derived requirements. They identified the following three considerations vital to the success of each requirement: Is it commercially viable today? Some of the drafted interoperability requirements are not feasible in the current market, and thus would be better suited as guidelines. The wording could reflect this by stating that organizations “should” follow a requirement as opposed to “shall”. Is it specific to particular actors in the ecosystem? Many of the draft interoperability requirements are not equally applicable to all roles. Narrow requirements should be clearly targeted to a particular actor, or they should be broad enough to apply to all. To which LoAs does it pertain? Interoperability requirements must specify the level of assurance that is associated with each specific requirement, since interoperability concerns will vary between lower and higher LoAs.

Specific feedback The pilots provided specific feedback to the IDESG on three distinct interoperability requirements: Requirement 28: “Organizations shall utilize technologies that communicate and exchange data based upon well- defined and testable interface standards.”  Discussion:  Is this SAML/OpenID Connect? Or could it use ex. Facebook? Is someone precluded from offering others in addition to SAML, etc.? This seems focused on the CSPs, not the RPs.  Feedback for IDESG:  We recommend SAML and OpenID Connect for all assurance levels, and others for lower levels to be supported by IdPs. A similar standardized protocol should be created for APs but this is aspirational at this point. Aspirationally, RPs should also be included, but at this time market forces make this challenging.

Specific feedback Requirement 27: “Organizations shall issue credentials capable of being utilized by multiple different service providers.”  Feedback for IDESG: IdPs shall issue credentials capable of being utilized by multiple different RPs (we are assuming Service Providers = RPs). Need to consider more policy around level of assurance, in terms of what utilized means. Requirement 31: “Organizations shall utilize solutions and technology that allow for identity portability.”  Feedback for IDESG: There is no current format for this and perhaps this requirement may be more focused on the portability of metadata regarding consent, etc. Work is developing in this area but it should not be a near term requirement. Overall, the pilots support the creation of interoperability requirements and believe that additional requirements, potentially for attributes and relying parties, will be needed in the future. Effective baseline interoperability requirements, combined with advances in the marketplace, are imperative to enhance interoperability between all actors in the identity ecosystem.

Low hanging fruit What can we do NOW to support the initial IDEF development? Organizations shall utilize technologies that communicate and exchange data based upon well- defined and testable interface standards. Interface point: Authentication interface Existing standards (candidates for nomination):  SAML 2.0  OpenID Connect 1.0 Discussion

Advantages 1.Exercise (and ring out) the process 2.Set an example for other committees 3.‘Prime the pump’ 4.Quick win

Next steps Continue discussions in SCC meetings Setup a subgroup to progress?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.