Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tokens & Proofing De-Mystified

Published byAnnis Phillips Modified over 6 years ago

Similar presentations

Presentation on theme: "Tokens & Proofing De-Mystified"— Presentation transcript:

1 Tokens & Proofing De-Mystified
Firefighter Father Driver Customer Student Veteran

2 Joe’s Online Presence

3 Hi, I’m Joe

4 Token Management Process
Joe interacts with Someone Joe provides some details Joe is issued a “Token”

5 Proof of Joe being Joe

6 Identity Proofing Process
Joe interacts with Someone Joe’s details are “Verified” Joe is “Proofed”

7 What does it take for Joe to get a strong credential?
Management Token Secure Linking Process Proofing Identity Credential = Token + Identity

8 Authentication Attribute Authority Binding Joe Token Manager Identity
manages Token Management Service Consent Service Identity Record Manager manages Identity Proofing Service Authentication Attribute Authority Binding Binding Manager manages Token-Identity Link Record Validation Service Authentication Token: Something that the individual possesses and controls that is used to authenticate the individual. Tokens are possessed by an individual and controlled through one or more of the traditional authentication factors (something you know, have, or are). Identifier: An attribute used to uniquely distinguish between individuals (versus describing individuals) Identity: A set of attributes that uniquely describe an individual within a given context. Credential: An object or data structure that authoritatively binds an identity to a token possessed and controlled by an individual. Authentication: Process intended to establish an understood level of confidence that an identifier refers to a specific individual Identity Resolution: Process intended to resolve identity attributes to a unique individual (i.e. no other individual has the same set of attributes.) Validation: Process intended to establish soundness or correctness of a construct Verification: Process intended to test or prove the truth or accuracy of a fact or value Token Managers have the ability to assert to a specific level of confidence, via the authentication service, that an individual has maintained control over a token entrusted to them and that the token has not been compromised. Authentication of a Token simply establishes an understood level of confidence that it is the same individual at the other end of the wire. But not who the individual is. Identity Managers verify attributes and associate them with a unique individual as part of an identity proofing process and, via the validation service, have the ability to assert those verified attributes Online Application (RP)

9 Joe’s Identity is the Starting Point for Delivering
High Value Services, Benefits and Entitlements to Him Today, identity is managed in “cylinders of excellence” a.k.a silos … Financial Sector Who are you? How will you pay? Identity Risk Issues Financial fraud Money laundering Higher transaction fees Public Sector Who are you? Are you eligible for a government benefit? Identity Risk Issues Benefits fraud Longer processing times Redundant processes Healthcare Sector Who are you? What is your medical history? Identity Risk Issues Prescription fraud Patient privacy Record integrity Why should Joe get a strong credential? The above picture shows how the starting point for service delivery, across the sectors, is the question of "Who are you?". The risk inherent in answering that question results in all of us being impacted by issues such as fraud, privacy breeches, and higher transactions costs. So, the initial establishment of identity by authoritative entities, and successfully leveraging it across multiple contexts is critical to reducing identity risk. In the physical world, we deal with this on a regular basis, and rely upon a few authoritative entities to be accountable for the identity establishment function. Taking the United States as an example, if you look at DHS Form I-9, Page 9, List A and List B (Documents that Establish Identity + ), they include: U.S. State and Canadian Driver’s license U.S. Passport Green Card Government issued ID Card U.S. Military Card U.S. Coast Guard Merchant Mariner Card Native American Tribal Document …. … but the impacts are felt by everyone

10 Credential Service Provider
Joe Token Manager manages Token Management Service Consent Service Identity Record Manager manages Identity Proofing Service RP delegates Authentication, Identity Management and Binding Authentication Attribute Authority Binding Binding Manager manages Token-Identity Link Record Validation Service Authentication Token: Something that the individual possesses and controls that is used to authenticate the individual. Tokens are possessed by an individual and controlled through one or more of the traditional authentication factors (something you know, have, or are). Identifier: An attribute used to uniquely distinguish between individuals (versus describing individuals) Identity: A set of attributes that uniquely describe an individual within a given context. Credential: An object or data structure that authoritatively binds an identity to a token possessed and controlled by an individual. Authentication: Process intended to establish an understood level of confidence that an identifier refers to a specific individual Identity Resolution: Process intended to resolve identity attributes to a unique individual (i.e. no other individual has the same set of attributes.) Validation: Process intended to establish soundness or correctness of a construct Verification: Process intended to test or prove the truth or accuracy of a fact or value Token Managers have the ability to assert to a specific level of confidence, via the authentication service, that an individual has maintained control over a token entrusted to them and that the token has not been compromised. Authentication of a Token simply establishes an understood level of confidence that it is the same individual at the other end of the wire. But not who the individual is. Identity Managers verify attributes and associate them with a unique individual as part of an identity proofing process and, via the validation service, have the ability to assert those verified attributes Online Application (RP) RP uses External Credential

11 Identity Manager RP manages Authentication and Binding RP uses
Joe Token Manager manages Token Management Service Consent Service Identity Record Manager manages Identity Proofing Service RP manages Authentication and Binding RP uses External Identity RP delegates Identity Management Authentication Attribute Authority Binding Binding Manager manages Token-Identity Link Record Validation Service Authentication Token: Something that the individual possesses and controls that is used to authenticate the individual. Tokens are possessed by an individual and controlled through one or more of the traditional authentication factors (something you know, have, or are). Identifier: An attribute used to uniquely distinguish between individuals (versus describing individuals) Identity: A set of attributes that uniquely describe an individual within a given context. Credential: An object or data structure that authoritatively binds an identity to a token possessed and controlled by an individual. Authentication: Process intended to establish an understood level of confidence that an identifier refers to a specific individual Identity Resolution: Process intended to resolve identity attributes to a unique individual (i.e. no other individual has the same set of attributes.) Validation: Process intended to establish soundness or correctness of a construct Verification: Process intended to test or prove the truth or accuracy of a fact or value Token Managers have the ability to assert to a specific level of confidence, via the authentication service, that an individual has maintained control over a token entrusted to them and that the token has not been compromised. Authentication of a Token simply establishes an understood level of confidence that it is the same individual at the other end of the wire. But not who the individual is. Identity Managers verify attributes and associate them with a unique individual as part of an identity proofing process and, via the validation service, have the ability to assert those verified attributes Online Application (RP)

12 Token Manager RP delegates Authentication RP manages
Joe Token Manager manages Token Management Service Consent Service Identity Record Manager manages Identity Proofing Service RP delegates Authentication RP manages Identity and Binding RP uses External Token Authentication Attribute Authority Binding Binding Manager manages Token-Identity Link Record Validation Service Authentication Token: Something that the individual possesses and controls that is used to authenticate the individual. Tokens are possessed by an individual and controlled through one or more of the traditional authentication factors (something you know, have, or are). Identifier: An attribute used to uniquely distinguish between individuals (versus describing individuals) Identity: A set of attributes that uniquely describe an individual within a given context. Credential: An object or data structure that authoritatively binds an identity to a token possessed and controlled by an individual. Authentication: Process intended to establish an understood level of confidence that an identifier refers to a specific individual Identity Resolution: Process intended to resolve identity attributes to a unique individual (i.e. no other individual has the same set of attributes.) Validation: Process intended to establish soundness or correctness of a construct Verification: Process intended to test or prove the truth or accuracy of a fact or value Token Managers have the ability to assert to a specific level of confidence, via the authentication service, that an individual has maintained control over a token entrusted to them and that the token has not been compromised. Authentication of a Token simply establishes an understood level of confidence that it is the same individual at the other end of the wire. But not who the individual is. Identity Managers verify attributes and associate them with a unique individual as part of an identity proofing process and, via the validation service, have the ability to assert those verified attributes Online Application (RP)

Download ppt "Tokens & Proofing De-Mystified"

Similar presentations

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.
Hiring/Onboarding in Compliance Meetings with Supervisors Hiring/Onboarding Compliance Training for Supervisors.

Hiring/Onboarding in Compliance Meetings with Supervisors Hiring/Onboarding Compliance Training for Supervisors.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
NZ igovt/RealMe proposed consent service: overview Kantara eGov Working Group April 8 th 2013 CROWN COPYRIGHT © This work is licensed under the Creative.

NZ igovt/RealMe proposed consent service: overview Kantara eGov Working Group April 8 th 2013 CROWN COPYRIGHT © This work is licensed under the Creative.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Software Verification and Validation. Verify - Merriam Webster Online Dictionary To establish the truth, accuracy, or reality of –Confirm –Bear out –Prove.

Software Verification and Validation. Verify - Merriam Webster Online Dictionary To establish the truth, accuracy, or reality of –Confirm –Bear out –Prove.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.
Use Case Development Scott Shorter, Electrosoft Services January/February 2013.

Use Case Development Scott Shorter, Electrosoft Services January/February 2013.
Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.

Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.
Kenneth B Simons, MD Chair, WI MEB Chair, FSMB SMART Workgroup.

Kenneth B Simons, MD Chair, WI MEB Chair, FSMB SMART Workgroup.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee www.cio.gov/fpkisc.

The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.

Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.
Privacy and Security Tiger Team Meeting Discussion Materials Today’s Topic Recommendations on Trusted Identities for Providers in Cyberspace August 20,

Privacy and Security Tiger Team Meeting Discussion Materials Today’s Topic Recommendations on Trusted Identities for Providers in Cyberspace August 20,
PAYCHECKS Personal Finance 2015. PAYING EMPLOYEES There are 3 methods employers may use to pay employees: Paycheck – payment given with a paper check.

PAYCHECKS Personal Finance PAYING EMPLOYEES There are 3 methods employers may use to pay employees: Paycheck – payment given with a paper check.

Similar presentations

Ads by Google