Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Authentication: Liberty Alliance Identity Assurance Framework

Published bySri Sudjarwadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Global Authentication: Liberty Alliance Identity Assurance Framework"— Presentation transcript:

1

2 Global Authentication: Liberty Alliance Identity Assurance Framework
Roger Brett McDowell, Executive Director, Liberty Alliance phone:

3 Agenda Introduction State of the Market Levels of Assurance
Assessment Criteria Process Conclusions Roger

4 Why was Liberty Alliance Formed?
Identity is important & complex. We must deliver clarity OR: industry will become more fractured governments will intervene Foster the ubiquitous, open, interoperable, privacy-respecting, identity layer (holistic identity management): Liberty represents all constituencies toward this objective (vendors, enterprise, government, universities, SME’s, etc.)‏ Develop standards-based model to … Interoperate in heterogeneous environments Avoid proprietary vendor lock-in Provide flexible foundation for future growth Scale to the WWW Deliver consumer & enterprise confidence that security, privacy and data integrity will be maintained Roger

5 Liberty’s Global Membership
150 diverse member companies and organizations representing leaders in IT, mobility, government, service provision, system integration and finance working collaboratively to address the technology, business and policy aspects of digital identity management Management Board Sponsors Roger

6 Assurance Liberty Focus 04/17/08 Technology Standards and Guidelines
Business and Privacy Guidelines Assurance Roger An Ecosystem of Interoperable Products & Services An Ecosystem of Interoperable Products & Services Identity Assurance Framework & Assessors 04/17/08

7 Some Liberty Achievements
The de-facto standard for Identity Federation (SAML 2.0)‏ Standard framework for secure Web Services (ID-WSF 2.0)‏ Publish case studies of successful deployments (17 verticals)‏ EAP merger & Identity Assurance Framework public draft GSA joins those requiring Liberty Interoperable™ testing Concordia Project standards harmonisation demo at RSA openLiberty.org Web Services Client (Java) beta release Completed requirements for Strong Authentication (ID-SAFe)‏ Initiated Identity Governance Framework (IGF) specification Finalized Advanced Client specification for device provisioning Roger 04/17/08

8 Agenda Introduction State of the Market Levels of Assurance
Assessment Criteria Process Conclusions Roger to Soren Peter

9 Issues Remain to be Solved
World of identity is too complex for its own good….. Individuals and commercial entities need simplicity in achieving what they want to do securely, privately, and confidently In order to grow outside the enterprise—federate the federations—identity marketplace needs an open, scalable, trustworthy commercially viable solution Soren Peter for Global context Myisha for US view

10 The General Ecology Identity Reliance Identity Assertion Commercial
Networks Financial Government Institutions Industry Employers Family/ Friends People, Entities, Machines More? Identity Reliance Identity Assertion Jane

11 Getting more complex all the time …
The General Ecology Commercial Comm. Networks Financial Government Institutions Industry Employers Family/ Friends People, Entities, Machines More? Jane Getting more complex all the time …

12 There needs to be a Consistent & Clear Customer Experience
Jane to Alex

13 Focus on Identity Assurance
Alex 04/17/08

14 Identity Assurance Expert Group (IAEG)‏
2007 formed Identity Assurance Expert Group (IAEG) designed to foster adoption of identity assurance services Initial contributions from EAP and U.S. E-Authentication Federation Objective is to create a framework of baseline policies, business rules and commercial terms against which identity assurance services can be assessed and certified Initial goal is to facilitate broad, uniform, interoperable, trusted identity federation practices across identity service providers – aka credential service providers (CSP’s) Desired result is operational streamlining of identity service provider certification and accreditation processes for entire industry Alex 04/17/08

15 Agenda Introduction State of the Market Levels of Assurance
Assessment Criteria Process Conclusions Roger to Jane

16 IAF Assurance Levels Policy Overview
Level of trust associated with a credential measured by the strength and rigor of the identity-proofing process; the inherent strength of the credential and the policy and practice statements employed by the CSP‏. Four Primary Levels of Assurance Level 1 – little or no confidence in asserted identity’s validity Level 2 – Some confidence Level 3 – High level of confidence Level 4 – Very high level of confidence Use of Assurance Level is determined by level of authentication necessary to mitigate risk in the transaction, as determined by the Relying Party (RP) CSPs are certified by Federation Operators (FO’s) to a specific Level(s)‏ Jane to Alex

17 IAF Assurance Levels in Detail
Assurance level criteria as posited by the OMB M and NIST Special Publication : Level 1 – (e.g. registration to a news website)‏ Satisfied by a wide range of technologies, including PINs Does not require use of cryptographic methods Level 2 – (e.g. change of address by beneficiary)‏ Single-factor remote network authentication Claimant must prove control of token through secure authentication protocol Level 3 – (e.g. online access to a brokerage account)‏ Multi-factor remote network authentication Authentication by keys through cryptographic protocol Tokens can be “soft”, “hard” or “one-time password” Level 4 – (e.g. distribution of controlled drugs)‏ Multi-factor remote authentication through “hard” tokens Transactions are cryptographically authenticated using keys bound to the authentication process

18 Assurance in Action Jane

19 Agenda Introduction State of the Market Levels of Assurance
Assessment Criteria Process Conclusions Soren Peter / Myisha

20 IAF Service Assessment Criteria (SAC)‏
Common Organization SAC - The general business and organizational conformity of services and their providers Enterprise maturity; Information Security Mgmt; Operational Infrastructure, etc. Identity Proofing SAC - The functional conformity of identity proofing services Identity verification; Verification records Credential Management SAC - The functional conformity of credential management services and their providers Operating environment; Issuance; Revocation; Status Mgmt; Validation/Authentication Soren Peter / Myisha

21 Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63:
Multi-factor auth; Cryptographic protocol; “soft”, “hard”, or “OTP” tokens Stringent criteria – stronger attestation and verification of records Stringent organizational criteria Access to an online brokerage account AL 3 Multi-factor auth w/hard tokens only; crypto protocol w/keys bound to auth process More stringent criteria – stronger attestation and verification Dispensation of a controlled drug or $1mm bank wire AL 4 Single factor; Prove control of token through authentication protocol Moderate criteria - Attestation of Govt. ID Moderate organizational criteria Change of address of record by beneficiary AL 2 PIN and Password Minimal criteria - Self assertion Minimal Organizational criteria Registration to a news website AL 1 Assessment Criteria – Credential Mgmt Assessment Criteria – Identity Proofing Assessment Criteria -- Organization Example Assurance Level Alex, back to Jane

22 Agenda Introduction State of the Market Levels of Assurance
Assessment Criteria Process Conclusions

23 IAF Business Rules Focused on the use of credentials for authentication, initially targeting CSP’s Liberty Alliance Project (LAP) provides accreditation of assessors who will perform certification assessment Federation Operators will require LAP-accredited assessments IAF provides guidelines for how all involved parties (relying parties, CSP’s and Federation Operators) may work together LAP will maintain the Identity Assurance Framework and provide a current list of accredited assessors Myisha

24 IAF Certification Model
Program for assessors to become accredited Provide candidate CSP’s with guidelines for certifying against IAF Enables Federation Operators to certify members against common industry framework and assessment practices Liberty Alliance to define and provide governance over accreditation process Phase one certification process is for CSP’s as defined in IAF Myisha

25 Agenda Introduction State of the Market Levels of Assurance
Assessment Criteria Process Conclusions Roger to lead conclusion discussion

26 Roadmap Phase One of Certification Program for CSP’s/IDP’s, ratified in Identity Assurance Framework v1.0 FINAL (Q )‏ Launch Accreditation Program to enable the Certification model and spur the market (Mid-2008)‏ Introduce IAF Suite – documentation to support IAF Scope and define Phase 2 IAF Version 2.0 to focus on Federation Operators (begins Q )‏ Best Practices / Usage Guidelines document for Relying Parties 04/17/08

27 References (Contributions to IAF standard)
EAP Trust Framework: OMB e-Authentication Guidance (OMB M-04-04): NIST Special Publication Version 1.0.1: Authentication Service Component Interface Specifications: GSA Credential Assessment Framework, Password CAP, Certificate CAP and Entropy Spreadsheet: Tscheme TSCP

28 Getting Involved Liberty Alliance Identity Assurance Expert Group
(Liberty Alliance membership is required)‏ Identity Assurance Special Interest Group (Liberty Alliance membership is not required)‏ Identity Assurance Framework for Review and Comment -identity-assurance-framework-v1.0.pdf

29 Thank You Any Questions? Please get involved!

Download ppt "Global Authentication: Liberty Alliance Identity Assurance Framework"

Similar presentations

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.

Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
Intra-ASEAN Secure Transactions Framework Project Progress Report

Intra-ASEAN Secure Transactions Framework Project Progress Report
Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.

Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Assuring Identities in an Open Trust Framework The Identity Assurance Framework Kantara Initiative 10-22-2009 Presentation to the Kantara Healthcare Identity.

Assuring Identities in an Open Trust Framework The Identity Assurance Framework Kantara Initiative Presentation to the Kantara Healthcare Identity.
Assuring Identities in an Open Trust Framework Interoperability and Connectivity: Privacy, Security and Trust in Health Information Exchange - 5th Annual.

Assuring Identities in an Open Trust Framework Interoperability and Connectivity: Privacy, Security and Trust in Health Information Exchange - 5th Annual.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

Similar presentations

Ads by Google