Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Similar presentations


Presentation on theme: "Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007."— Presentation transcript:

1 Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007

2 Agenda Disclaimer Disclaimer About Penn State About Penn State Level Set on Levels of Assurance Level Set on Levels of Assurance –Delivering of the package Uses for LOA Uses for LOA –Both Internal and External to the university Points to Ponder Points to Ponder Discussion, Q&A Discussion, Q&A

3 Penn State

4 Established 1855, PA’s Land Grant Established 1855, PA’s Land Grant 24 campus locations 24 campus locations 80K students, 10K faculty, 10K staff 80K students, 10K faculty, 10K staff $640M annual research expenditure $640M annual research expenditure

5 Penn State IAM - Technology Kerberos, DCE, Active Directory Kerberos, DCE, Active Directory LDAP (eduPerson) LDAP (eduPerson) Cosign (WebAccess) Cosign (WebAccess) Shibboleth Shibboleth Member of InCommon Member of InCommon 2 nd Factor Authentication 2 nd Factor Authentication “Access Account” - branding for Penn State identity ~120K “Access Account” - branding for Penn State identity ~120K “Short Term Access Accounts” “Short Term Access Accounts” “Friends of Penn State” - branding for external identity, ~450K “Friends of Penn State” - branding for external identity, ~450K

6 Level Set - Delivering of the Package….

7 It’s all about how certain you are…

8 And how Certain you need to be…

9 Scenario 1… deleted image of favorite web site here…

10 deleted photo of well known delivery vehicle.

11 deleted photo of individual from well known delivery service

12 deleted image of nicely wrapped gift here….

13 Scenario 2… deleted image of favorite website

14

15

16

17

18 Risk Identity Proofing Logical & Physical Control Indemnification Liability Laws & Regulations Data Intellectual Property Transaction Identifying and Mitigating Risk

19 Uses for Levels of Assurance

20

21 eCommerce Compliance Payment Card Industry Questionnaire 8.11 Payment Card Industry Questionnaire 8.11 –Is there an account-lockout mechanism that blocks a malicious user from obtaining access to an account by multiple password retries or brute force? Yes No Card Industry following bank industry requirement for 2 nd Factor Authentication Card Industry following bank industry requirement for 2 nd Factor Authentication

22 Business Transactions Electronic Signatures Promissory Notes

23 W-2 Information Online

24 “THE” Demo (at least the boss’s part) Internet2 FastLane Demo

25 Points to Ponder Decreasing of LOA Password Resets

26 In Person Proofing

27 It’s a big, big world Not all university affiliates are located on the campus In fact, there are some we never see

28 Remote Proofing Notary Forms of Id

29 Self Service - Ask Questions? ? ? ? ? ? ? ? ? ? Mother’s Maiden Name Favorite Color Favorite Pet’s Name Create own Q & A Spouse’s Nickname First Concert Attended

30 www.londonstimes.us Distribution At times snail mail is still preferred and more trusted…

31 Points to Ponder Multiple Registration Authorities

32 Multiple Registration Authorities World Campus Registrar Admissions Human Resources Accounts Office Hershey Medical

33 Multiple Registration Authorities Registration Authority’s need to change their requirements to meet identity provider requirements. Registration Authority’s need to change their requirements to meet identity provider requirements. Understand processes tied to business such as the activation of accounts, resetting of passwords, etc Understand processes tied to business such as the activation of accounts, resetting of passwords, etc Applications relying on these processes Applications relying on these processes –Applications need to change –Processes for proofing, notification, etc all need to be changed –Activation of accounts and resetting of passwords needs to change

34 Multiple Registration Authorities Multi-factor Authentication multi-factor remote network authentication. identity proofing procedures require verification of identifying materials and information. based on proof of possession of a key or a one-time password through a cryptographic protocol.

35 Points to Ponder Changing the Culture

36 Changing the Culture Identifying & Adding new applications and services Identifying & Adding new applications and services Risk Assessment Risk Assessment –Ownership –Data, Transaction, Function Access control = authentication + LoA + attributes Access control = authentication + LoA + attributes

37 To Summarize: It’s All about how certain you are… And How Certain you need to be…

38 Questions/Comments Contact Information Renee Shuey ITS Emerging Technologies Group Pennsylvania State University RSHUEY@PSU.EDU

39 Copyright Renee Shuey 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.


Download ppt "Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007."

Similar presentations


Ads by Google