Presentation is loading. Please wait.

Presentation is loading. Please wait.

The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:"— Presentation transcript:

1 The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see: http://www.oasis-idtrust.org/ For more information related to ‘Joining OASIS,’ please see: http://www.oasis-open.org/join www.oasis-open.org

2 OASIS provides a neutral setting where government agencies, companies, research institutes, and individuals work together to advance the use of trusted infrastructures. The OASIS PKI Member Section has restructured as the OASIS Identity and Trusted Infrastructure (IDtrust) Member Section The IDtrust MS has expanded its scope to encompass additional standards-based identity and trusted infrastructure technologies, policies, and practices. www.oasis-open.org

3 Transformation Old PKI Forum Migration to OASIS PKI MS in November 2002 One TC Focus on use of PKI and addressing barriers to deployment, not development of technical standards London OASIS Adoption Forum in November 2006 Led to transformation into IDtrust MS in 2007

4 Four Strategic Focus Areas: Identity and Trusted Infrastructure components such as cataloguing and carrying out studies and projects addressing technology-based Identity and Trust models and standards, including those that are PKI-based as well as those utilizing other security mechanisms; relevant protocols and standards; trust infrastructures in use; and costs, benefits and risk management issues Identity and Trust Policies and Enforcement, including policies and policy issues; policy mapping and standardization; assurance; technical validation mechanisms; and trust path building and validation

5 Four Strategic Focus Areas: Education and Outreach: documenting trust use cases and business case scenarios, best practices and adoption reports and papers; organizing conferences and workshops; and establishing Web-based resources Barriers and Emerging Issues associated with Identity and Trusted Infrastructures, including data privacy issues; interoperability; cross border/ organizational trust; outsourcing; cryptographic issues; application integration; and international issues

6 PKI IDtrust Steering Committee Dr. Abbie Barbir, Nortel June Leung, FundSERV Arshad Noor, StrongAuth John Sabo, CA, Inc. Ann Terwilliger, Visa International

7 Two Technical Committees Enterprise Key Management Infrastructure TC Chairs: Hans van Tilburg, Visa Arshad Noor, StrongAuth PKI Adoption TC Chair: Stephen Wilson, Lockstep LLC

8 Enterprise Key Management Infrastructure (EKMI) TC www.oasis-open.org

9 Business Motivation Regulatory Compliance PCI-DSS, HIPAA, FISMA, SB-1386, etc. Avoiding fines ChoicePoint $15M, Nationwide $2M Avoiding lawsuits – BofA, TJX Avoiding negative publicity VA, IRS, TJX, E&Y, Citibank, BofA, WF, Ralph Lauren, UC, etc.

10 e-Business/e-Government Challenges Sharing data while keeping it secure Protected Critical Information Infrastructure (PCII) at the DHS Medical, Taxpayer and Employee data Other sensitive data Protecting data across the enterprise Laptops, Desktops, Databases, PDAs, Servers, Storage devices, Partners, etc.

11 Encryption Problem ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy.........and on and on

12 Encryption Solution WAN SKS Server Generate Protect Escrow Authorize Recover Destroy Encrypt Decrypt SKS Server Encrypt Decrypt Encrypt Decrypt Encrypt Decrypt Encrypt Decrypt Encrypt Decrypt

13 What is an EKMI? An Enterprise Key Management Infrastructure is: “A collection of technology, policies and procedures for managing all cryptographic keys in the enterprise.”

14 EKMI Characteristics A single place to define EKM policy A single place to manage all keys Standard protocols for EKM services Platform and Application-independent Scalable to service millions of clients Available even when network fails Extremely secure

15 EKMI Components PKI For digital certificate management; used for strong-authentication, and secure storage & transport of symmetric encryption keys Symmetric Key Management System SKS Server for symmetric key management SKCL for client interactions with SKS Server EKMI = PKI + SKMS

16 EKMI-TC Goals Standardize on a Symmetric Key Services Markup Language (SKSML) Create Implementation & Operations Guidelines Create Audit Guidelines Create Interoperability Test-Suite

17 EKMI-TC Members/Observers FundServ, PA Consulting, PrimeKey, Sterling Commerce, StrongAuth, US DoD, Visa International, Wave Systems Booz Allen Hamilton, EMC (RSA), Entrust, Mitre Corporation, Oracle, Sigaba, Symantec Individuals representing Audit and Security backgrounds

18 PKI Adoption TC

19 The PKI environment c. 2006 PKI is resurgent, driven by applications needing signatures, esp. for paperless transacting Embedded keys & certs now commonplace Certificates now more about relationships between issuer & subject than “identity” of strangers In the midst of paradigm shift to identity plurality PKI becoming application specific, not general purpose

20 Resurgent, Embedded Business-Driven PKI Closed/Vertical/Community based schemes US PIV, Identrus, ICAO e-passports, CableLabs, Skype, BankID (Sweden) National ID smartcards with PKI Hong Kong, Malaysia, Estonia, Belgium, Thailand … Health smartcards with PKI France, Germany, Taiwan, Italy, Austria, Australia … Digital Credentials based on certificates US Patent Office, Australia, France, Taiwan, …

21 PKI Adoption: Draft objectives Note: These are proposed objectives of the new PKI Adoption TC, yet to be ratified by the Committee. Continue to overcome obstacles with targeted practical initiatives that improve understanding of PKI Re-vitalise and complete the Third International Survey See www.oasis-open.org to download survey Canvass and disseminate PKI case studies Modernise the PKI message so it reflects real needs De-mystify legal, governance and interoperability issues Liaise more closely with other OASIS efforts

22 Study on the Use of PKI in OASIS Standards Chet Ensign

23 Overall project goals Document use & applicability of PKI for OASIS standards Identify expectations re authentication, integrity, confidentiality, etc. Identify assumptions re specific PKI methods/systems available List explicit standards referenced Identify possible issues & barriers Provide recommendations

24 Status 2nd stage of study on use of PKI & related technologies in OASIS standards Study has 3 stages: Update earlier 2003 report Write new report on applicability, expectations and assumptions in OASIS TCs Provide briefings to Member Section

25 Approach to TC reviews  Group TCs by importance of e-business services to TC success Interview 3 - 5 TC chairs or technical leads Review email archives & documents for discussion of: Services, e.g. authentication, trust, encryption, digital signature Specific standards, e.g. PKI, X.509, Kerberos, SAML Summarize trends, observations, themes & provide any recommendations

26 Preliminary observations (1) Acronym “PKI” not broadly used. Instead, TCs discuss services (e.g. authentication, digital signature) or standards (e.g. X.509, Kerberos, SAML) Concepts and issues generally lumped under “Security” ‘End-user’ standards (e.g. Election & Voter Services, Court Filing) leave solution to implementation or reference other standards

27 Preliminary observations (2) PKI perceived as big, expensive and complex relative to the issues users believe they need to solve. Also has reputation for interoperability problems. Many standards leave flexibility to implementation to ensure use. General sense that buyers do not understand issues, so do not call for PKI solutions.

28 TC PKI References

29 Closed TCs Since 09/03, 27 TCs closed 22 in original 2003 study; 5 were not Of 22, only 7 (about 1/3/) discussed PKI concepts or standards in archives or specifications Only 1 explicitly addressed authentication & security in its spec

30 Closed TCs Published documents & discussion of PKI (4 TCs): Business Transactions; Application Vulnerability Description Language; Directory Services ML; XML Common Biometric Format XML Common Biometric Format was only spec to address PKI in depth

31 New TCs Since 09/03 draft, 37 TCs started 6 completed & covered above Of 31, 15 (about 1/2/) discuss PKI concepts or standards in archives or documents 7 explicitly address PKI concepts or issues in their work

32 New TCs New TCs most actively addressing PKI issues, concepts and standards: Enterprise Key Management Infrastructure Framework for Web Services Implementation International Health Continuum WS Quality Model WS Reliable Exchange WS Secure Exchange WS Transaction

33 Study Next Steps Chet Ensign now completing interviews Analysis of findings Development of inferences and conclusions Final report and presentation to the MS within next two months

34 IDTrust Summary Steering Committee developing new work plan for 2007 and 2008 Many opportunities to get involved Invitation to join OASIS and participate in the MS and/or TCs Contact Dee Schur Dee.schur@oasis-open.org

Download ppt "The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:"

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
PKI Implementation in the Real World

PKI Implementation in the Real World
Cybersecurity Issues Impacting Public Sector Financial Management OASIS e-Gov Washington Workshop, April 17 2009 John Sabo Director Global Government Relations.

Cybersecurity Issues Impacting Public Sector Financial Management OASIS e-Gov Washington Workshop, April John Sabo Director Global Government Relations.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Enterprise Key Management Infrastructures: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.

Enterprise Key Management Infrastructures: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
Click to edit Master title style OASIS PKI Workshop.

Click to edit Master title style OASIS PKI Workshop.
Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.
Stephen Wilson Chair, PKI Adoption Technical Committee Managing Director, Lockstep, Australia PKIA Goals for 2007 Stephen Wilson Chair, PKI Adoption Technical.

Stephen Wilson Chair, PKI Adoption Technical Committee Managing Director, Lockstep, Australia PKIA Goals for 2007 Stephen Wilson Chair, PKI Adoption Technical.
Enterprise Key Management Infrastructure (EKMI) Arshad Noor CTO, StrongAuth, Inc. Chair, EKMI TC – OASIS

Enterprise Key Management Infrastructure (EKMI) Arshad Noor CTO, StrongAuth, Inc. Chair, EKMI TC – OASIS
Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.

Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.
Burton Group Catalyst Meeting Barcelona, Spain 22 October 2007 June Leung OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Case Studies Burton.

Burton Group Catalyst Meeting Barcelona, Spain 22 October 2007 June Leung OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Case Studies Burton.
Burton Group Catalyst Workshop June Leung on behalf of Stephen Wilson Chair, OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Work Program.

Burton Group Catalyst Workshop June Leung on behalf of Stephen Wilson Chair, OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Work Program.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Similar presentations

Ads by Google