1. Assuring Identities in an Open Trust Framework Interoperability and Connectivity: Privacy, Security and Trust in Health Information Exchange - 5th Annual WHIT Congress – 11/10/2009 The Identity Assurance Framework Kantara Initiative Pete Palmer Co-Chair - Kantara Healthcare Identity Assurance Work Group

2. Disclaimer Provider This presentation is the result of work developed by volunteers of the Electronic Authentication Partnership, the Liberty Alliance, and the Kantara Initiative and is not a work product of Surescripts.

3. Kantara Overview Founded: April 20, 2009 Trustees: AOL, BT, CA, Fidelity, Intel, Internet Society, Liberty Alliance, Neustar, Novell, NRI, NTT, Oracle, PayPal and Sun ( see: http://kantarainitiative.org/confluence/display/GI/Current+Members )http://kantarainitiative.org/confluence/display/GI/Current+Members Purpose: To bridge and harmonize identity community efforts To ensure secure online interactions To enhance personal privacy To assure interoperability between OpenID, Liberty, InfoCard and other identity management solutions.

4. Kantara Healthcare Work Group Founded: August, 2009 History: Was Liberty Alliance Health Care Work Group Purposes: Implement patient access to their medical information and health care providers system using open source solutions Implement simplified health care worker identity management Review/Endorse identity assurance framework to support health information exchanges (HIEs) and the US nationwide health information network (NHIN) Review/endorse patient identification standards for on-line and card identifiers Work with vendors to help foster interoperability Current co-chairs: John Fraser, MEDNETWorld.com, Pete Palmer, Surescripts, and Rick Moore, eHealth Ohio. Home Page: http://kantarainitiative.org/confluence/display/healthidassurance/Home http://kantarainitiative.org/confluence/display/healthidassurance/Home Full Charter is at: http://kantarainitiative.org/confluence/display/healthidassurance/Charter http://kantarainitiative.org/confluence/display/healthidassurance/Charter

5. Identity in the Physical World

6. Today’s Collection of Identity Silos Joe’s Fish Market.Com Tropical, Fresh Water, Shell Fish, Lobster,Frogs, Whales, Seals, Clams

7. What the User wants… Simplified online experience Get rid of the need for multiple user-ids and passwords Fewer clicks Protected personal information Reduce my risk from fraud Better product & service offerings Web 2.0 and/or “smart phone” data service integration

8. There are Two Problem Areas  Technical Interoperability  Does the client application I'm using “talk” to the systems I want to use? (can I type in my PIN on my iPhone and have unfettered access to services without logging in again?)  Does the system that authenticates me (vouches for me) “talk” to the service provider systems I want to access? (can I login to my bank's site and use that to pay my taxes, book travel, and check my Gmail account?)  Operational Interoperability & Assurance  Do the commercial and government systems “trust” each others' systems, operating procedures, vetting practices, etc.? (i.e., understand & accept the distribution of liability when/if something goes wrong) We’ll focus today on the Operational Interoperability & Assurance Aspects

9. …so why the need for a common standard? Identity Assurance Framework

10. ATM Historic Analogy Seamless Access Across all Networks Linkage of Trust Domains.com Bank ATM Network A Bank ATM Network B Bank ATM Network C Bank A ATM Card Bank B ATM Card Bank C ATM Card Separate Cards with Each Bank Individual Accounts with Many Web Sites.com Bank A ATM Card Bank B ATM Card Bank C ATM Card Linked Cards within Bank Networks Federated Accounts within Trust Domain.com Bank ATM Network A Bank ATM Network B Bank ATM Network C

11. Federated Cloud: RP applications trusting Federations, who enroll & monitor CSP’s compliant w/FO policies, based on Assessor Assessments Identity Ecosystem: Trust End user (subscriber) Federation Operator Assessor Government Applications, Services, Resources Authentication Technology Credential Service Provider Relying Parties

12. Identity Assurance Framework  What is it?  Framework supporting mutual acceptance, validation and lifecycle maintenance across identity federations (i.e. systems that trust each other)  Started with EAP Trust Framework, UK tScheme and US e-Auth Federation Credential Assessment Framework as baseline  Harmonized, best-of-breed industry identity assurance standard  Identity credential policy  Business procedure and rule set  Baseline commercial terms  Guideline to foster inter-federation (i.e. inter-trust) on a global scale  It consists of 4 parts:  Assurance Levels  Service Assessment Criteria  Assurance Assessment Scheme and Certification Program  Business Rules/Deployment Guidelines

13. IAF enabled Inter-Federated Cloud: RP applications trusting [Certified Federations, who enroll & monitor] IAF compliant CSP’s, based on Accredited Assessor Assessments Identity Ecosystem: Trust after IAF End user (subscriber) Federation Operator Assessor Government Applications, Services, Resources Accredited Assessors List IAF’s Initial Focus Authentication Technology Certified Federations List Credential Service Provider Relying Parties

14. IAF Assurance Levels  Four Primary Levels of Assurance  Level 1 – Little or no confidence in asserted identity’s validity  Level 2 – Some confidence  Level 3 – Significant level of confidence  Level 4 – Very high level of confidence  CSPs are certified by Assessors to a specific Level(s)

15. Note: Assurance level criteria as posited by the OMB M-04-04 & NIST SP 800-63 IAF Assurance Levels Illustrated Multi-factor auth; Cryptographic protocol; “soft”, “hard”, or “OTP” tokens Stringent criteria – stronger attestation and verification of records Stringent organizational criteria Access to an online brokerage account 3 Multi-factor auth w/hard tokens only; crypto protocol w/keys bound to auth process More stringent criteria – stronger attestation and verification Stringent organizational criteria Dispensation of a controlled drug or $1mm bank wire 4 Single factor; Prove control of token through authentication protocol Moderate criteria - Attestation of Govt. ID Moderate organizational criteria Change of address of record by beneficiary 2 PIN and PasswordMinimal criteria - Self assertion Minimal Organizational criteria Registration to a news website 1 Assessment Criteria – Credential Mgmt Assessment Criteria – Identity Proofing Assessment Criteria – Organization Example Assurance Level

16. Assurance Assessment Scheme & Certification Program Oversight by Member Committee (ARB) Assessor is Accredited based on application of demonstrated expertise CSP service is Certified to LOA(s) based on IAF compliance Technology is Certified to be Interoperable User has safe, simple access to services Credential Service Provider Relying Parties

17. 17 The Result – Identity Ecosystem Commercial Social Networks Financial Government Institutions Industry Employers Family/ Friends People, Entities, Machines... Ubiquitous interoperability Minimize or Eliminate “Token Necklace” Customer Convenience Consistent User Experience Plain Language Simplified On-boarding Low-to-No Cost Ease of Service Selection Clear Risk & Liability

18. PHR Hospitals Clinics Payors Health Information Exchange - HIE RLS EMR Interoperability for Interoperability for Patient Lookup Patient Lookup Clinical Document Exchange Clinical Document Exchange Privacy and Security Privacy and Security Goal: Health care simplified authentication Simplified Sign Ons HIE Member Users Simplified Sign Ons: to Clinics, Google Health, MS HealthVault, etc, or via iPhone or similar smartphone apps Patient Logins Health Information Systems – Clinics, Hospitals, etc PatientsHealthcare Workers HIE Gateway NHIN Gateway

19. More Information on IAF and the Assurance Certification Program http://kantarainitiative.org/confluence/display/ certification/Identity+Assurance+Certification +Program Thank You! pete.palmer@surescripts.com