Presentation is loading. Please wait.

Presentation is loading. Please wait.

5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org.

Published byGriffin Arnold Modified over 9 years ago

Similar presentations

Presentation on theme: "5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org."— Presentation transcript:

1 5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org

2 5 th Annual Conference on Technology & Standards Global Authentication: Liberty Alliance Identity Assurance Framework Brett McDowell, Executive Director, Liberty Alliance brett@projectliberty.org phone: +1.413.652.1248

3 5 th Annual Conference on Technology & Standards Agenda Introduction State of the Market Levels of Assurance Assessment Criteria Process Conclusions

4 5 th Annual Conference on Technology & Standards Why was Liberty Alliance Formed? Identity is important & complex. We must deliver clarity OR: –industry will become more fractured –governments will intervene Foster the ubiquitous, open, interoperable, privacy-respecting, identity layer (holistic identity management): –Liberty represents all constituencies toward this objective (vendors, enterprise, government, universities, SME’s, etc.)‏ Develop standards-based model to … –Interoperate in heterogeneous environments –Avoid proprietary vendor lock-in –Provide flexible foundation for future growth –Scale to the WWW Deliver consumer & enterprise confidence that security, privacy and data integrity will be maintained 4

5 5 th Annual Conference on Technology & Standards Liberty’s Global Membership 150 diverse member companies and organizations representing leaders in IT, mobility, government, service provision, system integration and finance working collaboratively to address the technology, business and policy aspects of digital identity management Sponsors Management Board

6 5 th Annual Conference on Technology & Standards Liberty Focus 04/17/086 An Ecosystem of Interoperable Products & Services Business and Privacy Guidelines Technology Standards and Guidelines Assurance An Ecosystem of Interoperable Products & Services Identity Assurance Framework & Assessors

7 5 th Annual Conference on Technology & Standards Some Liberty Achievements The de-facto standard for Identity Federation (SAML 2.0)‏ Standard framework for secure Web Services (ID-WSF 2.0)‏ Publish case studies of successful deployments (17 verticals)‏ EAP merger & Identity Assurance Framework public draft GSA joins those requiring Liberty Interoperable™ testing Concordia Project standards harmonisation demo at RSA openLiberty.org Web Services Client (Java) beta release Completed requirements for Strong Authentication (ID-SAFe)‏ Initiated Identity Governance Framework (IGF) specification Finalized Advanced Client specification for device provisioning 04/17/087

8 5 th Annual Conference on Technology & Standards Agenda Introduction State of the Market Levels of Assurance Assessment Criteria Process Conclusions

9 5 th Annual Conference on Technology & Standards Issues Remain to be Solved World of identity is too complex for its own good….. –Individuals and commercial entities need simplicity in achieving what they want to do securely, privately, and confidently –In order to grow outside the enterprise— federate the federations—identity marketplace needs an open, scalable, trustworthy commercially viable solution

10 5 th Annual Conference on Technology & Standards The General Ecology Identity Assertion Identity Reliance Commercial Comm. Networks Financial Government Institutions Industry Employers Family/ Friends People, Entities, Machines More?

11 5 th Annual Conference on Technology & Standards The General Ecology Commercial Comm. Networks Financial Government Institutions Industry Employers Family/ Friends People, Entities, Machines More? Getting more complex all the time …

12 5 th Annual Conference on Technology & Standards There needs to be a Consistent & Clear Customer Experience

13 5 th Annual Conference on Technology & Standards 04/17/0813 Focus on Identity Assurance

14 5 th Annual Conference on Technology & Standards Identity Assurance Expert Group (IAEG)‏ 2007 formed Identity Assurance Expert Group (IAEG) designed to foster adoption of identity assurance services Initial contributions from EAP and U.S. E-Authentication Federation Objective is to create a framework of baseline policies, business rules and commercial terms against which identity assurance services can be assessed and certified Initial goal is to facilitate broad, uniform, interoperable, trusted identity federation practices across identity service providers – aka credential service providers (CSP’s) Desired result is operational streamlining of identity service provider certification and accreditation processes for entire industry 04/17/0814

15 5 th Annual Conference on Technology & Standards Agenda Introduction State of the Market Levels of Assurance Assessment Criteria Process Conclusions

16 5 th Annual Conference on Technology & Standards IAF Assurance Levels Policy Overview –Level of trust associated with a credential measured by the strength and rigor of the identity-proofing process; the inherent strength of the credential and the policy and practice statements employed by the CSP‏. –Four Primary Levels of Assurance Level 1 – little or no confidence in asserted identity’s validity Level 2 – Some confidence Level 3 – High level of confidence Level 4 – Very high level of confidence –Use of Assurance Level is determined by level of authentication necessary to mitigate risk in the transaction, as determined by the Relying Party (RP) –CSPs are certified by Federation Operators (FO’s) to a specific Level(s)‏

17 5 th Annual Conference on Technology & Standards IAF Assurance Levels in Detail Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63: –Level 1 – (e.g. registration to a news website)‏ Satisfied by a wide range of technologies, including PINs Does not require use of cryptographic methods –Level 2 – (e.g. change of address by beneficiary)‏ Single-factor remote network authentication Claimant must prove control of token through secure authentication protocol –Level 3 – (e.g. online access to a brokerage account)‏ Multi-factor remote network authentication Authentication by keys through cryptographic protocol Tokens can be “soft”, “hard” or “one-time password” –Level 4 – (e.g. distribution of controlled drugs)‏ Multi-factor remote authentication through “hard” tokens Transactions are cryptographically authenticated using keys bound to the authentication process

18 5 th Annual Conference on Technology & Standards Assurance in Action

19 5 th Annual Conference on Technology & Standards Agenda Introduction State of the Market Levels of Assurance Assessment Criteria Process Conclusions

20 5 th Annual Conference on Technology & Standards IAF Service Assessment Criteria (SAC)‏ Common Organization SAC - The general business and organizational conformity of services and their providers –Enterprise maturity; Information Security Mgmt; Operational Infrastructure, etc. Identity Proofing SAC - The functional conformity of identity proofing services –Identity verification; Verification records Credential Management SAC - The functional conformity of credential management services and their providers –Operating environment; Issuance; Revocation; Status Mgmt; Validation/Authentication

21 5 th Annual Conference on Technology & Standards Assurance level criteria as posited by the OMB M-04-04 and NIST Special Publication 800-63: Multi-factor auth; Cryptographic protocol; “soft”, “hard”, or “OTP” tokens Stringent criteria – stronger attestation and verification of records Stringent organizational criteria Access to an online brokerage account AL 3 Multi-factor auth w/hard tokens only; crypto protocol w/keys bound to auth process More stringent criteria – stronger attestation and verification Stringent organizational criteria Dispensation of a controlled drug or $1mm bank wire AL 4 Single factor; Prove control of token through authentication protocol Moderate criteria - Attestation of Govt. ID Moderate organizational criteria Change of address of record by beneficiary AL 2 PIN and PasswordMinimal criteria - Self assertion Minimal Organizational criteria Registration to a news website AL 1 Assessment Criteria – Credential Mgmt Assessment Criteria – Identity Proofing Assessment Criteria -- Organization Example Assurance Level

22 5 th Annual Conference on Technology & Standards Agenda Introduction State of the Market Levels of Assurance Assessment Criteria Process Conclusions

23 5 th Annual Conference on Technology & Standards IAF Business Rules Focused on the use of credentials for authentication, initially targeting CSP’s Liberty Alliance Project (LAP) provides accreditation of assessors who will perform certification assessment Federation Operators will require LAP-accredited assessments IAF provides guidelines for how all involved parties (relying parties, CSP’s and Federation Operators) may work together LAP will maintain the Identity Assurance Framework and provide a current list of accredited assessors

24 5 th Annual Conference on Technology & Standards IAF Certification Model Program for assessors to become accredited Provide candidate CSP’s with guidelines for certifying against IAF Enables Federation Operators to certify members against common industry framework and assessment practices Liberty Alliance to define and provide governance over accreditation process Phase one certification process is for CSP’s as defined in IAF

25 5 th Annual Conference on Technology & Standards Agenda Introduction State of the Market Levels of Assurance Assessment Criteria Process Conclusions

26 5 th Annual Conference on Technology & Standards Roadmap Phase One of Certification Program for CSP’s/IDP’s, ratified in Identity Assurance Framework v1.0 FINAL (Q2 2008)‏ Launch Accreditation Program to enable the Certification model and spur the market (Mid-2008)‏ Introduce IAF Suite – documentation to support IAF Scope and define Phase 2 –IAF Version 2.0 to focus on Federation Operators (begins Q3 2008)‏ –Best Practices / Usage Guidelines document for Relying Parties 04/17/0826

27 5 th Annual Conference on Technology & Standards References (Contributions to IAF standard) EAP Trust Framework: http://eap.projectliberty.org/docs/Trust_Framework_010605_final.pdf OMB e-Authentication Guidance (OMB M-04-04): http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf NIST Special Publication 800-63 Version 1.0.1: http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf Authentication Service Component Interface Specifications: http://www.cio.gov/eauthentication/documents/TechApproach.pdf GSA Credential Assessment Framework, Password CAP, Certificate CAP and Entropy Spreadsheet: http://www.cio.gov/eauthentication/documents/PasswordCAP.pdf Tscheme http://www.tscheme.org/profiles/index.html TSCP http://tscp.org/about.htm

28 5 th Annual Conference on Technology & Standards Getting Involved Liberty Alliance Identity Assurance Expert Group (Liberty Alliance membership is required)‏ http://www.projectliberty.org/liberty/membership/become_a_member Identity Assurance Special Interest Group (Liberty Alliance membership is not required)‏ http://wiki.projectliberty.org/index.php/IASIG Identity Assurance Framework for Review and Comment http://www.projectliberty.org/liberty/content/download/3736/24651/file/liberty -identity-assurance-framework-v1.0.pdf 28

29 5 th Annual Conference on Technology & Standards Thank You Any Questions? Please get involved!

Download ppt "5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill www.PESC.org."

Similar presentations

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.

Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.

Kantara Initiative Identity Assurance Framework Overview and Value Proposition March 8, 2011.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
Intra-ASEAN Secure Transactions Framework Project Progress Report

Intra-ASEAN Secure Transactions Framework Project Progress Report
Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.

Digital Rights Management 5th Annual Wireless Java Conference January 21-23, 2004 Kevin Mowry, Motorola Chair, OMA Download and DRM group.
Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.

Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.
Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.

Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Similar presentations

Ads by Google