Presentation is loading. Please wait.

Presentation is loading. Please wait.

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

Published byApril Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements."— Presentation transcript:

1 STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements

2 Agenda  Introduction  Requirements presentation (M. Garcia)  Review of the derived requirements on interoperability (Tilton) o https://www.idecosystem.org/filedepot/folder/10?fid=1448 https://www.idecosystem.org/filedepot/folder/10?fid=1448 o Note: Hold off on discussion till later  Functional relationship diagram exercise (Paul & Joe) o Identify interoperability points o Potential applicable standards  Preliminary pilot view (Tilton) o Understanding & interpreting the requirements  Prioritization of requirements o Identify requirements to be addressed in “baseline” framework/trustmark  What can we do NOW to support the initial IDEF development?  Next steps

3 Interoperability Requirements Organizations shall accept external users authenticated by third parties. NSTIC, page 13 Organizations shall issue credentials capable of being utilized by multiple different service providers. NSTIC, page 13 Organizations shall utilize technologies that communicate and exchange data based upon well-defined and testable interface standards. NSTIC, page 13 Organizations shall adopt common business policies and processes (e.g., liability, identity proofing, and vetting) related to the transmission, receipt, and acceptance of data between systems. NSTIC, page 13 Organizations shall implement modular identity solutions. NSTIC, page 14 Organizations shall utilize solutions and technology that allow for identity portability. NSTIC, page 14

4 Pilot notes Cathy is sharing some notes from the pilot collaboration meetings where the derived requirements were discussed. This does NOT constitute an official contribution from the pilots.

5 Considerations The pilots reviewed the interoperability derived requirements. They identified the following three considerations vital to the success of each requirement: Is it commercially viable today? Some of the drafted interoperability requirements are not feasible in the current market, and thus would be better suited as guidelines. The wording could reflect this by stating that organizations “should” follow a requirement as opposed to “shall”. Is it specific to particular actors in the ecosystem? Many of the draft interoperability requirements are not equally applicable to all roles. Narrow requirements should be clearly targeted to a particular actor, or they should be broad enough to apply to all. To which LoAs does it pertain? Interoperability requirements must specify the level of assurance that is associated with each specific requirement, since interoperability concerns will vary between lower and higher LoAs.

6 Specific feedback The pilots provided specific feedback to the IDESG on three distinct interoperability requirements: Requirement 28: “Organizations shall utilize technologies that communicate and exchange data based upon well- defined and testable interface standards.”  Discussion:  Is this SAML/OpenID Connect? Or could it use ex. Facebook? Is someone precluded from offering others in addition to SAML, etc.? This seems focused on the CSPs, not the RPs.  Feedback for IDESG:  We recommend SAML and OpenID Connect for all assurance levels, and others for lower levels to be supported by IdPs. A similar standardized protocol should be created for APs but this is aspirational at this point. Aspirationally, RPs should also be included, but at this time market forces make this challenging.

7 Specific feedback Requirement 27: “Organizations shall issue credentials capable of being utilized by multiple different service providers.”  Feedback for IDESG: IdPs shall issue credentials capable of being utilized by multiple different RPs (we are assuming Service Providers = RPs). Need to consider more policy around level of assurance, in terms of what utilized means. Requirement 31: “Organizations shall utilize solutions and technology that allow for identity portability.”  Feedback for IDESG: There is no current format for this and perhaps this requirement may be more focused on the portability of metadata regarding consent, etc. Work is developing in this area but it should not be a near term requirement. Overall, the pilots support the creation of interoperability requirements and believe that additional requirements, potentially for attributes and relying parties, will be needed in the future. Effective baseline interoperability requirements, combined with advances in the marketplace, are imperative to enhance interoperability between all actors in the identity ecosystem.

8 Low hanging fruit What can we do NOW to support the initial IDEF development? Organizations shall utilize technologies that communicate and exchange data based upon well- defined and testable interface standards. Interface point: Authentication interface Existing standards (candidates for nomination):  SAML 2.0  OpenID Connect 1.0 Discussion

9 Advantages 1.Exercise (and ring out) the process 2.Set an example for other committees 3.‘Prime the pump’ 4.Quick win

10 Next steps Continue discussions in SCC meetings Setup a subgroup to progress?

Download ppt "STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements."

Similar presentations

TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor.

Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, 2014 4-16-2014IDESG TFTM Committee1.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.

Council of Australian University Directors of Information Technology Promoting and advancing the use and support of information technology in higher education.
Regional Portfolio Model Redevelopment Presentation to System Analysis Advisory Committee August 23, 2013.

Regional Portfolio Model Redevelopment Presentation to System Analysis Advisory Committee August 23, 2013.
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.

S&I Data Provenance Initiative Presentation to the HITSC on Data Provenance September 10, 2014.
BA_EM 02 ELECTRONIC MARKETING Pavel Kotyza, VŠFS, 8. 10. 2013.

BA_EM 02 ELECTRONIC MARKETING Pavel Kotyza, VŠFS,
DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.

DOCUMENT #:GSC15-PLEN-08 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (4.5) CONTACT(S):Jim MacFie ISACC Activities Since GSC-14 Jim MacFie.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
SCC Activities C. Tilton. Standards Are applied to SOMETHING Within some CONTEXT Something = ID Ecosystem Context = Use Cases 2.

SCC Activities C. Tilton. Standards Are applied to SOMETHING Within some CONTEXT Something = ID Ecosystem Context = Use Cases 2.
Functional Model Workstream 1: Functional Element Development.

Functional Model Workstream 1: Functional Element Development.
Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

Similar presentations

Ads by Google