Scaling Interoperable Trust through a Trustmark Marketplace
|
|
- Emerald Austin
- 6 years ago
- Views:
Transcription
1 Scaling Interoperable Trust through a Marketplace John Wandelt Georgia Tech Research Institute This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards and Technology
2 NASCIO Survey on ID Management CIOs say that the most significant barriers to adoption of an enterprise IAM strategy are: The decentralized environment of the state The cost of doing so The complexity of legacy systems The lack of governance
3 Persons Non-Persons Logical Access Physical Access Scope of FICAM & SICAM
4 Need to Defy Gravity
5 Id&AM Frameworks Need to Evolve
6 Past, Present, and Future Legacy State of Practice State of Technology State of Need Application Enterprise Federation Ecosystem Application Application Specific Access Control Lists Scale Organization and Governance of Interest Enabling VPN, Virtual Technology PKI, SAML, Trust Directories, etc. Authorization Role Based Access Control Community Frameworks, etc. Attribute Based Access Control Cross Sector Marketplace? Framework Policy Based Access Control
7 NSTIC Pilot Team
8 In the Beginning Lots of Application-Specific Identity Silos
9 Along Came Federated Identity Decouple Identities from Applications! Attribute Provider Identity Provider Standard Protocols Application Application (Service Application Provider) (Service Application Provider) (Service Application Provider) (Service Provider) (Service Provider) User So what about Trust, Liability, Security?
10 And Today Lots of Federated Identity Silos
11 Current State of the Identity Ecosystem AP Many Each Trust There Frameworks exist requires many are Trust agreement monolithic Frameworks. across and many opaque. dimensions. AP ISE A ID Trust Framework A ID Trust Framework C Community of Interest C AP Federation B ID Trust Framework B
12 Achieving Cross-Framework Trust Suppose this user needs access to this. AP AP ISE A ID Trust Framework A ID Trust Framework C Community of Interest C AP In today s ID Ecosystem, there are at least five ways to do it Federation B ID Trust Framework B and all of them face challenges.
13 Challenges with Inter-federation Federation Federation Why? 1. No two TFs are the same, so mapping trust and interop requirements between them is hard. Think protocols, attributes, policies, etc. 2. TFs are moving targets, which further complicates the mapping process. 3. Transitive trust is diluted trust, so inter-federation trust cannot be as strong as intra-federation trust. 4. Contractual obligations usually cannot be transferred or assigned to 3 rd parties, which makes inter-federation legal agreements difficult or impossible to execute. (Many other issues exist.)
14 The Perspective from the LE Community Law Enforcement COI has over 1 million people in the US alone Over 10,000 US LE agencies Required to share data across jurisdictions But must obey applicable access controls when sharing Trust between agencies is a fundamental requirement LE agencies are autonomous (NOT centrally funded) 3 rd party trust is required due to COI size and complexity Most users must have high-assurance credentials Federal Agencies LE agencies are highly heterogeneous State Agencies Local Agencies Legitimate business need to interact with many other COIs Tribal Agencies Task Forces Fusion Centers
15 The Perspective from the LE Community
16 The Perspective from the LE Community State ISE SICAM Critical Infrastructure Health ISE AP AP AP AP AP AP
17 Many Other Relevant Initiatives FICAM Federal Identity, Credential, and Access Management NIEF Technical specs and policies are aligned with FICAM NIEF has submitted formal application to be approved as a FICAM Trust Framework LOA 2 and non-pki LOA 3 SICAM State Identity, Credential, and Access Management SICAM currently only provides high-level guidance Leverages FICAM and FICAM TFP initiatives NIEF working with NASCIO to further mature SICAM through NIEF Quick Start program and NIEF NSTIC pilots BAE Backend Attribute Exchange NIEF one of first operational BAE pilots in partnership with GSA, PM-ISE, TX DPS, RISS, IIR NIEF has adopted BAE profile for Attribute Providers PIV/PIV-I Personal Identity Verification Under the sponsorship of DHS S&T and in partnership with JHAPL, GTRI developed a proof of concept Gateway between the PIV-I community and NIEF. Also Leverages the BAE to collect additional attributes not on the PIV-I card NSTIC National Strategy for Trusted Identities in Cyberspace NIEF selected by NIST to be a NSTIC pilot to demonstrate Scalable Trust and Interoperability through a Marketplace Scope is broader than FICAM but leverages FICAM
18 Where to from here?
19 ID Ecosystem Vision Is it OK if the Trust Frameworks in the ID Ecosystem are mostly non-interoperable and non-trusting identity silos?
20 ID Ecosystem Vision Or is there a viable strategy and framework for trust and interoperability between various COIs, ISEs, and Federations?
21 What about a Framework? If the frameworks were modular ID Trust Framework A ID Trust Framework B ID Trust Framework C FICAM FIPPs NIST OAuth OpenID SAML SSO LOA 3 then we get: FIPS 200 Greater transparency of trust framework requirements Greater ease of comparability between frameworks Greater potential for reusability of framework components And, most importantly: Greater potential for participation in multiple trust frameworks by ID Ecosystem members with incremental effort and cost
22 What about a Framework? ID Trust Framework A ID Trust Framework B ID Trust Framework C FICAM FIPPs NIST OAuth OpenID FIPS 200 SAML SSO LOA 3 These modular components are called s.
23 Scope of s FICAM SAML SSO Profile NIST / FICAM LOA 3 Identity Fair Information Practice Principles (FIPPs) FIPS 200 Security Practices GFIPM Metadata Registry (User Attributes) Policies & Agreements
24 A -Based ID Ecosystem AP AP AP ID Trust Framework A Trust Interoperability Profile A ID Trust Framework B Trust Interoperability Profile B ID Trust Framework C Trust Interoperability Profile C Rather than requiring each a community monolithic, can formalized define a Trust TIP. Framework
25 A -Based ID Ecosystem TIP A TIP B TIP C AP AP AP Provider Provider Then each Some There member s can of be the can many community Providers be acquired may can acquire the necessary Providers through specialize s a in the in issuing ID based Ecosystem. Provider. one the TIP. particular. Others may offer many s. Provider Provider Provider Provider Provider Provider Provider Provider Provider Provider
26 A -Based ID Ecosystem TIP A TIP B TIP C AP AP AP Members of the ID Ecosystem Provider can query a Registry to answer questions such as: Provider What other members This of s collection the ID Ecosystem of can actors be stored have and the entities in a necessary s to meet is searchable the MY trust requirements? Marketplace. Registry. Provider What s must I acquire to meet the trust requirements of <MEMBER>? Provider Provider Provider X: Y: Etc. Registry
27 What is a trustmark framework? Stakeholder Community Is Used By Provider Issues Is Represented By Trust Interop Profile Defining Organization Recipient A B C Is Trusted By Defines Is Required By Definition Is Required By Org. 1 Relying Parties Org. 2 End User
28 Parallels between s and PKI Framework Concept Provider Recipient Relying Party Policy Agreement Defining Organization Definition Trust Interoperability Profile Analogous Concept from PKI Certificate Certificate Authority Subscriber Certificate Relying Party / Audience Certificate Policy Subscriber Agreement ITU (Agency that defined X.509) IETF RFC 5280 (X.509 Spec) List of Trusted Certificate Authorities
29 Defines basic structure of Conforms to Defines structure of Conforms to Defines structure of Conforms to The Framework in More Detail Spec Is used by Definition Spec Trust Interoperability Profile Spec Instance Defines assessment criteria for Definition Instance Is used by Trust Interoperability Profile Instance
30 Definitions Conformance Criteria: Conformance to the Identity Provider Organization (O) conformance target of this TD requires the following. 1. The O MUST 2. The O MUST 3. The O MAY 4. Assessment Process: XML Metadata: Publisher: U.S. General Services Administration Name: NIST/FICAM LOA 2 O TD URL: <URL> Description and Intended Purpose: Target Stakeholder Audience: Date of Publication: 15 Apr 2014 Version: 1.0 Visual Icon: Before issuing a trustmark subject to this TD, a Provider MUST complete the following assessment steps. 1. The TP MUST 2. The TP MUST 3. The TP MUST Extension Schema: s issued subject to this TD MUST conform to the Base Schema, and MUST also conform to the following Extension Schema. XSD XML Certification as a Provider: Before an entity may issue trustmarks subject to this TD, it MUST complete the following certification process. 1. The entity MUST 2. The entity MUST 3. The entity MUST? XML XML
31 A Sample TIP Instance Trust and Interoperability Criteria: Identity Provider Organization (O) Requirements: Requirement Approved Providers FICAM SAML SSO MUST HAVE NIEF NIEF/FICAM LOA 2 O NIEF Attribute Profile O MUST HAVE MUST HAVE NIEF or Deloitte (ANY) XML XYZ Privacy Policy O SHOULD HAVE (ANY) Service Provider Organization (SPO) Requirements: Requirement Approved Providers FICAM SAML SSO SP NIEF Attribute Profile SPO XYZ Privacy Policy SPO MUST HAVE MUST HAVE MUST HAVE NIEF (ANY) (ANY) Metadata: Publisher: U.S. Dept. of Justice URL: <URL> Name: U.S. Law Enforcement Community Info Sharing TIP Description and Intended Purpose: Date of Publication: 15 Jun 2014 Version: 1.0 Digital Signature of Issuer: <SIGNATURE>
32 s What? Where? TDO
33 Sources of Components
34 FICAM InCommon NIEF GFIPM CSDII Others Creating Modular Common Components Step 1: Gather trust and interop requirements from many frameworks Step 2: Break down and reassemble requirements into modular, reusable components Transformation Process Step 3: Express modularized requirements in a standard format to encourage broad reuse Definition Definition Definition
35 GTRI NSTIC Pilot Analysis 94 distinct trustmarks identified (so far) Covers FICAM, NIEF, and Other NSTIC Pilots Also covers FIPPs (privacy) topics
36 s By Category Identity Assurance Policy Security Policy Privacy Policy Attribute Assurance Policy Technical Interoperability Organizational Integrity / Bona Fides Technical Trust Usability
37 Scope of the NSTIC Pilot Concept Maturation Concept Presentation Pilot Concept Website Outreach to IDESG Outreach to NIEF Membership Outreach to SICAM Stakeholders Outreach to Other Stakeholders Framework Normative Spec Normative TD Spec Normative TIP Spec Policy Template Agreement Template Sample TDs, TIPs, and s Comm. Protocol TDs & s Identity LOA TDs & s End-User Privacy TDs & s Security Policy TDs & s Other TDs & s Sample TIPs for NIEF Community Sample Tools Assessment Tool for Providers Generating & Publishing Tool for Providers Registry Query Tool NIEF Pilot 5 6 Issue s to Current NIEF Members Modify Tech Framework, Specs, TDs, TIPs, Policies, Agreements, and Tools as Needed Expanded Pilot via NASCIO/SICAM Identify SICAM Use Cases Issue s to More s, APs, and s via a New Provider Demonstrate SICAM Use Cases in a Multiple--Provider Marketplace
38 NIEF Moving Forward Legacy State of Practice State of Technology State of Need Application Enterprise Federation NIEF Ecosystem Application Application Specific Access Control Lists Scale Organization and Governance of Interest Enabling VPN, Virtual Technology PKI, SAML, OpenID, Directories, etc. Authorization Role Based Access Control Community etc. Attribute Based Access Control Cross Sector Marketplace Framework Policy Based Access Control
39 The NIEF QuickStart Program Drive broader adoption and implementation GFIPM, FICAM, and NIEF standards among state agencies. Streamline the onboarding process to lower cost and barriers to adoption. Demonstrate the NIEF Framework as a viable approach to cross sector interoperable security, privacy, and trust.
40 Learn More Here
41 Some NIEF Members
42 High-Level Project Plan & Timeline Q Q Q Q Q Q Q Q Develop Concept Refine Concept as Needed Develop Framework Develop Sample TDs, s, and TIPs Refine Framework as Needed Refine TDs, s, and TIPs as Needed Develop and Refine Sample Software Tools Develop SICAM Use Cases & Scenarios Refine Use Cases & Scenarios Pilot in NIEF Outreach/Prep for Expanded Pilot Community Outreach Project Oversight & Reporting Expanded Pilot SICAM Demo
PKI and FICAM Overview and Outlook
PKI and FICAM Overview and Outlook Stepping Stones 2001 FPKIPA Established Federal Bridge CA established 2003 E-Authentication Program Established M-04-04 E-Authentication Guidance for Federal Agencies
More informationNational Strategy for Trusted Identities in Cyberspace
National Strategy for Trusted Identities in Cyberspace James B. Sheire Senior Advisor, NSTIC National Institute of Standards and Technology (NIST) August 26, 2013 8/27/2013 1 What is NSTIC? Called for
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationApproved 10/15/2015. IDEF Baseline Functional Requirements v1.0
Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in
More informationHealth Information Exchange - A Critical Assessment: How Does it Work in the US and What Has Been Achieved?
Health Information Exchange - A Critical Assessment: How Does it Work in the US and What Has Been Achieved? Use cases, best practice and examples for successful implementations 1 Agenda Overview of The
More informationExtending Services with Federated Identity Management
Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationIntra-ASEAN Secure Transactions Framework. Pitinan Kooarmornpatana Director of IT Infrastructure Office of ETDA Jun 2015
Intra-ASEAN Secure Transactions Framework Pitinan Kooarmornpatana Director of IT Infrastructure Office of ETDA Jun 2015 Background What is Intra-ASEAN Secure Transactions Framework? Funded Project by ASEAN
More informationGlobal Reference Architecture: Overview of National Standards. Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants
Global Reference Architecture: Overview of National Standards Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants Goals for this Presentation Define the Global Reference Architecture
More informationFEDERATED IDENTITY AND SHARING CRIMINAL JUSTICE INFORMATION
FEDERATED IDENTITY AND SHARING CRIMINAL JUSTICE INFORMATION SEARCH MEMBERSHIP MEETING July, 2011St. Louis, Mo. David Gavin Current State of Criminal Justice Information Sharing However beautiful the strategy,
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationLeveraging HSPD-12 to Meet E-authentication E
Leveraging HSPD-12 to Meet E-authentication E Policy and an update on PIV Interoperability for Non-Federal Issuers December 2, 2008 Chris Louden IAB 1 Leveraging HSPD-12 to Meet E-Authentication E Policy
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationConCert FAQ s Last revised December 2017
ConCert FAQ s Last revised December 2017 What is ConCert by HIMSS? ConCert by HIMSS is a comprehensive interoperability testing and certification program governed by HIMSS and built on the work of the
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationNational Identity Exchange Federation. Certificate Policy. Version 1.1
National Identity Exchange Federation Certificate Policy Version 1.1 September 9, 2014 Table of Contents 1 Introduction...4 1.1 Overview... 6 1.1.1 Certificate Policy...6 1.1.2 References...6 1.2 Document
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNIEM in Action: Roadmap to Successful Standards- Based Information- Sharing
NIEM in Action: Roadmap to Successful Standards- Based Information- Sharing The National Information Exchange Model (NIEM) A Presentation to the IACP-LIEM Conference May 9, 2008 Nashville, TN Paul Wormeli,
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNational Identity Exchange Federation. Web Services System- to- System Profile. Version 1.1
National Identity Exchange Federation Web Services System- to- System Profile Version 1.1 July 24, 2015 Table of Contents TABLE OF CONTENTS I 1. TARGET AUDIENCE AND PURPOSE 1 2. NIEF IDENTITY TRUST FRAMEWORK
More informationHIT Policy Committee. Recommendations by the Certification and Adoption Workgroup. Paul Egerman Marc Probst, Intermountain Healthcare.
HIT Policy Committee Recommendations by the Certification and Adoption Workgroup Paul Egerman Marc Probst, Intermountain Healthcare July 16, 2009 Agenda The Workgroup The Workgroup s Charge Workgroup Process
More informationFederal-State Connections: Opportunities for Coordination and Collaboration
Federal-State Connections: Opportunities for Coordination and Collaboration State Health Information Exchange Program October 23, 2012 Chris Muir Program Manager 1 ONC Overview Vision A health system that
More informationACF Interoperability Human Services 2.0 Overview. August 2011 David Jenkins Administration for Children and Families
ACF Interoperability Human Services 2.0 Overview August 2011 David Jenkins Administration for Children and Families Interoperability: An Operational Definition Creating a Health and Human Service System
More informationHelping Meet the OMB Directive
Helping Meet the OMB 11-11 Directive March 2017 Implementing federated identity management OMB Memo 11-11 Meeting FICAM Objectives Figure 1: ICAM Conceptual Diagram FICAM Targets Figure 11: Federal Enterprise
More informationNational Cybersecurity Center of Excellence
The 3rd Annual Intelligence and National Security Forum Jim McCarthy NIST / NCCoE 05/11/2018 This presentation is unclassified in its entirety Foundations Collaborative Hub The NCCoE assembles experts
More informationOverview October 2014
Overview October 2014 What is Connect.Gov? Connect.Gov enables people to access online (digital) government services in a convenient, privacy enhancing, and secure manner without having to create a new
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationStakeholder and community feedback. Trusted Digital Identity Framework (Component 2)
Stakeholder and community feedback Trusted Digital Identity Framework (Component 2) Digital Transformation Agency This work is copyright. Apart from any use as permitted under the Copyright Act 1968 and
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationGovernment support for Industry Consortia and why it matters. IIS/O5 hosted by DIACC, Ottawa November 2, 2016
Government support for Industry Consortia and why it matters IIS/O5 hosted by DIACC, Ottawa November 2, 2016 Setting the scene Canada has competitive advantage in digital identity (but let s not talk about
More informationHigher Education PKI Initiatives
Higher Education PKI Initiatives (Scott Rea) Securing the ecampus - Hanover NH July 28, 2009 Overview What are the drivers for PKI in Higher Education? Stronger authentication to resources and services
More informationOIX OIDF IDESG WC3 OASIS CROWDED & NOISY LANDSCAPE. Kantara SGIP ISO EEMA ITU-T FIDO EEMA IETF. InCommon. Kerberos TSCP WEF EFF NSTIC TDL
OVERVIEW & UPDATE CROWDED & NOISY LANDSCAPE UMA FICAM WC3 TSCP SGIP OpenID Japan IDAP ABA Task Force on Identity GSMA Smart Card Alliance ISO BankID ITU-T EFF UPU IdentityNorth EEMA TERENA IDESG DIAC OIX
More informationA Market Solution to Online Identity Trust. Trust Frameworks 101: An Introduction
A Market Solution to Online Identity Trust Background OIX is an Internet scale solution to the problem of how identity credentials can be trusted online. Background "OIX is the organization where different
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationJuly 13, Via to RE: International Internet Policy Priorities [Docket No ]
July 13, 2018 Honorable David J. Redl Assistant Secretary for Communications and Information and Administrator, National Telecommunications and Information Administration U.S. Department of Commerce Washington,
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationDATA Act Information Model Schema (DAIMS) Architecture. U.S. Department of the Treasury
DATA Act Information Model Schema (DAIMS) Architecture U.S. Department of the Treasury September 22, 2017 Table of Contents 1. Introduction... 1 2. Conceptual Information Model... 2 3. Metadata... 4 4.
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationNIEM. National. Information. Exchange Model. NIEM and Information Exchanges. <Insert Picture Here> Deploy. Requirements. Model Data.
Deploy Requirements National Test NIEM Model Data Information Build Exchange Generate Dictionary Exchange Model XML Exchange Development NIEM and Information Exchanges Overview Public
More informationNational Strategy for Trusted Identities in Cyberspace: Identifying a Trusted Ecosystem
National Strategy for Trusted Identities in Cyberspace: Identifying a Trusted Ecosystem Mike Garcia Deputy Director, NSTIC National Program Office National Institute of Standards and Technology What s
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationState of the Industry and Councils Reports. Access Control Council
State of the Industry and Councils Reports Access Control Council Chairman: Lars R. Suneborn, Sr. Manager, Technical Marketing, Government ID, Oberthur Technologies Property of the Smart Card Alliance
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationDirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure
DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure Change Control Date Version Description of changes 15-December- 2016 1-December- 2016 17-March- 2016 4-February- 2016 3-February-
More informationRA21. Resource Access in the 21 st Century
RA21 Resource Access in the 21 st Century Ralph Youngen, Director, Publishing Systems Integration, American Chemical Society Vice chair, STM RA21 Taskforce 2 The Journey from Print to Digital Institution
More informationIdentity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition
Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition Sept. 8, 2008 Liberty Alliance 1 Welcome! Introduction of speakers Introduction of attendees Your organization
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationASEAN e-authentication Workshop Balwinder Sahota
ASEAN e-authentication Workshop Balwinder Sahota Agenda ASEAN Single Window (ASW) What is ATIGA Form D The information flow of ATIGA Form D and related documents Security Requirements Challenges in Implementation
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNo More Excuses: Feds Need to Lead with Strong Authentication!
No More Excuses: Feds Need to Lead with Strong Authentication! Dr. Sarbari Gupta sarbari@electrosoft-inc.com Annual NCAC Conference on Cybersecurity March 16, 2016 Electrosoft Services, Inc. 1893 Metro
More informationData Governance Strategy
Build to Share U.S. Federal Enterprise Architecture Data Reference Model (FEA DRM): Data Governance Strategy July 2007 Suzanne Acar, US DOI Co-Chair, Federal DAS Suzanne_acar@ios.doi.gov Adel Harris Citizant,
More informationIdentity Management (IdM) is a crosscutting focus area for DHS
DHS & Identity Management Anil John Telephone: (443) 778-0612 Email: anil.john@jhuapl.edu 1 Identity Management (IdM) is a crosscutting focus area for DHS Enabling Homeland Capabilities EHC #1: Cross-Agency
More informationFIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013
FIPS 201-2 and NIST Special Publications Update Smart Card Alliance Webinar November 6, 2013 Today s Webinar Topics & Speakers Introductions: Randy Vanderhoof, Executive Director, Smart Card Alliance FIPS
More informationSecuring Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS
Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS Introduction The expectations and requirements on government contracts for safety and security projects
More informationUniversal Trusted Service Provider Identity to Reduce Vulnerabilities
1.1 Session 3: Cyber-attacks: Are we ready for the battlefield of the 21st Century? 22 May 2008 Palais des Nations, Geneva Universal Trusted Service Provider Identity to Reduce Vulnerabilities Tony Rutkowski
More informationInteragency Advisory Board Meeting Agenda, August 25, 2009
Interagency Advisory Board Meeting Agenda, August 25, 2009 1. Opening Remarks 2. Policy, process, regulations, technology, and infrastructure to employ HSPD-12 in USDA (Owen Unangst, USDA) 3. Policy and
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationIncident Response Requirements and Process Clarification Comment Disposition and FAQ 11/27/2014
Incident Requirements and Process Clarification Disposition and FAQ 11/27/2014 Table of Contents 1. Incident Requirements and Process Clarification Disposition... 3 2. Incident Requirements and Process
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationDirect, DirectTrust, and FHIR: A Value Proposition
Direct, DirectTrust, and FHIR: A Value Proposition August 10, 2017 Authors: Grahame Grieve, HL7 Product Director for FHIR; David Kibbe, Luis Maas, Greg Meyer, and Bruce Schreiber, members of the DirectTrust
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LANL s Multi-Factor Authentication (MFA) Initiatives NLIT Summit 2018 Glen Lee Network and Infrastructure Engineering
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationDON XML Achieving Enterprise Interoperability
DON XML Achieving Enterprise Interoperability Overview of Policy, Governance, and Procedures for XML Development Michael Jacobs Office of the DON CIO Vision The Department of the Navy will fully exploit
More informationHITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013
HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013 The Smart Card Alliance hereby submits the following comments regarding the Health Information Technology Policy Committee
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationITU-T SG 17 Q10/17. Trust Elevation Frameworks
ITU-T SG 17 Q10/17 Trust Elevation Frameworks Abbie Barbir, Ph.D. ITU-T SG 17 Q10 Rapporteur Martin Euchner SG 17 Advisor ITU Workshop on "Future Trust and Knowledge Infrastructure July 1 2016 Contents
More informationHow does industry drive forward. SAFE-BioPharma Association
How does industry drive forward SAFE-BioPharma Association Topics! Topic C: Assurance levels, frameworks, interparty liability! Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. PKI,
More informationAn ARIN Update. Susan Hamlin Director of Communications and Member Services
An ARIN Update Susan Hamlin Director of Communications and Member Services ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationNCCoE TRUSTED CLOUD: A SECURE SOLUTION
SESSION ID: SPO1-W14 NCCoE TRUSTED CLOUD: A SECURE SOLUTION Donna Dodson Associate Director Chief Cyber Security Advisor of the Information Technology Laboratory, Chief Cybersecurity Advisor for the National
More informationBetter Mutual Authentication Project
Better Mutual Authentication Project Recommendations & Requirements for Improving Web Authentication for Retail Financial Services Presented to W3C Workshop on: Transparency & Usability of Web Authentication
More informationAssuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09
Assuring Identity The Identity Assurance Framework CTST Conference, New Orleans, May-09 Brett McDowell, Executive Director, Liberty Alliance email@brettmcdowell +1-413-652-1248 1 150+ Liberty Alliance
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationMemorandum of Agreement
Memorandum of Agreement I. Parties This agreement is entered into between the Disaster Management Electronic Government Initiative (DM Egov) in the Department of Homeland Security (DHS), and the Emergency
More informationInteragency Advisory Board Meeting Agenda, April 27, 2011
Interagency Advisory Board Meeting Agenda, April 27, 2011 1. Open Remarks (Mr. Tim Baldridge, IAB Chair) 2. FICAM Plan for FIPS 201-2 (Tim Baldridge, IAB Chair and Deb Gallagher, GSA) 3. NSTIC Cross-Sector
More informationDigital Identity Guidelines aka NIST SP March 1, 2017 Ken Klingenstein, Internet2
Digital Identity Guidelines aka NIST SP 800-63 March 1, 2017 Ken Klingenstein, Internet2 Topics 800-63 History and Current Revision process Caveats and Comments LOA Evolution Sections: 800-63A (Enrollment
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationIdentity Management as a Service
Identity Management as a Service The Challenge Today s technological landscape is one of permanent change. While connections to digital services and mobile devices grow, securing the data generated by
More informationThe Modeling and Simulation Catalog for Discovery, Knowledge, and Reuse
The Modeling and Simulation Catalog for Discovery, Knowledge, and Reuse Stephen Hunt OSD CAPE Joint Data Support (SAIC) Stephen.Hunt.ctr@osd.mil The DoD Office of Security Review has cleared this report
More informationStakeholder and community feedback. Trusted Digital Identity Framework
Stakeholder and community feedback Trusted Digital Identity Framework Digital Transformation Agency This work is copyright. Apart from any use as permitted under the Copyright Act 1968 and the rights explicitly
More informationData Governance. Mark Plessinger / Julie Evans December /7/2017
Data Governance Mark Plessinger / Julie Evans December 2017 12/7/2017 Agenda Introductions (15) Background (30) Definitions Fundamentals Roadmap (15) Break (15) Framework (60) Foundation Disciplines Engagements
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationWill Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?
Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions? Jack Radzikowski,, Northrop Grumman & FiXs Smart Card Alliance Annual Meeting La Jolla, California
More informationNational Cybersecurity Center of Excellence
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Briefing to ITEA Cyber Workshop 29 March 2017 STRATEGY VISION ADVANCE CYBERSECURITY
More informationConnecticut Department of Department of Administrative Services and the Broadband Technology Opportunity Program (BTOP) 8/20/2012 1
Connecticut Department of Department of Administrative Services and the Broadband Technology Opportunity Program (BTOP) 8/20/2012 1 Presentation Overview What is BTOP? Making BTOP work for our state What
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationFICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance A Smart Card Alliance Identity Council and Physical
More information