James Lewis

1
Overview of The Electronic Authentication Partners
hip Its Mission and Objectives

• James Lewis
• The Center for Strategic and International
  Studies
• EAP Chair

2
Electronic Authentication PartnershipMission
Statement

• We Propose to
• Create a voluntary partnership
• Promote trust and Interoperability
• Develop an evaluation process
• Build on what exists
• Work cooperatively with other nations identity
  systems

• Goal
• Reliable Identity Management
• Convenience
• Ease of use

3
TasksThe EAP Will Develop

• Operating Rules Addressing
• Business requirements and processes
• Standards for Credentials
• Hierarchical assurance levels
• Criteria for evaluating credentials at each
  assurance level
• Take the place of bilateral agreements
• Evaluation, accreditation and compliance with
  credentialing process
• Accreditation List

4
EAP Framework Benefits

• Focuses on traditional problem areas for
  federated authentication.
• Complements existing initiatives.
• Provides a framework that will
• Enhance the utility and portability of
  credentials across circles of trust.
• Expand markets by promoting wider use of
  credentials.
• Help authentication initiatives validate their
  approaches to credentialing.

5
EAP Framework
Common business rules
Accreditation process for credentials providers
Credential requirements
List of trusted credential providers with
EAP brand
Authentication Risk and Assurance Levels
Governance Structure A public/private governance
structure to establish and maintain a federated
identity management framework
6
EAP Framework Development Approach
7
Background

• Spring 2003 White Papers by CSIS and Johns
  Hopkins
• June through December 2003 - Four CSIS Work Group
  Meetings
• December 11, 2003 - Public Forum to Announce EAP
• 2004 Six Meetings So Far
• Active Workgroups

8
Workgroups

• Business Requirements and Processes
• Linda Elliot, PingID Network, Chair
• Thomas J. Greco, Betrusted, Vice Chair
• Credential Services Assessment Criteria and
  Levels of Assurance
• R.J. Schlecht, Mortgage Bankers Association of
  America, Chair
• Von Harrison, GSA, Vice Chair

9
Workgroups

• Evaluation, Accreditation and Compliance
• Cornelia Chebinou, National Association of State
  Auditors, Comptrollers and Treasurers, Chair
• EAP Governance
• Paula Arcioni, New Jersey, Chair
• Roger Cochetti, CompTIA, Vice Chair

10
Workgroup on Business Requirements and Processes

• Base Rules and Modular Rules
• Base Rules
• General Rights and Obligations
• Credential Service Providers
• Relying Parties
• Assessor Participation
• Agreements Process to Bind Participants to
  Business Rules
• Privacy and Fair Information Practices
• Interoperability
• Enforcement and Recourse, including fines
• Dispute Resolution

11
Workgroup on Business Requirements and Processes

• Modular Rules
• Privacy and Fair Information Practices
• Legal Requirements
• Risk, Liability and Indemnification
• Dispute Resolution
• Price Disclosure
• Billing Provisions
• Approval Process for Modular Rules

12
Workgroup on Services Assessment Criteria and
Levels of Assurance

• Levels of Assurance
• Service Assessment Criteria (SAC) for Use by
  Assessors
• Common Organizational SAC
• Identity Proofing SAC
• Credential Management SAC

13
Workgroup on Evaluation, Accreditation and
Compliance

• Accreditation, Assessment and Certification
• Accreditation of Assessors
• Certification of Credential Service Provider
  Offerings
• Process for Handling Non-Compliance
• Acceptable Public Statements Regarding EAP
  Accreditation and Certification

14
Workgroup on EAP Governance

• Developed Charter Approved September 2, 2004
• Developing EAP Budget

15
Time Frames

• Remainder of 2004
• Election of Board and Officers
• Adoption of First Set of Operating Rules
• 2005 Earlier Entry Phase
• Revise Rules Based on Experience
• 2006 Production Phase - Begin Full Scale
  Implementation

16
EAP Information

• Next Meeting November 17 in DC
• Come Join Us!
• To Register lhumphries_at_nacha.org
• Web Site www.eapartnership.org

17
Questions?