Liberty Alliance Workshop: Identity Assurance Overview - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Liberty Alliance Workshop: Identity Assurance Overview

Description:

CSPs are certified by Federation Operators to a specific Level(s) ... Enables Federation operators to certify members against common industry framework ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 16
Provided by: andrews74
Category:

less

Transcript and Presenter's Notes

Title: Liberty Alliance Workshop: Identity Assurance Overview


1
Liberty Alliance WorkshopIdentity Assurance
Overview
  • March 10th, 2008
  • Santa Clara, CA

2
Identity Assurance Expert Group (IAEG)
  • Identity Assurance Expert Group (IAEG) designed
    to foster adoption of identity assurance services
    formed in August, 07
  • Initial contributions from EAP and U.S.
    E-Authentication Federation
  • Objective is to create a framework of baseline
    policies, business rules and commercial terms
    against which identity assurance services can be
    assessed and certified - Identity Assurance
    Framework (IAF)
  • Goal is to facilitate trusted identity federation
    to promote uniformity and interoperability
    amongst identity service providers
  • Desired result is operational streamlining of
    identity service provider certification/accreditat
    ion processes for entire industry

3
IAEG Charter
  • Develop a global standard framework (Identity
    Assurance Framework) and necessary support
    programs for validating trusted identity
    assurance service providers in a way that scales,
    empowers business processes and benefits
    individual users of identity assurance services
  • Move beyond pure policy development and into
    development of actionable and measurable programs
    (starting with a certification model) including
    certification education, industry marketing and
    broad market promotion
  • Provide public and private sector organizations
    with a uniform means of relying on digital
    credentials issued by a variety of identity
    assurance providers in order to advance trusted
    identity federation and thereby facilitate public
    access to online services and information

4
IAEG Benefits
  • Help shape identity assurance policy for both the
    public and private sectors
  • Better understand the needs of online users of
    members services
  • Expand markets by promoting wider use of identity
    credentials
  • Stay abreast of government policy worldwide that
    will have an impact on identity assurance
  • Discuss the latest technology, standards, and
    solutions in the e-authentication and identity
    assurance industry with your peers
  • Get to know public and private sector leaders in
    e-authentication
  • Identify opportunities to save time and resources
    in implementing identity federations
  • Vote on all aspects of the Identity Assurance
    Framework as it evolves within IAEG
  • Avoid re-inventing the wheel or needlessly
    duplicating effort by identifying best practices
    across multiple industry sectors in this globally
    diverse working group

5
Liberty Identity Assurance Framework (IAF)
  • Harmonized, best-of-breed industry identity
    assurance standard that is technology agnostic
  • Framework supporting mutual acceptance,
    validation and lifecycle maintenance across
    identity federation
  • Document publicly available
  • Framework consists of

Assurance Levels
P
Service Assessment Criteria
P
Certification / Accreditation Model
P
Business Rules
P
6
IAF Assurance Levels
  • Policy Overview
  • Level of trust associated with a credential
    measured by the strength and rigor of the
    identity-proofing process the inherent strength
    of the credential and the policy and practice
    statements employed by the Credential Service
    Provider (CSP)
  • Four Primary Levels of Assurance
  • Level 1 little or no confidence in asserted
    identitys validity
  • Level 2 Some confidence
  • Level 3 High level of confidence
  • Level 4 Very high level of confidence
  • Use of Assurance Level is determined by level of
    authentication necessary to mitigate risk in the
    transaction, as determined by the Relying Party
  • CSPs are certified by Federation Operators to a
    specific Level(s)

7
IAF Assurance Levels in Detail
  • Assurance level criteria as posited by the OMB
    M-04-04 and NIST Special Publication 800-63
  • Level 1 (e.g. registration to a news website)
  • Satisfied by a wide range of technologies,
    including PINs
  • Does not require use of cryptographic methods
  • Level 2 (e.g. change of address by beneficiary)
  • Single-factor remote network authentication
  • Claimant must prove control of token through
    secure authentication protocol
  • Level 3 (e.g. online access to a brokerage
    account)
  • Multi-factor remote network authentication
  • Authentication by keys through cryptographic
    protocol
  • Tokens can be soft, hard or one-time
    password
  • Level 4 (e.g. dispensation of controlled drugs)
  • Multi-factor remote authentication through hard
    tokens
  • Transactions are cryptographically authenticated
    using keys bound to the authentication process

8
IAF Service Assessment Criteria (SAC)
  • Common Organization SAC - The general business
    and organizational conformity of services and
    their providers
  • Enterprise maturity Information Security Mgmt
    Operational Infrastructure, etc.
  • Identity Proofing SAC - The functional conformity
    of identity proofing services
  • Identity verification Verification records
  • Credential Management SAC - The functional
    conformity of credential management services and
    their providers
  • Operating environment Issuance Revocation
    Status Mgmt Validation/Authentication
  • Credential Assessment Profilesdescriptions and
    criteria defined for Maturity of Operations,
    Business Continuity Planning, Information
    Security policies and practices, etc

9
IAF Certification/Accreditation Model
  • Program for assessors to become accredited
  • Provide candidate CSPs with guidelines for
    certifying against IAF
  • Enables Federation operators to certify members
    against common industry framework
  • Liberty Alliance to provide governance over
    accreditation process
  • Phase one certification process for CPSs defined
    in Framework

10
IAF Business Rules
  • Focused on the use of credentials for
    authentication, initially targeting CSPs
  • Liberty Alliance (LAP) provides accreditation of
    assessors who will perform certification
    assessment
  • Federation Operators will require LAP-accredited
    assessments
  • Provides guidelines for how all involved parties
    (relying parties, CSPs and Federation Operators)
    may work together
  • LAP will maintain the Identity Assurance
    Framework and provide a current list of
    accredited assessors

11
Reference Documents
  • EAP Trust Framework http//eap.projectliberty.org
    /docs/Trust_Framework_010605_final.pdf
  • OMB e-Authentication Guidance (OMB M-04-04)
    http//www.whitehouse.gov/omb/memoranda/fy04/m04-0
    4.pdf
  • NIST Special Publication 800-63 Version 1.0.1
    NIST Special Publication 800-63 Version 1.0.1
    http//csrc.nist.gov/publications/nistpubs/800-63/
    SP800-63V1_0_2.pdf
  • Authentication Service Component Interface
    Specifications http//www.cio.gov/eauthentication
    /documents/TechApproach.pdf
  • GSA Credential Assessment Framework, Password
    CAP, Certificate CAP and Entropy Spreadsheet
    http//www.cio.gov/eauthentication/documents/Passw
    ordCAP.pdf
  • Tscheme
  • http//www.tscheme.org/profiles/index.html
  • TSCP
  • http//tscp.org/about.htm

12
Roadmap
  • Finalize Phase One of Certification Program for
    CSPs, introduced in Framework
  • Launch Accreditation Program to accompany the
    Certification Program
  • Scope and define Phases 2 and 3 for Relying
    Parties and Federation Operators
  • Refine Service Assessment Criteria (SAC)
    introduced in IAF document
  • SAC Development
  • Process for reviewing and approving new criteria
    to keep up with technological advances
  • SAC Requirements Matrix
  • SAC Maintenance
  • Process by which IAEG maintains the currency of
    criteria

13
IAEG 2007 Accomplishments
  • Launched IAEG with kickoff meeting in August 2007
  • Transferred EAP IP to Liberty Alliance
  • Published first draft of Identity Assurance
    Framework
  • Completed incredibly successful Analyst briefing
    program
  • Unofficial debut/public launch of IAEG and IAF at
    well-attended Gartner IAM Forum in November
  • IAEG and IAF Webcast event in late November
  • Formulated plan to launch IA SIG in January 08
  • Drafting Assessor Accreditation program
  • Presented IAF at Financial Services Technology
    Council (FSTC) event in December

14
IAF Webcast Review Sessions
  • Session 1 Common Organization SAC - The general
    business and organizational conformity of
    services and their providers - February 20th
  • Session 2 Credential Management SAC - The
    functional conformity of credential management
    services and their providers March 5
  • Session 3 Identity Proofing SAC - The
    functional conformity of identity proofing
    services March 12th
  • Session 4 Certification Accreditation
    Business Rules for participating CSPs,
    Assessors, Federation Operators and Relying
    Parties March 26th

15
Questions
Write a Comment
User Comments (0)
About PowerShow.com