Presentation is loading. Please wait.

Presentation is loading. Please wait.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Published byJanelle Crafford Modified over 9 years ago

Similar presentations

Presentation on theme: "Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority."— Presentation transcript:

1 Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority

2 2 Agenda Definitions Federal PKI LOA and Federal PKI Policies Mapping LOA in a Bridged Environment EAuthentication LOA and a word about technologies Relationship Between FPKI LOA and EAuthentication LOA A footnote on the E-Authentication Partnership LOA

3 3 Definition Levels of Assurance of identity (LOA): the extent to which an electronic identity credential may be trusted to actually represent that the individual named in the credential is the same person engaging in the electronic transaction with the application, service or relying party. Based upon two categories: trustworthiness of identity proofing process and trustworthiness of credential management function (includes technology and implementation/management).

4 4 Federal PKI Federal Bridge CA Common Policy Framework CA Citizen and Commerce Class Certificate (C4) CA EAuthentication 1 & 2 CA

5 5 Federal PKI LOA: FBCA Five LOA 1.Rudimentary 2.Basic 3.Medium 4.Medium Hardware 5.High Seven Policies 1.Rudimentary 2.Basic 3.Medium 4.Medium-cbp 5.Medium Hardware 6.Medium Hardware- cbp 7.High

6 6 Federal PKI LOA: Common Policy Framework Federal PKI LOA: Common Policy Framework Three LOA 1.Medium 2.Medium Hardware (implied) 3.High (pending) For Federal Agency Use Only After 10/2006, Medium goes away, leaving two LOA in the Common Policy Framework CP Cross-certified with FBCA at Medium, Medium Hardware (in process) and High (pending)

7 7 FPKI LOA: C4 Citizen and Commerce Class Certificate Does not map to any other LOA scheme in Federal PKI Maps to EAuthentication Level 2 or 1, depending on identity proofing process Temporary – 6 months or Permanent

8 8 FPKI LOA: EAuthentication 1 and 2 Issues TLS certificates to Credential Service Provider servers issuing EAuthentication Levels 1 and 2 electronic identity credentials Purpose is for mutual authentication of TLS session between agency application or EAuthentication service and Credential Service Provider to validate credentials presented during egov transactions No mapping to FBCA

9 9 FPKI LOA: Policy Issues Non-government PKIs may operate at High Assurance but FPKI will not cross-certify any non-government PKI higher than Medium Hardware/Medium Hardware-cbp –Requirement imposed to satisfy international trade policy exclusions FPKI considers Medium and Medium-cbp equivalent FPKI considers Medium Hardware and Medium Hardware-cbp equivalent

10 10 EAuthentication LOA From OMB M-04-04 Four Levels –Levels 1 and 2 are assertion-based, e.g., userid/password, etc. but may include crypto- based credentials depending on identity proofing and security implementations –Levels 3 and 4 are crypto-based, e.g., PKI, distinguished by identity proofing and security implementations.

11 11 LOA Mapping: E-Auth to Fed PKI E-Auth Level 1 E-Auth Level 2 E-Auth Level 3 E-Auth Level 4 FPKI Rudimentary; C4 FPKI Medium/HW & Medium/HW-cbp FPKI Basic FPKI Medium & Medium-cbp FPKI High (government only)

12 12 E-Authentication Partnership LOA Proposed for commercial implementations operating under proposed EAP rules (pending) Mirror US Federal EAuthentication LOA –Level 1 / Minimal Assurance –Level 2 / Moderate Assurance –Level 3 / Substantial Assurance –Level 4 / High Assurance

13 13 Questions? Discussion? altermap@mail.nih.gov www.cio.gov/fpkipa www.cio.gov/eauthentication

Download ppt "Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum

Program Managers Forum
Federal PKI Architecture Update

Federal PKI Architecture Update
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Similar presentations

Ads by Google