Presentation is loading. Please wait.

Presentation is loading. Please wait.

TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

Similar presentations


Presentation on theme: "TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1."— Presentation transcript:

1 TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1

2 A trust framework is developed by a community whose members have similar goals and perspectives It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. Different trust frameworks can exist within the Identity Ecosystem, and sets of participants can tailor trust frameworks to meet their particular needs. An accreditation authority (aka “Certification Provider”) assesses and validates identity providers, attribute providers, relying parties, and identity media, ensuring that they all adhere to an agreed-upon trust framework. Accreditation authorities can issue trustmarks to the participants that they validate. A trustmark is used to indicate that a product or service provider has met the requirements of the Identity Ecosystem, as determined by an accreditation authority. Existing private-sector organizations already serve in this role in some sectors and can participate in the Identity Ecosystem if they so choose. A public-private steering group (i.e., the IDESG) will ensure that accreditation authorities maintain the minimum requirements of the Identity Ecosystem Framework when they issue trustmarks IDESG TFTM Committee2 What the NSTIC says

3 Trust Framework - Developed by a community whose members have similar goals and perspectives. It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. (Source: NSTIC) Trust Framework Provider - An organization that defines or adopts a trust framework and then, certifies participants that are in compliance with the requirements of that framework. (Source: FICAM TFPAP-slightly modified for context) Accreditation Body (AKA “Accreditation Authority”) – An organization that evaluates, approves and provides formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework Accreditation - The processes for the evaluation, approval and formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework. (Source: Kantara-slightly modified for context) IDESG TFTM Committee3 Key terms for this discussion

4 Certification- The processes of assessing, validating, and determining that a product or service provider meets the defined requirements of a specific trust framework. (Source: FICAM TFPAP-slightly modified for context) Trustmark - A visual symbol and/or digital certificate that is used to indicate that a product or service provider has been certified to meet the requirements of a specific trust framework. (Source: NSTIC- Slightly modified) Trust List - A list of participants who have been determined to meet the requirements of a trust framework and are authorized to operate within that trust framework. Trust lists can be a simple visual representation or be integrated into the electronic interactions of a trust framework. (Source: Modified from NSTIC Trustmark definition) IDESG TFTM Committee4 Key terms for this discussion

5 IDESG TFTM Committee5 IDM Accreditation and Certification Services Accreditation Bodies Certification Provider Approved Service Provider Approved Service Provider Approved Service Provider Evaluate, approve and formally recognize that entities that are capable of carrying out certification activities for a specific trust framework. Assess, validate, and determine that products or service providers meet the defined requirements of a specific trust framework. Apply for and are validated to meet defined Trust Framework requirements.

6 IDESG TFTM Committee6 Examples of IDM Accreditation and Certification Services Today Accreditation Bodies Certification Entity Approved Service Provider (IDP/CSP) Approved Service Provider (IDP/CSP) Approved Service Provider (IDP/CSP) Ex., FICAM TFS (LOA 1,2 non-PKI 3), Kantara (assessors), SAFE Bridge, Certipath Bridge Ex., FICAM (PKI, PIV)—FBCA?–, Kantara (IDP/CSP SP), OIX, InCommon, Certipath Ex., Verizon, Symnatec/Norton, Experion, MITR, Entrust, ORC, Verizon, Digicert, Google, PayPal,

7 Explains the administrative, operational, and legal responsibilities for: Accreditation Bodies Certification Providers Issuers of trustmarks and trust lists Makes recommendation for IDESG trustmark approach for accreditation, certification, and trustmark services for the Interim IE IDESG TFTM Committee7 Trust Mark Approach Paper(s)

8 Risk based assurance model (I.E. LOA Framework) for Interim IE. IE Framework requirements for Interim IE (TFTM , NSTIC/IDESG Interim Requirements Catalog). Usability/user experience GP component for Interim TM approach. Certification approach to service providers other than IDP/CSPs IDESG TFTM Committee8 Key issues to address


Download ppt "TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1."

Similar presentations


Ads by Google