Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor.

Published byAlaina Baily Modified over 9 years ago

Similar presentations

Presentation on theme: "Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor."— Presentation transcript:

1 Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor

2 Existing Challenges 2 Well-rounded pilots hitting diverse user set FCCX Goes Live Market Discovery Attribute Providers Internet of Things Consumer-Centric Deployment Costs Standards Gaps Embedded Privacy Identification of policy and technical overlays NSTIC Launch IDE Sustaining 2012201320142015 Envision It!? True Interoperability RP Integration + Cost Public and Private Sectors Liability Attributes

3 Envision It (soon we hope)! 3 But we have partially realized so many - http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf

4 But We Are Getting Closer 4

5 NIST Coverage of Identity Services 5 Key No coverage Partial coverage, to include other D/A documentation Full coverage Needs refreshing

6 Where We Will Focus in FY14/15 6 Codify privacy enhancing profiles Enhance/Establish ‘standard’ to establish confidence, trustworthiness, and privacy preservation (zero knowledge, derived, minimal disclosure) Address portability of preferred credentials and relying party accounts BYOI Revisit and retool existing standards to address current market state and flex to innovation Develop new standards that increase IE participation Increase participation in commercial open standards Mobility, Cloud, Shared Services Simplify, accelerate, and reduce the cost of ICAM implementations Focus beyond the PIV Establish RP toolkits Identify and foster innovation from untapped sources IOT Identity Non-intrusive security model Continuous monitoring and assessment

7 Assurance – What Would You Think If? 7 Componentized Trust and Assurance Elements and Supported Assembly of ‘Vectors of Trust’ NIST just measured authentication performance/strength/usability? Got rid of LOA? What else could we do to turn these docs on their head to enhance the IE? Developed a private sector companion to 800-63?

8 Vectors of Trust – Discussion Example 8 Identity Proofing [IP] Assertion Presentation [AP] Credential Strength [CS] Binding [B] IP[ ] CS[ ] AP[ ] B[ ] Provider 1 CS[ ] AP[ ] B[ ] Provider 2 IP[ ] Provider 3 Relying Party Risk Tolerance Individual Choice DISCUSSION ONLY – CONCEPTUAL FOR ILLUSTRATION AND PROVOCATION PURPOSES New Standard? Market/Trust Framework Driven Levels Provider Supported Components and Levels

9 Other Components? 9 Reputation of subject Reputation of IdP Additional external claims (presumably signed by third party) Heuristic Compensating Controls Endpoint Security Trusted Identities Organizatio n Maturity Business Process LegalOther Liability Contractual strength Account recovery Credential revocation Incident response OpSec

10 Do Nothing Address Root Causes Let RP’s Decide Attributes – What Should Happen? 10 Meta-AttributeConfidence/TruthinessLiabilitySecurity and PrivacyGovernanceExchange Informs Dependent Standards Performance Metrics Risk Tolerance Market Attribute Registries Include attributes in next ‘800-63’

11 Privacy By Design 11 12345 ABCDDDEE User Record CSP Agency 1 AADDFEE Agency 2 ABCDE AADDFEE  Designed specifically to ensure that privacy requirements of anonymity, unlinkability and unobservability are built in from the start  In simple terms, this means that private organizations that issue citizens credentials – and the agencies that accept them – will have no way to track where citizens use them. 12345 ABCDDDEE But…  Attributes flow freely through FCCX  If they didn’t, RP’s would get them on their own (inconsistently)  “Let the RP Figure It Out” is the wrong answer!

12 So...We Need A Privacy Profile 12 Broker Authentication Request Response + Encrypted Attributes Double Blind Architecture User Consent Response + Encrypted Attributes 1 CSP/AP can’t know the RP 2 Broker can’t see the attributes 3 Standard and Protocol Agnostic 4 RP can’t know CSP 5 Minimal Changes to Infrastructure (but we may soften this requirement)

13 In Summary 13 Rebooting and Reinvigorating Our Commitment to Identity and Access Management We Are Not Special We Need to Adopt Private Sector Identity Innovation We All Need to Stop Talking Amongst Ourselves RP’s and Users Rule Be On The Lookout For Upcoming Public/Private Engagement Opportunities

14 Contact Information 14 United States Department of Commerce National Institute of Standards and Technology Paul Grassi, CISSP Senior Standards and Technology Advisor, NSTIC Information Technology Laboratory 1401 Constitution Ave. NW, Rm. 2069 Washington, DC 20230 W: 202.482.8349 M: 703.786.8275 Email: paul.grassi@nist.gov

Download ppt "Transport and Security Standards Work Group New Directions In Identity Paul Grassi Senior Standards and Technology Advisor."

Similar presentations

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
Canada-EU Future Internet Workshop Waterloo, Canada March 24th, 2011 Ignacio M. Llorente DSA-Research.org Distributed Systems Architecture Research Group.

Canada-EU Future Internet Workshop Waterloo, Canada March 24th, 2011 Ignacio M. Llorente DSA-Research.org Distributed Systems Architecture Research Group.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Digital ID and Authentication as a Platform Peter Watkins.

Digital ID and Authentication as a Platform Peter Watkins.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.

Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
Componentization of FICAM TFS into Trustmarks Sample FICAM Trustmark Definition Overview of Trustmark Issuance and Binding Agenda.

Componentization of FICAM TFS into Trustmarks Sample FICAM Trustmark Definition Overview of Trustmark Issuance and Binding Agenda.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.

Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.

Similar presentations

Ads by Google