Presentation is loading. Please wait.

Presentation is loading. Please wait.

I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier.

Published byFrancine Houston Modified over 8 years ago

Similar presentations

Presentation on theme: "I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier."— Presentation transcript:

1 I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier Technologies, Inc.

2 Agenda Origins of the BBWG Purpose of the BBWG Bridge Certification Authority Participants Organization Participants Identification of Working Groups Areas of Investigation Decisions to Date Work Accomplishments to Date Future Plans

3 Origins of the BBWG Group started its foundation to identify issues as they pertain to and impact the Federal Bridge Certification Authority (FBCA) As issues were uncovered, it was noticed that the issues for the FBCA were not necessarily unique to the FBCA Group evolved to include representatives from four Bridge Certification Authority (BCA) environments and expanded to include international representation

4 Purpose of the BBWG To address the implications of Bridge-to- Bridge cross-certification in the collaborative cross-organizational space International focus PKI-centric BBWG will not delve into corporate business models and practices that may be considered proprietary.

5 Bridge Certification Authority (BCA) Participants Federal Bridge Certification Authority (FBCA - US Government agencies, state governments, foreign governments) Higher Education Certification Authority (HEBCA – US higher education community with plans to include research institutions and higher education facilities from the EU) Secure Access for Everyone (SAFE – Pharmaceutical community led by Johnson&Johnson) Certipath (Exostar, Arinc, SITA with additional representation from Boeing, Lockheed Martin, Northrup Grumman, EADS/Airbus, tScheme, TSCP, EDS/Rolls-Royce)

6 Organization Participants Arinc/Certipath Betrusted Boeing Corporation Dartmouth College Duke University Department of Defense EADS/Rolls-Royce EDUCAUSE Enspier Technologies Evincible/Certipath Exostar/Certipath General Services Administration IBM Johnson&Johnson Lockheed Martin National Institutes of Health National Institutes for Standards and Technology Northrop Grumman Orion Security tScheme UKCEB TF/TSCP

7 Identification of Working Groups Each issue will be addressed by members of the following BCA communities: Higher Education Bridge community SAFE (Pharmaceutical) bridge community FBCA and bridge government community (includes NIST and DOD) Commercial Aerospace (Certipath, Boeing, Lockheed Martin, Northrop Grumman)

8 Areas of Investigation (per the Charter) Institutionalization of standards and what would be the suitable body/ies to own and maintain them Role of governments in governance and management of the intra-bridge environment Stimulate the development of commercial products that are “bridge aware” Need for a governance structure between cross- certified BCAs and, if so, what should it be Legal implications and shaping a legal framework that satisfies trust requirements and meets business needs, including liability

9 Areas of Investigation (per the group) Policy Mapping to determine levels of assurance (LOA) Must have a common lexicon, terminology and documents mapping for the Charter and all the documents Compliance with open standards Audit standards for BCA operations and certifications needed for the Auditors Liability and legal issues BCA Operations

10 Policy Mapping Issue: Develop a mutually agreed-upon methodology for cross- certifying BCAs to allow them to interoperate Identify the framework of documents and requirements (similar to the CP/CPS RFC) that are needed by a Bridge entity to qualify for cross certification. For example the Bridge has to specify the Cross certification criterion and methodology document. What is this document supposed to contain (rationale-- not example)? What other documents does the Bridge Operator have to develop in addition to the standard CP/CPS. Is there a standard set? What about the charter and structure of the Bridge Operators – Policy Authority, Operational Authority – and organization of these organizations? Status: For the initial submission, this will be only identification of the issues. Subsequent submissions will identify the guidelines for BCA cross-certification and their implementation.

11 Common Lexicon and Terminology Issue: Need for a common criteria and a lexicon (Common language of business) for grammar, syntax, etc. Includes the definition and contents of documents as well. Includes liability Needs to map international terms, grammar, syntax, etc as well Status: Begin with the definitions used by the Electronic Authentication Partnership (EAP); These need to be expanded to include international community as well as specialty definitions for the communities of interest A first draft has been provided to a sub-group of the BBWG, which includes US standards, however international definitions need to be incorporated.

12 Compliance with Open Standards Issue: Standards for BCA must rely upon open standards and not proprietary standards Must include international standards Since PKI-centric in nature, standards should apply to PKI standards. However, other standards may be included (or created.) Status: Verify that the bridges are working with open standards. The framework should show how these standards fit together via a mapping between US standards and international standards as well as to perform a gap analysis on these standards. This activity is linked to technical working group. A first draft has been provided to a sub-group of the BBWG, which includes US standards, however, international standards need to be incorporated.

13 Audit Standards Issue: How do we know that a BCA is operating at a level that can be trusted? What are the audit standards for Bridge-to-Bridge? What is examined and to what degree of rigueur? What documents are needed to support the auditors and what does the auditor give to the BCA operations, e.g., certificate of approval? Status: Begin with the documents provided by tScheme. Include auditors from KPMG, Deloitte and Touche, Price Waterhouse Cooper, et al to define these standards Audit requirements from representative CPs as well as a representative matrix of CPS auditable items were sent to a sub- group to determine if these audit requirements for Bridge-to- Bridge interoperability and cross-certification were sufficient.

14 Liability and Legal Issues Issue: What are the liability and legal implications for: Operating a BCA? The contractual mechanism between BCAs? Indemnification? Limits on liability? Others? Status: The American Bar Association has been invited to provide guidance as well as documentation and white papers that they have already created. Once these documents are obtained, these need to be reviewed and comments provided from the BCAs. Additionally, international comments need to be obtained and considered. White paper is close and should be provided to the sub-group shortly.

15 BCA Operations Issue: Requirements of some of the BCA CPs have internal requirements in order to cross-certify with other BCAs, e.g., in order for the FBCA to cross-certify with other BCAs, the FBCA requires operators of those BCAs to be operated by citizens of the country in which that BCA is operated. Status: Drafts have been started to address requirements for BCA operators, including definitions of: Trustworthiness Loyalty Integrity

16 Decisions to Date Dependencies and assumptions of other groups to be addressed, e.g., requirements for identity proofing/vetting will not be addressed by this group. BBWG will only address policy as it pertains to PKI and Bridge-to- Bridge policy issues; other decisions made are: Business Drivers – for the BBWG the I-CIDM is the business driver for this group Identity Proofing and Vetting – These issues need to be addressed, but not by this group. We recommend that the I-CIDM create another working group to address these issues. CIDM Policy Development and Management – These decisions are outside of the scope of this group. Implementation Challenges – these are to be addressed by the Technical Working Group. First meeting for this group was on August 5, 2004. Roadmap - We will work in tandem with the Technical Working Group to identify the policy and technical requirements for vendor products to ensure interoperability Path Discovery – this will be addressed by the Technical Working Group Vendor Involvement – This will be primarily addressed by the Technical Working Group; however, BBWG will assist as needed

17 Future Monitoring and providing comments for a new FIPS as it pertains to requirements for physical and logical access to US Government facilities, systems, and applications. (In response to HSPD-12) Working with BBWG member organizations to provide a web-hosting facility for meeting notices, document library, work-in-progress, presentations, etc Draft documentation for all BBWG issues are due at the end of the January, 2005

18 Questions? Judith Spencer, Chair of the Federal Credentialing Committee (FICC) and FBCA judith.spencer@gsa.gov Office: 202-208-6576 Debb Blanchard, Chair of the BBWG dblanchard@enspier.com Office: 410-871-0836

Download ppt "I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier."

Similar presentations

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Federal PKI Architecture Update

Federal PKI Architecture Update
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.

Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.

Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft 0.010 David L.

David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft David L.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.

Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.

1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.

Similar presentations

Ads by Google