Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Slides:

Advertisements

Similar presentations

Building effective networks. In this session Consider the value of building networks with NGOs and other stakeholders. Learn how to develop effective.

Advertisements

1 Service Providers Capacity Assessment Framework Presentation to the Service Delivery Advisory Group August 28, 2008.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

Functional component terminology - thoughts C. Tilton.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.

Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/

Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.

Chesapeake Bay Program Goal Development, Governance, and Alignment Carin Bisland, GIT6 Vice Chair.

Professional Development in INTOSAI – a whitepaper Jan van Schalkwyk (SAI SA) INTOSAI Capacity Building Committee - Meeting in Lima, Peru 9-11 September.

TFTM Deliverable Trustmark and Conformance Program Discussion Deck TFTM Committee May 07, IDESG TFTM Committee1.

Priority Project Update PSSD-CIO Joint Council Meeting Lac Carling, May 28, 2003 Service Delivery to Business and Mapping.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.

Functional Model Workstream 1: Functional Element Development.

NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.

Identifying the Baseline IDESG Security Committee Discussion 10/23/

TFTM Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.

Striving for Quality Using continuous improvement strategies to increase program quality, implementation fidelity and durability Steve Goodman Director.

MISMO Business and Standards Round-up Fall 2013 Educational Summit & Workshops MISMO Business and Standards Round-up Presenters: Kyle Bensen, MGIC, Chair.

An Introduction to ORCID

Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.

InCommon Assurance Discussion on NSTIC Acitivities Jack Suess April 10, IDESG TFTM Committee1.

Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state November.

TFTM Deliverable Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, IDESG TFTM Committee1.

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Identity Ecosystem Framework and Charter Gap Analysis.

IDESG Security Committee Charter Update. Objectives The Security Committee is responsible for defining a Security Model for the Identity Ecosystem Framework.

MC Sub-Committee for Workplanning: Recommendations Report Chair/presenter: Paul Laurent.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 18,

Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.

GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.

1 Microsoft Project Solution Offerings and the next chapter of EPM September 17th, 2003 Brendan Giles, PMP Systemgroup Management Services.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

Seeking SC Feedback on Draft Technology Strategy and Roadmap for EarthCube Draft of 3 November 2015 The Technology and Architecture Committee (TAC) Chairs:

Scalable Trust Community Framework STCF (01/07/2013)

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Innovative and effective approaches to climate change: Experiences from the Global Climate Change Alliance Brussels 12 th -14 th September 2012 Thematic.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.

Kantara Initiative Privacy Framework Overview and Value Proposition 13 May 2011.

Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Subtitle Title Date Cris Ross, co-chair Anita Somplasky, co-chair January 8, 2016 Certified Technology Comparison (CTC) Task Force.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

GEO Implementation Mechanisms Giovanni Rum, GEO Secretariat GEO Work Programme Symposium Geneva, 2-4 May 2016.

Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

Professional Growth and Effectiveness System Update Kentucky Board of Education August 8,

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Update from the Faster Payments Task Force

Higher Education’s Role in the Identity Ecosystem

InCommon Steward Program: Community Review

Summit 2017 Breakout Group 2: Data Management (DM)

Baseline Expectations for Trust in Federation

Presentation transcript:

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia

Overview There is no single “right” solution -- all involve tradeoffs between growth and risk. We need to have a conversation across committees and plenary on growth vs risk and what community is comfortable with. Value proposition and creating positive feedback loops are key to long-term sustainability. IDESG contains many stakeholder groups, we need to be flexible and assume some stakeholder groups will need to move more quickly than others.

Framework Planning Goals 1.Do no harm. Make certain that we are helping to advance better practices in security, privacy, usability, and interoperability. 2.Component trustmarks as defined by GTRI can be beneficial is assessing interoperability of requirements. 3.Build off the existing work that has been done in the Identity space in the US and around the world. 4.Use an iterative design that allows the IDESG to deploy, learn, and update our approach. 5.Provide value in proportion to effort for those participating.

Do No Harm We do not want to offer over-blown assertions of trustworthiness if those claims cannot be backed up. Self-attestation can be used to get the program off the ground but won’t be sufficient longterm. We want to find ways that incentivize parties in the ID ecosystem to go beyond the minimum required and get credit for all they do. Scaling something to be as big as the IDecosystem is a large undertaking, we need to build our capacity as an organization. Perfect is the enemy of the good. We can improve the Identity space with some quick actions today and learn what works.

Trustmarks The GTRI pilot is demonstrating the benefit of componentized trustmarks with well-defined definitions. This granular approach allows for quick comparison of the trustmarks available across a variety of standards. Through this model, stakeholders can quickly get credit for what they do already and see what they are missing to reach a particular trustmark profile used by a community. We should be wait to validate the use of full electronic trustmarks before adopting them in the IDESG. Creation of a trustmark registry or catalog that is ties trustmarks to requirements would be very valuable.

Building – Electronic Trustmarks(2) A key point in the use of electronic trustmarks is that these need to be usable without underlying modification of existing software. This can be done today through registries. Long-term we envision that some communities of interest will require that to operate in that community the entities participating as IDP and SP will require electronic trustmarks be integrated.

Build on Existing Work. IDES G Attribute Providers IDP/CSP Audit/ Assessors & 3 rd Party Service Providers ID Ecosystem Exists Today We must leverage all the strengths and capabilities of the current members of IDESG to make this work. Utilize what has been learned in the pilots to shape the path towards the future. Leverage others to help in the scaling that must occur to get the benefits we want.

Building – Leveraging Trust Framework Providers IDP/CSP – Bringing organizations to the IDESG that have been known to be good actors internationally. –Leverage existing national and international programs in the Identity and Credential Access Management (ICAM) space. –Incent current members of IDESG that are Trust Framework Providers to participate. We recommend an approval process be setup to review TFPs and their members early on. –Incent the NSTIC pilots to participate early in this.

TFP Questions Do we allow TFPs to participate before we have IDESG baseline requirements established. – If not, are we at risk of letting in TFPs that won’t stay in IDESG. What incentives exist for TFPs to join? – Allow TFPs to propose accreditation standards they use for trustmark analysis. Should members of TFPs be allowed to join? – Committee discussed this and felt this was important to get the IDESG off the ground and was a benefit for TFPs to participate early. Want to hear from plenary & committees on this.

Building – Service Providers and Relying Parties How do we incent SP’s to join? –Work through the Trusted Framework Providers that are members to bring in their SPs –Leverage our existing pilots that are SPs to join. –Identify organizations that can be strategic partners and work with them. –Develop a lightweight program for SPs to join a registry. Questions exist on what level of requirements to have SP’s self-attest too?

Use a Staged Approach The Framework planning subcommittee is proposing staged approach. We want to see the IDESG work on four concurrent but related efforts that would be phased in over time. By using a staged approach we want to quickly get a proof of concept working and get data back so we may adjust our approach as we learn from those participating. Similarly the Identity ecosystem will continue to undergo change that might require changes to our plans – such as speeding up some stages.

Requirements Definition IDESG requirements definition is key. – Standards adopts proposed standards for use. – Security, Usability, Privacy define requirements. – TFTM adopts trustmarks based on requirements to be added to registry and defines self-attestation and 3rd party procedures. Framework committee proposed up to four possible phases be considered by plenary and committes. – Transparency - Immediate. Organization disclosure. – Baseline - minimum requirements – Full - complete NSTIC requirements. – Ongoing - New and Community specific

Phased Design

High Level Plan Note: - Stages 1, 2, 3 transform into normal program operations after their intensive startup-focused timeframe is done. - “Registry Level 3” is the desired mode of operations

Stage 0 – Bootstrap IDESG Program Leverage pilots and IDESG members to quickly build out processes around on- boarding entities and preparing them for future stages. Work with GTRI and committees to develop trustmark component definitions that will enable our work in future stages. SPs & TFPs would propose “standards” for consideration by Standards committee. Should run from fall 2014 through summer 2015.

Stage 1 – Focus on CSP/IDP Tap into trust communities that already exist. Work closely with existing TFPs and Federation operators to develop procedures for on-boarding. Trustmarks registry would be available and recommended for use. This effort would run for 18 months and overlap stage 0. Timeframe would be January 2015-June 2016

Stage 2 – External Certification of ___ IDESG Requirements How do we acknowledge work done through auditors and 3rd-party accreditors today for certification? Trustmark profiles could contain a mix of certified and self-attested trustmarks. IDESG requirements would be in place. Allow communities of interest to identify and define bodies that certify and accredit against open standards and criteria. Begin testing Electronic trustmarks in some communities of interest. Timeframe would start in summer 2015 and continue forward.

Stage 3 – Community Specific Trustmarks Work closely with stakeholder communities to identify specific needs not addressed through existing trustmarks to define community specific trustmarks. Work with communities of interest to identify and define bodies that certify and accredit against open standards and criteria. Electronic trustmarks are required. Definition of community specific trustmarks being in summer Requirements for using electronic trustmarks begin in early 2017