Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Slides:



Advertisements
Similar presentations
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Advertisements

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Going for the Silver Winter 2010 CSG January 13, 2010.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Mary Dunker Common Solutions Group January 12, 2010.
InCommon and Federated Identity Management 1
Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.
Winter 2011 CSG Workshop: InCommon Silver January 12, 2011.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.
Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
The InCommon Federation The U.S. Access and Identity Management Federation
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.
A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
The InCommon Federation The U.S. Access and Identity Management Federation
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Winter 2011 CSG Workshop: InCommon Silver Campus Panel: University of Iowa January 12, 2011.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
LoA In Electronic Identity Jasig Dallas Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Tom Barton, Senior Director for Integration, University of Chicago
Preparing For An InCommon Silver Audit – Lessons From the First Phase
InCommon Participant Operating Practices: Friend or Foe?
John O’Keefe Director of Academic Technology & Network Services
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Federal Requirements for Credential Assessments
PASSHE InCommon & Federated Identity Workshop
Supporting communities with harmonized policy
InCommon Participant Operating Practices: Friend or Foe?
Federated Incident Response
Appropriate Access InCommon Identity Assurance Profiles
Presentation transcript:

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State University Board of Trustees

Federation Federated Identity – Shibboleth – Identity provider (IdP) – your home institution – Authentication using IdP-provided credential extending beyond your IdP’s boundary, e. g. for access to a resource at another institution or external organization, i.e. Service Provider (SP) – Attributes released to SP – Requires trust between SP and IdP Federation – InCommon – Organization made up of identity providers, service providers, and other interested parties – Pre-establish a trust framework © Michigan State University Board of Trustees

Levels of Assurance NIST – “Electronic Authentication Guideline” – Levels Measure of reliability of a credential Identity proofing, strength of authentication technology, general best practices for security and identity management Use cases -- Federal grants InCommon Identity Assurance – InCommon Technical Advisory Committee – Identity Assurance Assessment Framework – Bronze/Silver Identity Assurance Profiles

CIC InCommon Silver Project CIC Identity Management, CIC Auditors – At the behest of the CIC CIOs Assert Silver LOA for at least some of our users by Fall, 2011 InCommon Technical Advisory Committee is participating Drivers for doing it as a CIC project – Share the work – Influence the TAC and upcoming drafts of the IAP Renee Shuey of Penn State is leading MSU team: – Steve Kurncz, Internal Audit – Matt Kolb, Academic Technology Services, – Jim Green, Academic Technology Services

InCommon Silver Assessment Factors Audit requirement General best practices – Risk management, configuration management, DR – Network security, physical security – Policies – privacy, terms and conditions, account revocation – Policies, processes, practices documented Identity verification – In person verification of DL or passport linked to credential Strong passwords and password rules – NIST entropy calculation -- – 2 factor authentication can mitigate – Forgot password process must be just as strong And …

Issues Scope Documentation lacking Need a new process – ID Office Passwords in clear text Password policies – Two factor authentication – Stronger rules for Silver users only

Resources Shibboleth -- InCommon Identity Assurance – ce/ ce/ NIST /SP800-63V1_0_2.pdf -63/SP800-63V1_0_2.pdf

Contact Jim Green Identity Management Academic Technology Services Phone:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.