Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

Slides:

Advertisements

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

Advertisements

Lousy Introduction into SWITCHaai

GT 4 Security Goals & Plans Sam Meder

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.

The InCommon Federation The U.S. Access and Identity Management Federation

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

TSCP Early Work on Trust Framework Agreement Developing a Flexible Trust Agreement PAGE 1 | TSCP.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.

Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Shibboleth: An Introduction

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

EGovernment Commonalities within Europe and beyond Colin Wallis & Fulup Ar Foll European Identity Conference 2011.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.

Secure Single Sign-On Across Security Domains

Cross-sector and user-centric AAI

Shibboleth Roadmap

Federation Systems, ADFS, & Shibboleth 2.0

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

U.S. Federal e-Authentication Initiative

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

HIMSS National Conference New Orleans Convention Center

Community AAI with Check-In

The E-Authentication Initiative

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential Service Providers Attribute Providers Relying Parties Attribute Exchange Service Federation Bridge & Credential Exchange Operator Multi- Lateral Trust & Operating Agreement Criteria & Methodology for Cross Certification Technical Specifications Certification Practice Statement Bridge Service Certificate Policy Common Operating Rules Accreditation Certification & Audit Process Operational Trust Framework Governance Trust Framework Membership/Participation Governance Documents Federation Trust Governance Documents Technical Documents Federation Organization Membership Agreement Federation Organization Governance/ Bylaws Trusted Identity Credentials Federation Governance Body Standardized credentials and authentication processes. Single framework for governance with agreements, operating rules and technical specifications for interoperability through the federation operator. PAGE 1 | TSCP

PAGE 2 | TSCP TSCP Trust Framework Services TSCP maturing operational elements of the Trust Framework Business Models Legal Agreements Liability Models Privacy Issues Approved products Expanding operations and applicability of the TSCP Trust Framework Services

Trust Framework Development Process PAGE 3 | TSCP Build Pilot Environment Access Control Working Group Trust Framework Working Group Business Legal Privacy Technical Trust Framework Working Group Business Legal Privacy Technical Conduct Pilot Define Use Cases Configure Pilot Environment Issue Credentials

NSTIC Grant - Financial Institution Pilot Use Cases Employer Issued Credentials: Responsibilities: Proof and vet strong Identity information Issues Credentials Sets permissible use Provides training and support Authenticates login transactions K Administrator Access 2. Employee Access + or Log in Employee choice Employer choice & PIN +

PAGE 5 | TSCP Data ProvidersData Consumers Secure Information Sharing for Critical Infrastructure Information Sharing Exchange Cloud Environment EOC Credential Providers Commercial Identity Providers State Government Identity Providers TSCP Trust Framework Data Access Controls GIS Layer Access Higher Level Credential ILHDSIF ILHDSIF “Identity Provider” Attribute Authorities Commercial Providers State Government “BAE” Providers Higher Level Credential

TLS Session Multi Factor Authentication Trusted PIV and PIV-I Authentication Service Smart Card Holder Logical Access IdP Application(s) Logical Access IdP Application(s) Mutually Authenticated TLS Session Attribute Retrieval 1.US FBPKI 2.Extended CA 3.Community SimpleIDTM Java Applet gathers Smart Card Info SiteMinder ADFS DHS Attribute Authorities PACS SAML 2 WS Federation WS Federation Information Sharing Registrar Portal TSCP Specification or Interface document TSCP Assertion Profile TSCP Assertion Profile 4 STEP 1STEP 2 Step 3 STEP 4 STEP 5 Full NIST PKITS Compliant PDVal performed on PIVAuth Certificate via Pathfinder Deployment dependent Vetting and/or Approval process Optional Call-‐Out to SAML Attribute Provider or Back-‐End Attribute Exchange PIV/CAC/PIV-I Data Profile PIV/CAC/PIV-I Data Profile Entitlement Manager SharePoint No additional client middleware from TSCP Information Sharing Cloud PAGE 6 | TSCP Policy Control ADFS

PAGE 7 | TSCP TSCP Operational Trust Framework Cyber Trust Framework - Business Models for Industry Partnership Cyber Trust Framework - Real World Implementation Cyber Trust Framework - Operational Technology Solutions Cyber Trust Framework - Government Initiatives Regional Secure Information Sharing Pilot for Critical Infrastructure Workshop Track Themes