Identity Ecosystem Framework and Charter Gap Analysis.

Slides:

Advertisements

Similar presentations

Establishing a New Accreditation Program in the U.S.

Advertisements

Module N° 4 – ICAO SSP framework

ILLEGAL WILDLIFE TRADE Global illegal wildlife trade (excl. timber) worth $15-20 billion annually – together recognized as the fourth largest global illegal.

1 INAC First Nation Education Policy Framework Regional Dialogues Coordinated by AFN and INAC Education Policy Framework - Joint Steering Committee (EPF-JSC)

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP What Is an Identity Trust.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.

Course: e-Governance Project Lifecycle Day 1

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.

Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.

Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Quality evaluation and improvement for Internal Audit

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.

Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session Charter Discussion – 9:30am – 10:00am October 18, 2011.

Internal Auditing and Outsourcing

© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP The Emerging Legal Framework for Identity and Access Management Thomas J. Smedinghoff.

Welcome Elizabeth Schanbacher Assistant Superintendent of Educational Technology.

Functional Model Workstream 1: Functional Element Development.

NSTIC ID Ecosystem A Conceptual Model v03 Andrew Hughes October October IDESG Version 1.

Identifying the Baseline IDESG Security Committee Discussion 10/23/

Requirements Development & Template Presentation to All Chairs 8/12/2014.

SCC Workplan C. Tilton. Press Releases The IDESG announces the availability of the IDESG knowledge base which provides access to a repository of information.

Roles and Responsibilities

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state November.

TFTM Deliverable Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, IDESG TFTM Committee1.

Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

State Alliance for e-Health Conference Meeting January 26, 2007.

Best Practices: Financial Resource Management February 2011.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Draft – discussion only Content Standards WG (Documents and Data) Proposed HITSC Workgroup Evolution 1 Architecture, Services & APIs WG Transport and Security.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.

IDESG Security Committee Charter Update. Objectives The Security Committee is responsible for defining a Security Model for the Identity Ecosystem Framework.

MC Sub-Committee for Workplanning: Recommendations Report Chair/presenter: Paul Laurent.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

1 Emergency Management Standards EM- XML Consortium & EM Technical Committee Presentation to Steve Cooper March 18,2003.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

STANDARDS COORDINATION COMMITTEE PLENARY BREAKOUT 18 SEPTEMBER 2014 Interoperability Requirements.

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

1 David C. Kibbe, MD MBA DirectTrust A Discussion About Scalable Trust May 9,

Committees. Executive Committee Terms of Reference Committee Type – standing Purpose -. Manage the business and technical affairs of Open Health Tools.

Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Scalable Trust Community Framework STCF (01/07/2013)

1 PARCC Data Privacy & Security Policy December 2013.

Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Negotiation of Proposals Dr. Evangelos Ouzounis Directorate C DG Information Society European Commission.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.

Industrial safety 0. Highlights Communication Management Evaluation Investigation Practice/implementation Development 1.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

IPDA Architecture Project International Planetary Data Alliance IPDA Architecture Project Report.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

INTERCONNECTION GUIDELINES

Higher Education’s Role in the Identity Ecosystem

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

Model Contract for Health

Data Management Capability Assessment Model

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Taking the STANDARDS Seriously

Introduction to Fiscal Policy Program

Presentation transcript:

Identity Ecosystem Framework and Charter Gap Analysis

Putting It All Together to Form Enforceable “Operating Rules”* 2 Contract(s): “I Agree” to... Existing Law Warranties Dispute Resolution Measure of Damages Enforcement Mechanisms Termination Rights Liability for Losses Existing Law Privacy Standards Privacy Standards Credential Issuance Credential Issuance Authentication Requirements Authentication Requirements Reliance Rules Audit & Assessment Oversight Audit & Assessment Oversight Credential Management Security Standards Security Standards Identity Proofing Identity Proofing Technical Specifications Enrolment Rules Enrolment Rules Business and Technical Rules Legal Rules (Contractual) Enforcement Element * Content on this slide created by Thomas Smedinghoff of Edwards Wildman Palmer LLP

IE Framework Proposed Components 3 Existing Law Warranties Dispute Resolution Measure of Damages Enforcement Mechanisms Termination Rights Liability for Losses Operating Rules (Business and Technical) Legal Rules (Contractual) NSTIC Strategy Document Accreditation/ Certification Rules Security Standards Privacy Policies and Rules Identity Proofing Standards Technical and Process Standards and Specs Credential Management Rules Authentication Rules Risk and Assurance Models/Rules Risk and Assurance Models/Rules Interoperability Rules Usability and Accessibility Guidelines Attribute Management Rules Enrollment and Registration Rules Data Management/ Transmission Rules Data Management/ Transmission Rules Additional IDESG Needs IDESG Sustainment Plan Participant Business Models Red Circles = Potential component additions to Tom Smedinghoff’s concept

Committee-Framework Gap Analysis 4 Framework ComponentLead Committee (Today)* Technical and Process Standards and SpecificationsStandards Committee Credential Management RulesGAP Authentication RulesSecurity Committee Risk and Assurance Models/RulesSecurity Committee Enrollment/Registration RulesGAP Identity Proofing StandardsStandards Committee Privacy Policies and RulesPrivacy Committee Security StandardsSecurity Committee Accreditation and Certification RulesAccreditation/Trust Framework Committee Attribute Management RulesGAP Data Management and Transmission RulesSecurity Committee Usability/Accessibility GuidelinesUser Experience Committee Interoperability RulesAccreditation/Trust Framework Committee IDESG Sustainment ModelManagement Council Participant Business Models and Value PropositionsGAP Legal RulesLiability and Contract Committee * Committees that are not listed (Health Care, Financial, Communications, Policy, International) have a contributory and advisory role – to contribute and advise on requirements for their respective domains/sectors to develop these Framework Components.

Charter-Framework Gap Analysis 5 Framework ComponentLead Committee(s) Charter Mention Technical and Process Standards and Specifications Standards Committee Addressed in current charter--Scope and Deliverables Credential Management RulesGAPN/A Authentication RulesSecurity Committee Addressed in current charter--Scope and Objectives Risk and Assurance Models/RulesSecurity Committee Not specifically addressed in current charter– may be part of the Security Model deliverable which is included. Enrollment/Registration RulesGAPN/A Identity Proofing StandardsStandards CommitteeNot specifically addressed in current charter Privacy Policies and RulesPrivacy CommitteeAddressed in current charter Security StandardsSecurity CommitteeAddressed in current charter Accreditation and Certification RulesAccreditation/Trust Framework CommitteeAddressed in current Accreditation Attribute Management RulesGAPN/A Data Management and Transmission RulesSecurity Committee Not specifically addressed in current charter-- could be part of Security Model deliverable which is included. Usability/Accessibility GuidelinesUser Experience CommitteeDeliverables not addressed in charter Interoperability RulesAccreditation/Trust Framework Committee Not specifically addressed in the Accreditation or TF charters. IDESG Sustainment ModelManagement Council Specified in RoA (Fiduciary and Administrative Responsibility) Participant Business Models and Value Propositions GAPN/A Legal RulesLiability and Contract CommitteeNot specifically addressed in current charter

A.General: 1.Establish an Identity Ecosystem (IE) Operating Rules Committee to manage the maintenance of the IE Framework, identify gaps in the Framework, and where necessary develop components to fill those gaps. 2.Establish a Business Model Committee to create participant business models and value propositions; these are not necessarily “framework components” but are vital to promoting adoption of the Identity Ecosystem. B.Credential Management Rules and Enrollment/Registration Rules: 1.Designate the Operating Rules Committee as the lead; these components do not fit clearly into the purpose and scope of existing committees and this committee is intended to address such gaps. Or 2.Designate the Accreditation/Trust Framework (TF) Committee as the lead; the committee could address these as part of the accreditation process for IE participants. Filling the Gaps—Recommendations 6

7 C.Attribute Management Rules: 1.Establish an Attribute Management Committee as the lead; this component does not fit clearly into the purpose and scope of existing committees and the level of work needed to develop requirements for the IE attribute trust model necessitates the creation of a dedicated committee. Or 2.Designate the Accreditation/TF Committee as the lead; the committee could address these rules as part of the accreditation process for IE participants. Additionally, some trust frameworks have begun efforts to address attribute management—this committee would be best placed to liaise with the trust frameworks and incorporate these efforts.

Filling the Gaps—Recommendations 8 D.Interoperability Rules: 1.Designate the Accreditation/TF Committee as the lead; this committee will need to develop a means to ensure interoperability in the IE for adopted standards and specifications as part of the accreditation process for participants. This committee will need to work closely with the Standards Committee in the development of interoperability rules. Or 2.Designate the Standards Committee as the lead; this committee will have the responsibility for reviewing and recommending standards and specifications for adoption and could also lead the development of interoperability rules for the implementation of adopted standards and specifications.

Filling the Gaps—Recommendations 9 E.Data Management and Transmission Rules: 1.Designate the Security Committee as the lead with significant input from the Privacy Committee; Data Management and Transmission Rules are intended to address the specifications and controls for data interface, transmission, receipt and recording/maintenance which are primarily security issues. Or 2.Designate the Privacy Committee and Security Committee as co-leads with responsibility for the Data Management and Transmission Rules which fall under their respective charters. Regardless of how the lead is established for this framework component, there will need to be significant coordination between these committees.