I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier.

Slides:



Advertisements
Similar presentations
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Advertisements

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Federal PKI Architecture Update
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft David L.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.
©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
The U.S. Federal PKI and the Federal Bridge Certification Authority
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.
NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.
The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.
©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments “Another.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session Charter Discussion – 9:30am – 10:00am October 18, 2011.
Bridge-to-Bridge Working Group (BBWG) Debb Blanchard, Cybertrust EDUCAUSE Federal and Higher Education PKI Coordination Meeting June 16, 2005 The Fairmont.
TFTM Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities.
Best Practices Working Group June 19-21, 2001 Munich, Germany.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
David L. Wasley Office of the President University of California Higher Ed PKI Certificate Policy David L. Wasley University of California I2 Middleware.
HIT Policy Committee Nationwide Health Information Network Governance Workgroup Recommendations Accepted by the HITPC on 12/13/10 Nationwide Health Information.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Identity Ecosystem Framework and Charter Gap Analysis.
1 Emergency Management Standards EM- XML Consortium & EM Technical Committee Presentation to Steve Cooper March 18,2003.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Strengthening Science Supporting Fishery Management  Standards for Best Available Science  Implementation of OMB’s Peer Review Bulletin  Separation.
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Friday, September 7 th,
The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.
PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Project: EaP countries cooperation for promoting quality assurance in higher education Maria Stratan European Institute for Political Studies of Moldova.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
PKI deployment in the Aerospace Industry
Higher Education’s Role in the Identity Ecosystem
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Presentation transcript:

I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier Technologies, Inc.

Agenda Origins of the BBWG Purpose of the BBWG Bridge Certification Authority Participants Organization Participants Identification of Working Groups Areas of Investigation Decisions to Date Work Accomplishments to Date Future Plans

Origins of the BBWG Group started its foundation to identify issues as they pertain to and impact the Federal Bridge Certification Authority (FBCA) As issues were uncovered, it was noticed that the issues for the FBCA were not necessarily unique to the FBCA Group evolved to include representatives from four Bridge Certification Authority (BCA) environments and expanded to include international representation

Purpose of the BBWG To address the implications of Bridge-to- Bridge cross-certification in the collaborative cross-organizational space International focus PKI-centric BBWG will not delve into corporate business models and practices that may be considered proprietary.

Bridge Certification Authority (BCA) Participants Federal Bridge Certification Authority (FBCA - US Government agencies, state governments, foreign governments) Higher Education Certification Authority (HEBCA – US higher education community with plans to include research institutions and higher education facilities from the EU) Secure Access for Everyone (SAFE – Pharmaceutical community led by Johnson&Johnson) Certipath (Exostar, Arinc, SITA with additional representation from Boeing, Lockheed Martin, Northrup Grumman, EADS/Airbus, tScheme, TSCP, EDS/Rolls-Royce)

Organization Participants Arinc/Certipath Betrusted Boeing Corporation Dartmouth College Duke University Department of Defense EADS/Rolls-Royce EDUCAUSE Enspier Technologies Evincible/Certipath Exostar/Certipath General Services Administration IBM Johnson&Johnson Lockheed Martin National Institutes of Health National Institutes for Standards and Technology Northrop Grumman Orion Security tScheme UKCEB TF/TSCP

Identification of Working Groups Each issue will be addressed by members of the following BCA communities: Higher Education Bridge community SAFE (Pharmaceutical) bridge community FBCA and bridge government community (includes NIST and DOD) Commercial Aerospace (Certipath, Boeing, Lockheed Martin, Northrop Grumman)

Areas of Investigation (per the Charter) Institutionalization of standards and what would be the suitable body/ies to own and maintain them Role of governments in governance and management of the intra-bridge environment Stimulate the development of commercial products that are “bridge aware” Need for a governance structure between cross- certified BCAs and, if so, what should it be Legal implications and shaping a legal framework that satisfies trust requirements and meets business needs, including liability

Areas of Investigation (per the group) Policy Mapping to determine levels of assurance (LOA) Must have a common lexicon, terminology and documents mapping for the Charter and all the documents Compliance with open standards Audit standards for BCA operations and certifications needed for the Auditors Liability and legal issues BCA Operations

Policy Mapping Issue: Develop a mutually agreed-upon methodology for cross- certifying BCAs to allow them to interoperate Identify the framework of documents and requirements (similar to the CP/CPS RFC) that are needed by a Bridge entity to qualify for cross certification. For example the Bridge has to specify the Cross certification criterion and methodology document. What is this document supposed to contain (rationale-- not example)? What other documents does the Bridge Operator have to develop in addition to the standard CP/CPS. Is there a standard set? What about the charter and structure of the Bridge Operators – Policy Authority, Operational Authority – and organization of these organizations? Status: For the initial submission, this will be only identification of the issues. Subsequent submissions will identify the guidelines for BCA cross-certification and their implementation.

Common Lexicon and Terminology Issue: Need for a common criteria and a lexicon (Common language of business) for grammar, syntax, etc. Includes the definition and contents of documents as well. Includes liability Needs to map international terms, grammar, syntax, etc as well Status: Begin with the definitions used by the Electronic Authentication Partnership (EAP); These need to be expanded to include international community as well as specialty definitions for the communities of interest A first draft has been provided to a sub-group of the BBWG, which includes US standards, however international definitions need to be incorporated.

Compliance with Open Standards Issue: Standards for BCA must rely upon open standards and not proprietary standards Must include international standards Since PKI-centric in nature, standards should apply to PKI standards. However, other standards may be included (or created.) Status: Verify that the bridges are working with open standards. The framework should show how these standards fit together via a mapping between US standards and international standards as well as to perform a gap analysis on these standards. This activity is linked to technical working group. A first draft has been provided to a sub-group of the BBWG, which includes US standards, however, international standards need to be incorporated.

Audit Standards Issue: How do we know that a BCA is operating at a level that can be trusted? What are the audit standards for Bridge-to-Bridge? What is examined and to what degree of rigueur? What documents are needed to support the auditors and what does the auditor give to the BCA operations, e.g., certificate of approval? Status: Begin with the documents provided by tScheme. Include auditors from KPMG, Deloitte and Touche, Price Waterhouse Cooper, et al to define these standards Audit requirements from representative CPs as well as a representative matrix of CPS auditable items were sent to a sub- group to determine if these audit requirements for Bridge-to- Bridge interoperability and cross-certification were sufficient.

Liability and Legal Issues Issue: What are the liability and legal implications for: Operating a BCA? The contractual mechanism between BCAs? Indemnification? Limits on liability? Others? Status: The American Bar Association has been invited to provide guidance as well as documentation and white papers that they have already created. Once these documents are obtained, these need to be reviewed and comments provided from the BCAs. Additionally, international comments need to be obtained and considered. White paper is close and should be provided to the sub-group shortly.

BCA Operations Issue: Requirements of some of the BCA CPs have internal requirements in order to cross-certify with other BCAs, e.g., in order for the FBCA to cross-certify with other BCAs, the FBCA requires operators of those BCAs to be operated by citizens of the country in which that BCA is operated. Status: Drafts have been started to address requirements for BCA operators, including definitions of: Trustworthiness Loyalty Integrity

Decisions to Date Dependencies and assumptions of other groups to be addressed, e.g., requirements for identity proofing/vetting will not be addressed by this group. BBWG will only address policy as it pertains to PKI and Bridge-to- Bridge policy issues; other decisions made are: Business Drivers – for the BBWG the I-CIDM is the business driver for this group Identity Proofing and Vetting – These issues need to be addressed, but not by this group. We recommend that the I-CIDM create another working group to address these issues. CIDM Policy Development and Management – These decisions are outside of the scope of this group. Implementation Challenges – these are to be addressed by the Technical Working Group. First meeting for this group was on August 5, Roadmap - We will work in tandem with the Technical Working Group to identify the policy and technical requirements for vendor products to ensure interoperability Path Discovery – this will be addressed by the Technical Working Group Vendor Involvement – This will be primarily addressed by the Technical Working Group; however, BBWG will assist as needed

Future Monitoring and providing comments for a new FIPS as it pertains to requirements for physical and logical access to US Government facilities, systems, and applications. (In response to HSPD-12) Working with BBWG member organizations to provide a web-hosting facility for meeting notices, document library, work-in-progress, presentations, etc Draft documentation for all BBWG issues are due at the end of the January, 2005

Questions? Judith Spencer, Chair of the Federal Credentialing Committee (FICC) and FBCA Office: Debb Blanchard, Chair of the BBWG Office:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.