Presentation is loading. Please wait.

Presentation is loading. Please wait.

A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM 01-02 The Identity Ecosystem 2014-05-14 DISCUSSION DRAFT 1.

Published byConrad Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM 01-02 The Identity Ecosystem 2014-05-14 DISCUSSION DRAFT 1."— Presentation transcript:

1 A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM 01-02 The Identity Ecosystem 2014-05-14 DISCUSSION DRAFT 1

2 DRIVERS, CORE STRUCTURE, REQUIREMENTS Ecosystem From The Inside 2014-05-14 DISCUSSION DRAFT

3 A Note on Role Names Role names are used to keep the entities and their functions separate Any entity or organization could play one or more Role in the ID Ecosystem  Online Services Supplier  The Relying Party, Service Provider  Online Services Client  The consumer or customer or recipient of the Supplier’s services  Online Trust Provider  All roles associated with establishing facts, provisioning credentials/tokens, verifying conformance, testing, audit  Common names IdP, TM, CM, CSP, TFP, CA, RA 2014-05-14 DISCUSSION DRAFT 3

4 The Online Interaction The goal of NSTIC is to improve the state of online interactions The interaction or transaction between online service supplier and their client is the primary source of requirements for security, privacy and ease of use Describing a coherent ID Ecosystem is possible by extending the ‘Interaction-centric’ concept 2014-05-14 DISCUSSION DRAFT 4

5 The Central Pattern Central tenet: Supplier and Client engage in an online interaction only if certain Conditions are presented, potentially negotiated and fulfilled. (Arrows should probably be bi-directional) 2014-05-14 DISCUSSION DRAFT 5

6 The Central Pattern: ‘Conditions’ ‘Conditions’ might be:  Provide the username and password associated with your account  Provide payment information  Produce a validated electronic authentication token issued by a trusted Credential Service Provider  Accept these Terms of Service  Possess these Trustmarks 2014-05-14 DISCUSSION DRAFT 6

7 The Central Pattern: Suppliers The Online Service Supplier wishes to control access to the service and provide the right service to the correct Client ‘Conditions’ are used to gather the information needed to make the service access decision 2014-05-14 DISCUSSION DRAFT 7

8 The Central Pattern: ID Risk The Online Service Supplier must guard against misidentification, fraud, impersonation, inability to distinguish one client from another The stringency and number of Conditions increase with greater transaction risks 2014-05-14 DISCUSSION DRAFT 8

9 The Central Pattern: Requirements The Interaction, Conditions and Fulfillment drive all requirements  System, transaction, technical, policy, interoperability, trust, assurance, operations, data formats, security, privacy, user experience 2014-05-14 DISCUSSION DRAFT 9

10 Trust Infrastructure: Trust Providers Online Trust Provider box  Intended to represent any security, trust or privacy service available to the Supplier-Client  Entirely determined by the Transaction requirements  Might be standard & shared  Might be custom & secret  Might deliver high certainty or low certainty  Might be reliable or not 2014-05-14 DISCUSSION DRAFT 10

11 ‘Trust’ Infrastructure The Trust Infrastructure is secondary to the transactions and exists to support the supplier- client interaction  Credentials, tokens, certificates, secrets  Identity information, relationship/membership  Federations, Trust Frameworks, Assurance Frameworks 2014-05-14 DISCUSSION DRAFT 11

12 Trust Infrastructure: Community NSTIC ‘Online Community’  NSTIC defines ‘online communities’ which have shared risks, a stable set of transactions, common rules, common trust requirements Community Governance  Indicates the operator and manager of the community rules, their implementation and enforcement  Sometimes named the Federation Operator or Trust Framework Provider 2014-05-14 DISCUSSION DRAFT 12

13 Rationale for Transaction-Centric Why focus on the transaction instead of the normal focus on Trust Infrastructure?  Clarifies the value of the ID Ecosystem  The Transaction drives all requirements, not the Trust Providers  Each element can be broken down and mapped to real and future implementations 2014-05-14 DISCUSSION DRAFT 13

14 The ID Ecosystem Online communities using this pattern are candidate participants in the NSTIC-envisioned ID Ecosystem NSTIC requires certain things of the Community Rules and other community features 2014-05-14 DISCUSSION DRAFT 14

15 Compare to the NSTIC Definition A Trust Framework  Is developed by a community  Defines the rights and responsibilities of that community’s participants  Specifies the policies and standards specific to the community  Defines the community-specific processes and procedures that provide assurance  Considers the level of risk associated with the transaction types of its participants - NSTIC Strategy Document 2014-05-14 DISCUSSION DRAFT 15

16 THE ID ECOSYSTEM FROM ABOVE Ecosystem From 30k 2014-05-14 DISCUSSION DRAFT

17 The Central Concern 2014-05-14 DISCUSSION DRAFT 17 The Interaction is central  Trust Providers exist to express and satisfy ‘conditions’  All activity must fall within the rules of the Community

18 Many Transactions in a Community 2014-05-14 DISCUSSION DRAFT 18 Within the Community context many transaction types are possible The picture shows a single trust infrastructure supporting all community transaction types All activity must fall within the rules of the Community

19 Many Trust Providers in Community 2014-05-14 DISCUSSION DRAFT 19 The picture shows two trust infrastructures within the same community The trust infrastructures are federated All activity must fall within the rules of the Community

20 ID Ecosystem Perspective A Many ‘communities’ exist today  Some are verified by 3rd party assessors  Some are closed/walled gardens  Some are Enterprise-Enterprise federations  Some involve Trust Framework Providers and Trust Frameworks  Some are multi-party federations Some happen to follow the NSTIC Guiding Principles Next slide is a sketch of this state 2014-05-14 DISCUSSION DRAFT 20

21 ID Ecosystem Perspective A 2014-05-14 DISCUSSION DRAFT 21

22 ID Ecosystem Perspective A One perspective of the path forward is to increase the number and type of Ecosystem Communities that follow the NSTIC Guiding Principles  And, as a consequence, end-users will begin to experience NSTIC-oriented services This might be characterized as the path to building a Compliance/Conformance Program 2014-05-14 DISCUSSION DRAFT 22

23 ID Ecosystem Perspective A 2014-05-14 DISCUSSION DRAFT 23

24 ID Ecosystem Perspective B One perspective of the path forward is to build on the GTRI Trustmark ideas  Define Trust Interoperability Profiles (TIP) for participating Stakeholder Communities  Establishing Trustmark Defining Organizations (TDO)  Trustmark Definitions and Trustmarks: statement of conformance to identity trust/interoperability requirements plus its formal assessment process 2014-05-14 DISCUSSION DRAFT 24

25 The GTRI Trustmark Concept Map 2014-05-14 DISCUSSION DRAFT 25

26 ID Ecosystem Perspective B 2014-05-14 DISCUSSION DRAFT 26

27 ID Ecosystem Perspective C Suggestions for other alternative views are welcome 2014-05-14 DISCUSSION DRAFT 27

Download ppt "A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM 01-02 The Identity Ecosystem 2014-05-14 DISCUSSION DRAFT 1."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 October.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, 2014 4-16-2014IDESG TFTM Committee1.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Use Case Development Scott Shorter, Electrosoft Services January/February 2013.

Use Case Development Scott Shorter, Electrosoft Services January/February 2013.
The ISO 9000 family of standards

The ISO 9000 family of standards
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Similar presentations

Ads by Google