Date post: | 14-Dec-2015 |
Category: |
Documents |
Upload: | zoie-philson |
View: | 225 times |
Download: | 2 times |
Identity Federation Rules and Process
Linda ElliottPresident, PingID Network
Electronic Authentication PartnershipWashington, DC
February 12, 2004
Copyright PingID Network, 2003
Identity Federation
The Linking of Identity SystemsThe Linking of Identity SystemsEnables Cross-Boundary Security & Convenience
Copyright PingID Network, 2003
Thinking about the Issues
Issues and component parts Technical Federation Standards:
Liberty Alliance, SAML, WS-*, Shibboleth
Certificates and Certificate Policy: Private industry (Verisign, Entrust), Identrus
Privacy: ISTPA, Liberty Alliance
Contracts are most common approach to formalizing specifics Existing business alliances augment contracts New federations attempt bilateral agreements
Copyright PingID Network, 2003
Don’t Underestimate the Challenges !!
Dan Farber in his article on ZDNET referring to Tony Scott, CTO of General Motors (10/19/03):
"The technology challenges, according to Scott, weren't significant, but the unforeseen business issues turned a three-month project into a year of hurdling social obstacles, such as coming up with agreements among the parties within the federation on enforcing compliance, liability definitions, dispute resolution procedures and auditing requirements"
Copyright PingID Network, 2003
Identity Federation Issues
1. Which standards and which versions for my business ? (that’s the easy part)
2. How to establish trust with federation partners ?
3. How to manage risk and liability ?
4. How to control costs ?
5. Will it scale ?
Copyright PingID Network, 2003
An Identity Network is the Solution
An Identity Network provides …
Minimum standards to establish Confidence Established Interoperability Test bed for new partners and new function Rules and regulations to control Risk and
Liability Procedures to handle disputes Programs to address Risk Management Services to facilitate use, solutions, control
Copyright PingID Network, 2003
Members: Own & Govern the Network Operating Regulations: Defined by Membership Mutual Confidence: Minimum Standards and Reviews Risk of Identity Fraud: Management programs based on
Pooling of breach data Analysis of data Security & transactional activity monitoring
Liability : Definition and control Defined liability conditions Dispute resolution procedures, based on rules
Programs: for compliance Compliance with industry-specific regulation, ie Health Federation specific agreements, processes
Legal Framework
Copyright PingID Network, 2003
As the need for Federation expands…
Adding New Partners to any Federation… Avoid negotiating new agreements on technology, process,
risk, and liability Expand to new partners and provide new services quickly
and easily Create effective risk management processes through
Pooled expertise on breaches Network-wide deployment of risk techniques Network alert mechanisms to provide early warnings
Take advantage of interoperability tools to avoid re-tooling