Date post: | 11-Jan-2015 |
Category: |
Technology |
Upload: | kantarainitiative |
View: | 659 times |
Download: | 4 times |
Trust Frameworks: Shaping the future of Digital Identity
Joni Brennan, Executive Director2013
Problem
2012 2Kantara Initiative - Trust Frameworks: A Global Context
• Inefficient
• Does not scale
• Poor high risk solution
3
Kantara Initiative: OverviewValues
Kantara Initiative - Trust Frameworks: A Global Context
Organizations, Industry and Governments join Kantara because we value:
• TrustOperating Accreditation, Approval and Certification programs
• PrivacyDeveloping privacy respecting solutions.
• SecurityDeveloping high security solutions and practices
• CommunityBridging technology and policy requirements
Trustees:
Trustees At-Large:
• Government of Canada
• Trans-European ResearchEducation Networking Association
4
Kantara Initiative: OverviewStats
Kantara Initiative - Trust Frameworks: A Global Context
50+ MembersApproved CSPs
100’s of Participants Accredited Assessors
5
Kantara Initiative: OverviewFederation, Compliance, and Interoperability
Kantara Initiative - Trust Frameworks: A Global Context
Members join Kantara because we build trust and harmonization by developing compliance criteria based on requirements of end-users, relying parties and identity providers.
Organizations become APPROVED because we operate compliance programs for multiple solutions that fit a variety of requirements and jurisdictions.
Kantara Builds Bridges
*Non-Profit 501c6
6
Kantara Initiative: OverviewGovernance Model
Kantara Initiative - Trust Frameworks: A Global Context
Assurance Review Board
Interoperability Review Board
Operates Compliance Programs
Leadership Council
Consists of: Work and Discussion
Group Leadership
Develops Requirements and Practices
Board of Trustees
Kantara Initiative: OverviewWork and Discussion Groups
JURISDICTIONPOLICY/TECH
KANTARA INITIATIVE WORK AND DISCUSSION GROUPS
USER-FOCUSED
ISWG
UMAWG
ConsumerID
• (BCTF) Business Cases for Trusted Federations
• (Consumer ID) Consumer Identity
• (eGov) eGovernment
• (FI) Federation Interoperability
• (HIA) Heath Identity Assurance
• (IA) Identity Assurance
• (IS) Information Sharing
• (Japan) Japan
• (P3) Privacy and Public Policy
• (Telco ID) Telecommunication Identification
• (UMA) User Managed Access
• (CBP) Cloud Identity Best Practices
• (AIM) Attributes In Motion
WORK & DISCUSSION GROUP ACRONYMS:
Kantara Initiative - Trust Frameworks: A Global Context 7
ISWG
HIAWG P3WG
eGovWG
IAWG
AMDG
HIAWG
TELCO ID
eGovWG
JAPAN
CIBP AIM
8
Kantara Initiative: OverviewLiaisons and Governments
Kantara Initiative - Trust Frameworks: A Global Context
• ISO: 29115, 29100, 29191, 27001, 27002, etc
• ITU-T: X.1254 (was X.EAA), OITF
• OASIS: eGovernment, SAML SSTC, PMRM, etc
• OECD Internet Technical Advisory Committee (ITAC)
• Governments (Canada, UK, US, Sweden)
• Developing UK/US cross recognition approach (extending country by country)
• Providing neutral forum for Government Programs and Agencies to share information and identify common goals
• Performing confidential and non-confidential program reviews upon request for specific international governments and government agencies
9
Kantara Initiative: OverviewNational / International Initiatives
Kantara Initiative - Trust Frameworks: A Global Context
• US FICAM
• Only cross-vertical LoA 1-3 non-crypto Approved Trust Framework Provider
• US NSTIC
• Kantara Identity Assurance Framework – Service Assessment Criteria
• Ecosystem of Assessors
• AuthN >> moving toward Attribute Assurance
• UK IDAP
• Cross Jurisdiction recognition
• EUSTIC
• Kantara supporting as media sponsor and relevance to Kantara initiatives
• SWEDEN E-legitimation
• Kantara IAF referenced in emerging program toward municipality policy/tech interop
Federation and Trust FrameworksBased on Levels of Assurance : Illustrated
10Kantara Initiative - Trust Frameworks: A Global Context
Federation and Trust FrameworksWhat does Federation look like?
11Kantara Initiative - Trust Frameworks: A Global Context
Identity Provider
Service Provider
Trust
BA
NK
INS
UR
AN
CE
CO
MP
AN
Y
Authentication
Service Access
Kantara Trust Framework:Component Services
12Kantara Initiative - Trust Frameworks: A Global Context
Credential Service Provider
Identity Proofing /
Verification
Organizational Trust
Credential Issuance /
Management
Responding to industry experts Kantara members create path to component service recognition.
Component Services: • Identity Proofing /
Verification • Credential Issuance
and Management
Kantara Accreditation and Approval: Developing Trust Framework Profiles
2012 13Kantara Initiative - Trust Frameworks: A Global Context
Core FrameworkCommon, Well-Vetted
Foundation
Technical ProfileSpecific Technical Deployment Rules
Privacy ProfileSpecific Policy / Regulation
Rules
Industry ProfileSpecific Industry Based Considerations / Rules
Jurisdiction Profile Specific Policy / Regulation
Rules
14
Kantara Initiative: Overview What does a Trust Framework look like?
Kantara Initiative - Trust Frameworks: A Global Context
Trust
Input Requirements in to Kantara
Kantara and end-user
stakeholders develop criteria for assessment
Kantara Accredited Assessors
perform assessments
Relying Parties&
End-Users
Criteria for IdP / CSP Assessment
to verify Trust
15
Trust Framework Model
Kantara Initiative - Trust Frameworks: A Global Context
Registration
Verification
Assessment
Certification Process
Trust Status Listing Service
Interested Parties
Trust Status Listing Service, Registry, White List
Identity Assurance Framework: Documents
16Kantara Initiative - Trust Frameworks: A Global Context
IAF 1000 - OverviewOverview of of the IAF documents and structure
IAF 1100 - Glossary Glossary of terms used in the IAF documents
IAF 1200 – Levels of AssuranceOverview in detail of the Levels of Assurance
IAF 1300 – Assurance Assessment SchemeProcess of how the Assurance Program operates
IAF 1400 – Service Assessment CriteriaCriteria that a Service will need to provide compliance to for
Service Approval at the different Levels of Assurance
IAF 1600 – Assessor Qualifications and RequirementsQualifications that an Assessor must prove to become
Accredited to perform IAF assessments
Note: a Trust Framework may apply specific profiles for specific Technology and Privacy Constraints used to achieve Levels of Assurance
17
Kantara Trust Framework:Structure
Kantara Initiative - Trust Frameworks: A Global Context
Board of Trustees
Trust StatusPublished to:
Assurance Assessment
Scheme(AAS)
Assessor Qualifications & Requirements
(AQR)
Service Assessment
Criteria(SAC)
Core IAF Document Set
Identity Assurance Framework (IAF) Complete Set of IAF Documents
Identity Assurance Work Group (IAWG)
Manages the Set of IAF Documents
Assurance Review Board (ARB)
Reviews & Verifies External Assessment
List Services, Registries, Whitelists
Kantara Trust Framework:Accredited Assessors and Approved CSPs
Kantara Accredited to LoA 1-4
18Kantara Initiative - Trust Frameworks: A Global Context
Kantara Approved to LoA 3 non-crpyto
Verizon Universal Identity Service (VUIS)** ICAM Trust Framework Approval
IDPV Component Recognition
Norton Credential Service Provider *ICAM Trust Framework Approval (Conditional)
Registered Applicant
Shaping the Future of Digital Identity
• @kantaranews• kantarainitiative.org• kantarainitiative.org/listinfo/community• bit.ly/Kantara_Assurance• kantarainitiative.org/membership/
19Kantara Initiative - Trust Frameworks: A Global Context
Thanks!
Questions?
• Kantara Executive Director: Joni Brennan [email protected]
• General Inquiries: [email protected]