1 / 5

PAIIWG++ Meeting #1 William I. MacGregor william.macgregor@nist.gov National Institute of Standards and Technology 16 Se

PAIIWG++ Meeting #1 William I. MacGregor william.macgregor@nist.gov National Institute of Standards and Technology 16 Sep 2008. SP 800-73-1 (NIST). 3/06. How PIV is Standardized. SP 800-85 (NIST). SP 800-76-1 (NIST). 10/05. HSPD 12 (Presidential). Policy. 1/07. 8/04.

caitir
Download Presentation

PAIIWG++ Meeting #1 William I. MacGregor william.macgregor@nist.gov National Institute of Standards and Technology 16 Se

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PAIIWG++ Meeting #1 William I. MacGregor william.macgregor@nist.gov National Institute of Standards and Technology 16 Sep 2008 1

  2. SP 800-73-1 (NIST) 3/06 How PIV is Standardized SP 800-85 (NIST) SP 800-76-1 (NIST) 10/05 HSPD 12 (Presidential) Policy 1/07 8/04 SP 800-78-1 (NIST) SP 800-85A (NIST) 8/07 FIPS 201-1 (Secretary of Commerce) M-05-24 (Director OMB) 4/06 SP 800-79-1 (NIST) 3/06 6/08 8/05 SP 800-85B (NIST) SP 800-87 (NIST) 7/06 10/05 Standards SP 800-96 (NIST) Driver 9/06 Revise ‘08 SP 800-104 (NIST) 6/07 Test Guidelines Dynamic Implementation Guidelines 2

  3. What NIST documents overlap PAIIWG++ concerns?The answer depends on the recommendations. Cryptographic Soundness & Card Authentication Key FIPS 201, SP800-73, SP800-78, SP800-116 SP800-85 (A&B, & test tools), SP800-79, PACS 2.2? PIV Identifier Model FIPS 201, SP800-73, SP800-116, SP800-76 SP800-85B,(GSA) BAE,SP800-87? (FPKIPA) CP’s? These are basic, there are probably others! 3

  4. Starting Thoughts Replace the FASC-N, replace its two uses: Identifying the credential and cardholder Linking five PIV objects together Leverage existing identifier schemes FASC-N, UEID, IPv6, EUI, OpenID, OID, UUID,… Utilize familiar, standard representations E.g., ASN.1 with BER-TLV encoding Allow fixed & variable length identifiers Fixed: FASC-N, IPv6; Variable: OpenID, OID 4

  5. An Identity Domain Registry? A Registry is a published, numbered list of entries. If each entry names an Identity Domain, then… …(entryNumber, domainIdentifier) is unique. Example: (34.4.117.10.1, <a 25 byte FASC-N>) If the Domains are large (e.g., “IPv6”, “OpenID”), the registry will be small & change infrequently. Each entry includes its governing authority. 5

More Related