1 / 18

Enabling Open Government Using the OIDF/ICF Open Trust Framework

Enabling Open Government Using the OIDF/ICF Open Trust Framework. OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation Drummond Reed, ED, Information Card Foundation. Topics. The Open Identity Solutions for Open Government Initiative Policy Foundation

jesse
Download Presentation

Enabling Open Government Using the OIDF/ICF Open Trust Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID FoundationDrummond Reed, ED, Information Card Foundation

  2. Topics • The Open Identity Solutions for Open Government Initiative • Policy Foundation • Understanding the U.S. Government Approach • Identity Schemes • Trust Frameworks • Open Identity Schemes • OpenID • InfoCards • Introducing the Open Trust Framework • Key Design Principles • Participant Roles • The Basic Workflow • Components of Specific Trust Framework • Next Steps/How to Get Involved

  3. Goals of Open Identity Solutions for Open Government Program • Make Government more transparent to citizenry • Make it easier for citizenry to access government information • Avoid issuance of application-specific credentials • Leverage Industry credentials for Government use • Leverage Web 2.0 technologies • See presentation and document posted on http://www.IDmanagement.gov

  4. Policy Foundation: OMB M04-04 • Risks

  5. Policy Foundation: NIST Special Pub 800-63 • SP 800-63 Technical Guidance Assurance Level

  6. US Government Approach • Adopt technologies in use by industry • “Identity Scheme Profiles” • Identity Scheme Adoption Process (ISAP)* • Adopt industry trust models • “Trust Framework Providers” • Trust Framework Provider Adoption Process (TFPAP)* • See documents posted on http://www.IDmanagement.gov

  7. Identity Scheme Adoption

  8. Open Identity Schemes: OpenID • OpenID • Open Source roots • OpenID Foundation serves as steward and provides necessary infrastructure • Used/supported by Google, Yahoo, Facebook, AOL, MySpace, Novell, Sun, etc. • 1 billion+ OpenID-enabled accounts • 40,000+ web sites support OpenID • ICAM Profile • Profile based on OpenID 2.0 • Requires SSL/TLS on all endpoints • Requires Directed Identity Approach • Requires pair-wise unique pseudonymous identifiers • Requires Short lived association handles

  9. OpenID Flow

  10. Open Identity Schemes: Information Cards • Information Card • Analogous to the cards you carry in wallet • Open Source & industry standards • Supported by Microsoft, Intel, Oracle, Novell, Equifax, Google, Citi, etc. • Built into MS Vista; option for XP • Lower rate of adoption than OpenID • ALs 1 thru 3; possibly AL 4 • ICAM Profile • Profile of Identity Metasystem Interoperability Document 1.0 (IMI) • Requires encryption of PII • Requires use of optional Private Personal Identifier (PPID) • Currently managed cards only

  11. Information Card Flow

  12. Trust Framework Adoption • The Open Identity Solution approach is to enroll industry trust frameworks • Specify relevant identity scheme profiles • Map Levels of Assurance (LOA) to requirements of NIST SP 800-63 • Incorporate privacy requirements • The GSA made an outreach to the OpenID Foundation, Information Card Foundation, InCommon, and Liberty/Kantara • Participating trust frameworks are being submitted under the ICAM Trust Framework Provider Adoption Process

  13. The Open Trust Framework • Jointly developed by the OpenID Foundation and the Information Card Foundation • Reflects our common interests in providing a trust framework adapted to open identity technologies – technologies that: • Are open standards • Operate at Internet scale • Support user-controlled identity management • Do not presume any pre-existing trust relationships between identity providers and relying parties • A draft application was submitted to GSA on 8 September 2009 for review and feedback under the TFPAP • Currently being further revised to reflect GSA feedback and OIDF and ICF member review

  14. Core Design Principles of the Open Trust Framework • Open to all identity providers • Open to any qualified auditor • Open to provider self-certification • Open to change and evolution

  15. Participant Roles • Trust Framework Provider • OIDF and ICF in collaboration • OTF Administrator • Contractor to OIDF and ICF • Identity Providers • OpenID or Information Card providers desiring to serve the applicable trust communities • Auditors • Organizations who offer technology auditing and certification services as part of their business • Relying Parties • Do not participate directly in the first version of the Open Trust Framework, but may be involved in future versions

  16. The Basic Workflow • Auditor Registration • OTF Administrator verifies qualifications • Identity Provider Certification • Provider self-certification is available to all provider • Self-certification is audited • OTF Administrator verifies the authenticity of the application • OTF Administrator provisions the certification metadata • Ongoing Operations • Updates to certification metadata • Quality assurance and quality control • Renewals • Trust framework revisions • Dispute Resolution

  17. Components of a Specific Trust Framework • Purpose Statement • Auditor Registration Requirements • Identity Provider Certification Requirements • Identity Provider Self-Certification Form • Dispute Resolution Supplement

  18. Next Steps • A pilot of both the ICAM OpenID and Information Card identity schemes is underway with the National Institute of Health • The two foundations are expanding our circle of collaboration on the Open Trust Framework • Harvard Berkman Center • Center for Democracy and Technology • We invite NIST and industry’s continued participation • Please contact us for more information • www.openid.net • www.informationcard.net

More Related