1 / 13

Identity Assurance Profiles and Framework Documents: Peek into Proposed Ficam changes

Identity Assurance Profiles and Framework Documents: Peek into Proposed Ficam changes. 12/12/12. Topics. Background Big pic Detailed pic. Program Basics: Documents . Identity Assurance Assessment Framework Identity Assurance Profiles Bronze (NIST Level 1) Silver (NIST Level 2 )

raheem
Download Presentation

Identity Assurance Profiles and Framework Documents: Peek into Proposed Ficam changes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Assurance Profiles and Framework Documents:Peek into Proposed Ficam changes 12/12/12

  2. Topics • Background • Big pic • Detailed pic

  3. Program Basics: Documents • Identity Assurance Assessment Framework • Identity Assurance Profiles • Bronze (NIST Level 1) • Silver (NIST Level 2) • Assurance Addendum to the Participation Agreement

  4. Program Basics: Assurance Advisory Committee (AAC) What is the AAC, and what does it do? • Represents stakeholders in the assurance process:IdPs, SPs, auditors • Oversight for program • Advisory to Steering • Assess applications, recommend approval (or denial) to Steering • Recommend changes to documents or program

  5. Program Basics: Assurance Advisory Committee (AAC) Who is the AAC? • Tim Cameron, National Student Clearinghouse (SP) • Mary Dunker, Chair, Virginia Tech University (IdP) • Steve Devoti, University of Wisconsin-Madison (IdP) • 2nd Auditor • Jacob Farmer, Indiana University (member at large) • Chris Holmes, Baylor University (InCommon Steering) • Scott Koranda, University of Wisconsin-Milwaukee/LIGO (SP) • Steve Kurncz, Michigan State University (auditor) • Ann West, InCommon/Internet2 (InCommon staff)

  6. Assurance Advisory Committee (AAC) Ex-Officio (non-voting) • Marilyn McMillan, New York University (InCommon Steering) • Tom Barton, University of Chicago (InCommon TAC) • Renee Shuey, Penn State (InCommon TAC) • Jack Suess, UMBC (InCommon Steering) For more information, visit http://www.incommon.org/assurance/aac.html

  7. FICAM Trust Framework Providers • Identity Credential and Access Management Subcommittee • Federal CIO Council • Information Security and Identity Management Committee • Trust Framework Provider Adoption Process (2009) • Comparability assessment • 800-63 as basis for LoA requirements. Incorporates previous work done by the Feds as well under E-Authentication Initiative • Privacy, organizational maturity, legal status, authority for InCommon and for InCommon to assess for IdP Operators • Web SSO SAML2 Profile: Over the wire • Trust Framework Providers • InCommon, Kantara, OIX, Safe/BioPharma

  8. InCommon’s History with FICAM • 2009-2010 • Spring - 1.0 begun review by FICAM. Community implememtatino begun. • Fall - Refining of Silver begun due to community feedback • 2011 • Spring – 1.1 Reviewed and approved by community • Fall – FICAM asks for Simplified Bronze. InCommon develops 1.2. • 2012 • Spring – 1.0 and InCommonfullly approved TFP. 1.2 reviewed and approved by community. InCommonsubmits1.2 to FICAM for their approval. • Est. 2013 • January – 1.2 approved by FICAM.

  9. What’s the hold up? This is a new audit! • Federal availability • FICAM program evolving • Negotiating on behalf of Higher Ed • Changes reflected in 1.2 requires resubmission for the spec • Big pic items

  10. Alternative Means • IAAF 1.1: “From time to time, InCommon may identify alternative means developed by experts from the Research & Higher Education sector as specifying means that are comparable or superior to identified requirements in one or more of its IAPs. “ • Page 2: “Normative criteria to be used in an assessment process are expressed in separate Identity Assurance Profile and approved alternative means documents.”

  11. Who’s Spec is it Anyway? • Hot potato • Time and Trust • How do we evaluate these things? • Who gets to say? • Where will this show up? • Authentication technologies: multifactor • Cryptography: AD Silver Cookbook • Identity proofing: knowledge-based

  12. Other Big Pics: Where we are… • Bronze audit and no-audit option • Bronze and 4.2.4 Credential Issuance and Management • Bronze and protection of PII • Registration and Credential Records Retention – 7.5 years • Approved Algorithm – Alternative Means • Scope: Profiles are password only – Alternative Means

  13. What’s Next? • Develop Process for Alternative Means with Assurance Advisory Committee • Continue discussion to work through a couple detailed questions • Work on FICAM approval expected January 2013 • Publish FICAM-approved spec for community review • Announce implementation extravaganza and programs!

More Related