180 likes | 335 Views
Enabling Open Government Using the OIDF/ICF Open Trust Framework. OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation Drummond Reed, ED, Information Card Foundation. Topics. The Open Identity Solutions for Open Government Initiative Policy Foundation
E N D
Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID FoundationDrummond Reed, ED, Information Card Foundation
Topics • The Open Identity Solutions for Open Government Initiative • Policy Foundation • Understanding the U.S. Government Approach • Identity Schemes • Trust Frameworks • Open Identity Schemes • OpenID • InfoCards • Introducing the Open Trust Framework • Key Design Principles • Participant Roles • The Basic Workflow • Components of Specific Trust Framework • Next Steps/How to Get Involved
Goals of Open Identity Solutions for Open Government Program • Make Government more transparent to citizenry • Make it easier for citizenry to access government information • Avoid issuance of application-specific credentials • Leverage Industry credentials for Government use • Leverage Web 2.0 technologies • See presentation and document posted on http://www.IDmanagement.gov
Policy Foundation: OMB M04-04 • Risks
Policy Foundation: NIST Special Pub 800-63 • SP 800-63 Technical Guidance Assurance Level
US Government Approach • Adopt technologies in use by industry • “Identity Scheme Profiles” • Identity Scheme Adoption Process (ISAP)* • Adopt industry trust models • “Trust Framework Providers” • Trust Framework Provider Adoption Process (TFPAP)* • See documents posted on http://www.IDmanagement.gov
Open Identity Schemes: OpenID • OpenID • Open Source roots • OpenID Foundation serves as steward and provides necessary infrastructure • Used/supported by Google, Yahoo, Facebook, AOL, MySpace, Novell, Sun, etc. • 1 billion+ OpenID-enabled accounts • 40,000+ web sites support OpenID • ICAM Profile • Profile based on OpenID 2.0 • Requires SSL/TLS on all endpoints • Requires Directed Identity Approach • Requires pair-wise unique pseudonymous identifiers • Requires Short lived association handles
Open Identity Schemes: Information Cards • Information Card • Analogous to the cards you carry in wallet • Open Source & industry standards • Supported by Microsoft, Intel, Oracle, Novell, Equifax, Google, Citi, etc. • Built into MS Vista; option for XP • Lower rate of adoption than OpenID • ALs 1 thru 3; possibly AL 4 • ICAM Profile • Profile of Identity Metasystem Interoperability Document 1.0 (IMI) • Requires encryption of PII • Requires use of optional Private Personal Identifier (PPID) • Currently managed cards only
Trust Framework Adoption • The Open Identity Solution approach is to enroll industry trust frameworks • Specify relevant identity scheme profiles • Map Levels of Assurance (LOA) to requirements of NIST SP 800-63 • Incorporate privacy requirements • The GSA made an outreach to the OpenID Foundation, Information Card Foundation, InCommon, and Liberty/Kantara • Participating trust frameworks are being submitted under the ICAM Trust Framework Provider Adoption Process
The Open Trust Framework • Jointly developed by the OpenID Foundation and the Information Card Foundation • Reflects our common interests in providing a trust framework adapted to open identity technologies – technologies that: • Are open standards • Operate at Internet scale • Support user-controlled identity management • Do not presume any pre-existing trust relationships between identity providers and relying parties • A draft application was submitted to GSA on 8 September 2009 for review and feedback under the TFPAP • Currently being further revised to reflect GSA feedback and OIDF and ICF member review
Core Design Principles of the Open Trust Framework • Open to all identity providers • Open to any qualified auditor • Open to provider self-certification • Open to change and evolution
Participant Roles • Trust Framework Provider • OIDF and ICF in collaboration • OTF Administrator • Contractor to OIDF and ICF • Identity Providers • OpenID or Information Card providers desiring to serve the applicable trust communities • Auditors • Organizations who offer technology auditing and certification services as part of their business • Relying Parties • Do not participate directly in the first version of the Open Trust Framework, but may be involved in future versions
The Basic Workflow • Auditor Registration • OTF Administrator verifies qualifications • Identity Provider Certification • Provider self-certification is available to all provider • Self-certification is audited • OTF Administrator verifies the authenticity of the application • OTF Administrator provisions the certification metadata • Ongoing Operations • Updates to certification metadata • Quality assurance and quality control • Renewals • Trust framework revisions • Dispute Resolution
Components of a Specific Trust Framework • Purpose Statement • Auditor Registration Requirements • Identity Provider Certification Requirements • Identity Provider Self-Certification Form • Dispute Resolution Supplement
Next Steps • A pilot of both the ICAM OpenID and Information Card identity schemes is underway with the National Institute of Health • The two foundations are expanding our circle of collaboration on the Open Trust Framework • Harvard Berkman Center • Center for Democracy and Technology • We invite NIST and industry’s continued participation • Please contact us for more information • www.openid.net • www.informationcard.net