1 / 15

The National Institute Of Standards And Technology(NIST) Identity Management Program

The National Institute Of Standards And Technology(NIST) Identity Management Program. Jim Dray, IDMS Program Manager Identity Solutions Workshop & Symposium Arkansas State University, February 2007. NIST’s Role.

ranee
Download Presentation

The National Institute Of Standards And Technology(NIST) Identity Management Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The National Institute Of Standards And Technology(NIST) Identity Management Program Jim Dray, IDMS Program Manager Identity Solutions Workshop & Symposium Arkansas State University, February 2007

  2. NIST’s Role From automated teller machines and atomic clocks to mammograms and semiconductors, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology. Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department's Technology Administration. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST carries out its mission in four cooperative programs: 1. The NIST Laboratories, conducting research that advances the nation's technology infrastructure and is needed by U.S. industry to continually improve products and services; 2. The Baldrige National Quality Program, which promotes performance excellence among U.S. manufacturers, service companies, educational institutions, and health care providers; conducts outreach programs and manages the annual Malcolm Baldrige National Quality Award which recognizes performance excellence and quality achievement; 3. The Manufacturing Extension Partnership, a nationwide network of local centers offering technical and business assistance to smaller manufacturers; and 4. The Advanced Technology Program, which accelerates the development of innovative technologies for broad national benefit by co-funding R&D partnerships with the private sector. (This program is phasing out; no new awards are being made.) NIST has an operating budget of about $930 million and operates in two locations: Gaithersburg, Md., (headquarters—234-hectare/578-acre campus) and Boulder, Colo., (84-hectare/208-acre campus). NIST employs about 2,900 scientists, engineers, technicians, and support and administrative personnel. About 1,800 NIST associates complement the staff. In addition, NIST partners with 1,400 manufacturing specialists and staff at nearly 350 affiliated centers around the country.

  3. Background • NIST/ITL/Computer Security Division’s Smart Card Research Program initiated 1988 • Reprogrammable cards • Data Encryption Standard • Digital Signature Standard (PKI) • Government Smart Card Program • May 2000 • General Services Administration’s Smart Access Common ID Card contract • NISTIR 6887: Government Smart Card Interoperability Specifications • Homeland Security Presidential Directive 12 • August 2004 • Standardize and improve the security of Federal employee and contractor identification • Personal Identity Verification Program • Commerce Dept. (NIST) responsible for technical architecture and standards • Federal Information Processing Standard 201 and associated Special Publications

  4. What Is An IDMS? An Identity Management System is any system that creates, issues, uses, and terminates electronic identities. In other words, an Identity Management System provides lifecycle management for the digital credential sets that represent electronic identities.

  5. What Is The Problem? A recent Better Business Bureau survey1 estimates that the cost of identity fraud will reach $56.6 billion in the U.S. 2006. This is just the tip of the iceberg, because the survey does not address other factors such as the loss of consumer confidence, and risks associated with failure to identify terrorists crossing U.S. borders. Despite this, modern identity management systems are evolving as islands with minimal interoperability. This leads to an unmanageable proliferation of electronic identities. 1http://www.javelinstrategy.com/research

  6. Limitations Of Current Practice “Many entities in the private and public sectors across the world are working on IDM. The fact that any research on ‘identity management’ leads to an over-dose of technical and business, legal, sociological, and policy information and approaches suggests that there is already much duplication of efforts and possibly not enough cooperation and synthesis, at least at the international level.” BACKGROUND PAPER ON DIGITAL IDENTITY MANAGEMENT (OECD Working Party on Information Security and Privacy, October 2006)

  7. Observations From The Porvoo 10 Meeting • 2005 Manchester Ministerial Directive: The EU will have interoperable eID systems by 2010 • CEN standards for European Citizen Card, ISO 24727 • Member states at different stages of deployment, heterogeneous approaches • Huge identity federation problem! • Lack of understanding of IDMS and federation models • Microsoft WS-* Web Services • Shibboleth • Liberty Alliance • TLS/X.509 (Italy) http://www.porvoo10.net

  8. Identity Management Systems Program • Part of the NIST Information Technology Laboratory reorganization • Three new ITL program areas • Complex Systems • Information Sharing, Discovery and Use • Identity Management Systems • Official program start date October 2006

  9. IDMS Program Vision Apply core ITL competencies in measurement science and standards development to improve identity management technology and promote widespread use of secure, scalable, and manageable electronic identification systems.

  10. IDMS Program Projects FY07-08 • Personal Identity Verification(PIV) • ISO 24727 • Biometrics • Global eID • Non-human identification

  11. What Is Unique About Our Approach? • Data collection and analysis • Many worked examples • Clarify use cases • Common IDMS models • Metrics and tests • Standards • Front end technologies • Biometrics • Smart cards and tokens • Architectures • Federation • ITL can help unify and integrate the IDMS world

  12. IDMS Program Benefits • Current identity-related work is scattered across ITL divisions • IDMS program integrates these efforts, provides a unified vision • Stronger focus on leveraging ITL core competencies to address the IDMS problem set • Single contact point for external interactions

  13. Themes And Long Term Plan • Front end identification technologies • Merge PIV and 24727 into a hardware token project • Continue biometrics work • IDMS architectures • Interoperability • Research • Collaborations with industry and academia • Standards, metrics and conformance testing • User control of personal information • NIST does not establish government policy

  14. Thoughts On The Future • Privacy • User control • Back end system controls, legal and procedural • Confusion between demographic info and ‘pure’ identity • Randomly generated bit string • Is my street address an identifier or a demographic attribute? • Credential classes • Universal credential set issued by a trusted party (driver’s license) • Compartmentalized credential sets issued by independent parties • Core credential set, augmented as needed on demand • Smart tokens • Can support many of the above requirements/scenarios • $: Physical tokens only represent a small percentage of the per-seat deployment and operational cost of an IDMS • Fine grained user control of electronic credentials stored on a token ultimately requires one unique shared authenticator per credential

  15. Thank You! Jim Dray Identity Management Systems Program Manager NIST Information Technology Laboratory james.dray@nist.gov, 301-975-3356

More Related