Your SlideShare is downloading. ×
0
Introduction
United States Department of Commerce
National Institute of Standards and Technology
Paul Grassi, CISSP
Senior...
Standards and Technology Landscape
Well-­‐rounded	
  pilots	
  hi<ng	
  diverse	
  user	
  set	
  
Government	
  adop@on	
...
NIST Coverage in Key Identity Services
Key	
  
No	
  coverage	
  
Par@al	
  coverage,	
  to	
  
include	
  other	
  D/A	
 ...
Where We Will Focus in FY14/15
ü  Codify	
  privacy	
  
enhancing	
  profiles	
  
ü  Enhance/Establish	
  
‘standard’	
  ...
Identity Assurance – What would you think if?
De-­‐coupled	
  proofing	
  strength	
  from	
  
authen@ca@on	
  strength?	
 ...
Attributes – What Needs to Happen?
Iden@fy	
  and	
  establish	
  market-­‐enhancing	
  aDribute	
  best	
  prac@ces,	
  g...
The Need for a Privacy Profile
BrokerAuthen@ca@on	
  Request	
  
Authen@ca@on	
  Request	
  
Response	
  +	
  
Encrypted	
...
Contact Information
United States Department of Commerce
National Institute of Standards and Technology
Paul Grassi, CISSP...
Upcoming SlideShare
Loading in...5
×

CIS14: NIST and NSTIC (New Directions in Identity)

367

Published on

Paul Grassi

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
367
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "CIS14: NIST and NSTIC (New Directions in Identity)"

  1. 1. Introduction United States Department of Commerce National Institute of Standards and Technology Paul Grassi, CISSP Senior Standards and Technology Advisor, NSTIC Information Technology Laboratory 1401 Constitution Ave. NW, Rm. 2069 Washington, DC 20230 W: 202.482.8349 M: 703.786.8275 Email: paul.grassi@nist.gov Background   Role  @   NIST   Approach  
  2. 2. Standards and Technology Landscape Well-­‐rounded  pilots  hi<ng  diverse  user  set   Government  adop@on   Market  Discovery   ADribute  Providers   Internet  of  Things   Consumer-­‐Centric   Deployment  Costs   Standards  Gaps   Embedded  Privacy   Iden@fica@on  of  policy  and  technical  overlays   NSTIC   Launch   IDE   Sustaining   2012   2013   2014   2015   Envision  It!?   True  Interoperability  
  3. 3. NIST Coverage in Key Identity Services Key   No  coverage   Par@al  coverage,  to   include  other  D/A   documenta@on   Full  coverage   Needs  refreshing  
  4. 4. Where We Will Focus in FY14/15 ü  Codify  privacy   enhancing  profiles   ü  Enhance/Establish   ‘standard’  to   establish  confidence,   trustworthiness,  and   privacy  preserva@on   (zero  knowledge,   derived,  minimal   disclosure)   ü  Address  portability  of   preferred  creden@als   and  relying  party   accounts   ü  Revisit  and  retool   exis@ng  standards  to   address  current   market  state  and  flex   to  innova@on   ü  Develop  new   standards  that   increase  IE   par@cipa@on   ü  Increase  par@cipa@on   in  commercial  open   standards   ü  Mobility,  Cloud,   Shared  Services   ü  Simplify,  accelerate,   and  reduce  the  cost   of  ICAM   implementa@ons   ü  Focus  beyond  the   PIV   ü  Establish  RP  toolkits   ü  Iden@fy  and  foster   innova@on  from   untapped  sources   ü  Elevate  non-­‐person   en@@es  into  the   forefront  of  the  IDE/ ICAM  discussion   ü  Non-­‐intrusive   security  model   ü  Con@nuous   monitoring  and   assessment  
  5. 5. Identity Assurance – What would you think if? De-­‐coupled  proofing  strength  from   authen@ca@on  strength?   NIST  just  measured  authen@ca@on   performance/strength/usability?   Got  rid  of  LOA?   What  else  could  we  do  to  turn  these   docs  on  their  head  to  enhance  the  IE?   Developed  private  sector  companion   to  800-­‐63?  
  6. 6. Attributes – What Needs to Happen? Iden@fy  and  establish  market-­‐enhancing  aDribute  best  prac@ces,  guidelines,  and  standards  to   communicate  the  veracity  and  trustworthiness  of  aDributes  to  relying  par@es  or  iden@ty  and   access  management  service  or  func@on.   Meta-­‐ ADribute   Confidence/ Assurance   Liability   Security  and   Privacy   Governance   Exchange   Informs   Dependent   Standards   Performance   Metrics   Risk  Tolerance   Market   ADribute   Registries   Focal  
  7. 7. The Need for a Privacy Profile BrokerAuthen@ca@on  Request   Authen@ca@on  Request   Response  +   Encrypted  ADributes   Double  Blind   Architecture   Relying   Party   CSP   User  Consent   ADribute   Provider   Response  +   Encrypted  ADributes   1   CSP/AP  can’t  know  the  RP   2   Broker  can’t  see   the  a?ributes   3   Standard  and  Protocol  AgnosBc   4   RP  can’t  know  CSP   5   Minimal  Changes  to  Infrastructure   (but  we  may  soJen  this  requirement)  
  8. 8. Contact Information United States Department of Commerce National Institute of Standards and Technology Paul Grassi, CISSP Senior Standards and Technology Advisor, NSTIC Information Technology Laboratory 1401 Constitution Ave. NW, Rm. 2069 Washington, DC 20230 W: 202.482.8349 M: 703.786.8275 Email: paul.grassi@nist.gov
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×