Kantara May 2012

Trust Frameworks: Tools to build Identity Ecosystems It takes a village! support@kantarainitiative.org

Agenda:• Overview of Kantara Initiative• Federation and Trust Frameworks• Identity Assurance Framework• Accreditation / Certification• Next Steps2012 Kantara Initiative - Trust Frameworks: A Global Context 2

Kantara Initiative: Overview Values• Trust: Operating Accreditation, Approval and Certification programs to ensure trusted network environments are available to support generative growth within the Internet.• Privacy: Developing solutions for secure, identity-based, privacy-respecting online interactions.• Community: Bridging technology and policy requirements to enable verified trust in online identity credentials and services.2012 Kantara Initiative - Trust Frameworks: A Global Context 3

Kantara Initiative: Overview Federation, Compliance, and Interoperability Kantara Builds Bridges Focusing on trust harmonization by developing compliance criteria based on requirements of end- users, relying parties and identity providers. Operating compliance programs for multiple solutions that fit a variety of requirements and jurisdictions.2012 Kantara Initiative - Trust Frameworks: A Global Context 4

TrusteesGovernment Facing Government of Canada Credential Services Verticals - Health, Telco, Entertainment, Finance Audit and TestingResearch and EducationTechnical and User Community Organizations

Kantara Initiative: Overview Governance Model Board of Trustees Assurance Leadership Review Board Council Interoperability Consists of: Work Review Board and Discussion Group Operates Compliance Leadership Programs Develops Requirements and Practices2012 Kantara Initiative - Trust Frameworks: A Global Context 6

Kantara Initiative: Overview Liaisons and Governments• ISO: 29115, 29100, 29191, 27001, 27002, etc• ITU-T: X.1254 (was X.EAA), OITF• OASIS: eGovernment, SAML SSTC, PMRM, etc• OECD Internet Technical Advisory Committee (ITAC)• Governments • Providing neutral forum for Government Programs and Agencies to share information and identify common goals • Performing confidential and non-confidential program reviews upon request for specific international governments and government agencies2012 Kantara Initiative - Trust Frameworks: A Global Context 7

Kantara Initiative: Overview Work and Discussion Groups KANTARA INITIATIVE WORK AND DISCUSSION GROUPS POLICY JURISDICTION USER-FOCUSED WORK & DISCUSSION GROUP ACRONYMS: • (AM) Attribute Management • (BCTF) Business Cases for Trusted FederationseGOV AM Consumer eGOV • (Consumer ID) Consumer Identity ID • (eGOV) eGovernment • (FI) Federation Interoperability HIA P3 HIA InfoShare • (HIA) Heath Identity Assurance • (IA) Identity Assurance • (Info Sharing WG) Information Sharing InfoShare • (Japan) JapanIA WG JAPAN UMA • (P3) Privacy and Public Policy • (Telco ID) Telecommunication Identification • (UMA) User Managed Access TELCO ID AM 2012 Kantara Initiative - Trust Frameworks: A Global Context 8

Kantara Initiative: Overview Groups and Programs KANTARA INITIATIVE PROGRAMS WORK & DISCUSSION GROUP ACRONYMS: NON- COMPLIANCE and CERTIFICATION • (BCTF) Business Cases for Trusted CERTIFICATION Federation • (eGOV) eGovernmentINTEROPERABILITY ASSURANCE HARMONIZATION • (FI) Federation InteroperabilityInterop Review Board (IRB) Assurance Review Board (ARB) User-Centric, Jurisdiction and • (IOP) Interoperability Vertical Based• Certification, Verification • Certification • (HIA) Heath Identity Assurance• Tools, Demos • Accreditation • (IA) Identity Assurance • (Info Sharing) Information Sharing HIA Consumer ID • (OSSI) Open Source Strategic Initiative • (P3) Privacy and Public Policy eGOV IA Japan • (Consumer ID) Consumer Identity • (Japan) Japan • (Telco ID) Telecommunication InfoShare Telco ID Identification FI • (UMA) User Managed Access P3 UMA OSSI 2012 Kantara Initiative - Trust Frameworks: A Global Context 9

Federation and Trust Frameworks What does Federation look like? Identity BANK Authentication Provider Trust INSURANCE Service COMPANY Access Service Provider2012 Kantara Initiative - Trust Frameworks: A Global Context 10

Kantara Initiative: Overview What does a Trust Framework look like?Relying Parties / End-Users Rules • Process • Policy Input Kantara and Requirements • Practice end-user in to Kantara stakeholders • Privacy develop criteria Groups / sectors who for assessment Tools share common • OpenID requirements to enable trust in identity systems. • SAML • SmartCard • OAuth2.0 • Other Trust Kantara Accredited Assessors perform assessments 2012 Kantara Initiative - Trust Frameworks: A Global Context 11

Kantara Initiative: Overview What does a Trust Framework look like? Input Kantara andRelying Parties Requirements Criteria for IdP / end-user & in to Kantara stakeholders CSP Assessment End-Users develop criteria to verify Trust for assessment Trust Kantara Accredited Assessors perform assessments 2012 Kantara Initiative - Trust Frameworks: A Global Context 12

Federation and Trust Frameworks Leveraging Scale-Free Networks“Inter-Federation”Trust Frameworks enable inter-Federation- Connecting Federations- Leveraging Scale-Free Networks 2012 Kantara Initiative - Trust Frameworks: A Global Context 13

Federation and Trust Frameworks Target Audience & Value PropositionTarget Audience• Enable End-users (Enterprise, Governments, Verticals, Communities) to trust credentials proofed and issued by Identity Providers / Credential Service ProvidersValue Proposition• Increased security• Compliance with laws, regulations, and standards• Improved interoperability• Enhanced customer service• Elimination of redundancy• Increase in protection of Personally Identifiable Information (PII)2012 Kantara Initiative - Trust Frameworks: A Global Context 14

Federation and Trust Frameworks Based on Levels of Assurance : Illustrated2012 Kantara Initiative - Trust Frameworks: A Global Context 15

Trust Framework Model Trust Status Assessment Listing Service Verification Registration InterestedCertification Parties Process Trust Status Listing Service, Registry, White List2012 Kantara Initiative - Trust Frameworks: A Global Context 16

Identity Assurance Framework: DocumentsNote: a Trust Frameworkmay apply specific profiles IAF 1000 - Overviewfor specific Technology Overview of of the IAF documents and structureand Privacy Constraintsused to achieve Levels ofAssurance IAF 1100 - Glossary Glossary of terms used in the IAF documents IAF 1200 – Levels of Assurance Overview in detail of the Levels of Assurance IAF 1300 – Assurance Assessment Scheme Process of how the Assurance Program operates IAF 1400 – Service Assessment Scheme Criteria that a Service will need to provide compliance to for Service Approval at the different Levels of Assurance IAF 1600 – Assessor Qualifications and Requirements Qualifications that an Assessor must prove to become Accredited to perform IAF assessments 2012 Kantara Initiative - Trust Frameworks: A Global Context 17

Identity Assurance Framework: Actors KANTARA INITIATIVE IAF APPROVED APRIL 2010 http://kantarainitiative.org/confluence/x/e4R7Ag CREDENTIAL FEDERATION IDENTITY ASSURANCE ASSESSORS SERVICE PROVIDERS OPERATORS FRAMEWORK 2.0 MAP NON-NORMATIVE:Get accredited by Get assessed by a Define criteria for identityKantara as an assessor Kantara Accredited assurance for their • (IAF 1000) Overviewagainst the IAF 1600 AQR Assessor for IAF federation • (IAF 1100) Glossary certification against the • (IAF 1200) Assurance LevelsLeverage demonstrable IAF 1400 SACs Map policy against IAFcompetencies to expedite SAC and IAF profiles NORMATIVE:certification Submit certification • (IAF 1300) Assurance Assessment application to Kantara’s Accept or recommend Scheme Assurance Review Board IAF certification to its (ARB) • (IAF 1400) Service Assessment constituents Criteria Obtain and maintain • (IAF 1600) Assessor Qualifications compliance and & Requirements certification 2012 Kantara Initiative - Trust Frameworks: A Global Context 18

Kantara Trust Framework Trust Status Published to: Board of Trustees Assurance Review Reviews & Verifies External Assessment Board (ARB) Identity Assurance Manages the Set of IAF Documents Work Group (IAWG) Identity Assurance Framework (IAF) Complete Set of IAF Documents Assurance Assessor Service Assessment Qualifications & Assessment Core IAF Document Set Scheme Requirements Criteria (AAS) (AQR) (SAC)2012 Kantara Initiative - Trust Frameworks: A Global Context 19

Kantara Trust Framework Board of Trustees Assurance Review Reviews & Verifies External Assessment Board (ARB) Identity Assurance Manages the Set of IAF Documents Work Group (IAWG) Identity Assurance Framework (IAF) Complete Set of IAF Documents Assurance Assessor Service Assessment Qualifications & Assessment Core IAF Document Set Scheme Requirements Criteria (AAS) (AQR) (SAC)2012 Kantara Initiative - Trust Frameworks: A Global Context 20

Multiple Trust Frameworks• Technical • SAML + Others • OpenID • OAuth2.0• Verticals • Healthcare • Banking • Entertainment• Jurisdictions • National Governments • Local Governments2012 Kantara Initiative - Trust Frameworks: A Global Context 21

Kantara Trust Framework: ProgressKantara Accredited to LoA 1-4 Kantara Approved to LoA 3 non-crpyto Verizon Universal Identity Service (VUIS)* * ICAM Trust Framework Approval Registered Applicants • Accreditation: • Service Approval: 2012 Kantara Initiative - Trust Frameworks: A Global Context 22

Trust Framework Profiles Common, Well-Vetted Complete Assessment Foundation Criteria Core Technical Privacy Final Framework Profile Profile Framework Specific Technical Specific Policy / Deployment Rules Regulation Rules2012 Kantara Initiative - Trust Frameworks: A Global Context 23

Building on the Core• Identity Assurance: Building in service module approach enabling Identity Proofing, Credential Management and Organizational component assessments• Privacy Assurance: Building upon the Kantara US Federal Privacy Profile the Privacy and Public Policy (P3) WG is building Privacy Assessment Criteria (PAC) for audit controls applied in a Privacy Assessment.• Attribute Management (AM) Assurance: Performed landscape review of varying AM standards and development activities in Identity focused communities2012 Kantara Initiative - Trust Frameworks: A Global Context 24

Status and Lessons Learned• Status: • Operational SAML Framework • Operational Organization • Approved for US Government Use through LOA 3 • Referenced by eGov communities including Canada, New Zealand, Sweden • Assessments in progress • International Partners• Lessons Learned So Far: • Need Additional Members, Participants, and Customers • Need Additional Technical Frameworks • Need Additional Levels of Assurance • Need Additional Privacy Profiles2012 Kantara Initiative - Trust Frameworks: A Global Context 25

Shaping the Future of Digital Identity• Kantara Initiative Website: • http://kantarainitiative.org• Community Mail List: • http://kantarainitiative.org/listinfo/community• Assurance Certification Center: • http://kantarainitiative.org/confluence/x/EYCYAQ• Membership Documents: • http://kantarainitiative.org/wordpress/membership/ 2012 Kantara Initiative - Trust Frameworks: A Global Context 26

Thanks!Questions? •Kantara Executive Director: Joni Brennan joni @ kantarainitiative.org •General Inquiries: support @ kantarainitiative.org

http://kantarainitiative.org	3115
http://beta.kantarainitiative.org	47
https://kantarainitiative.org	8
http://translate.googleusercontent.com	6
http://207.46.192.232	1
http://www.linkedin.com	1

Kantara May 2012

by kantarainitiative

Accessibility

Categories

Upload Details

Usage Rights

6 Embeds 3,178

Statistics

Kantara May 2012 Presentation Transcript