SlideShare a Scribd company logo

Rich furr 20111017 topics 2 & 3

•Download as PPTX, PDF•
•
Jamie Clark
Jamie Clark

Preso from SAFE-Biopharma's Rich Furr on standards relevant to e-identity: for IIW October 2011

TechnologyBusiness
1 of 9
NSTIC Day How does industry drive forward SAFE-BioPharma Association
Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. – PKI, non-PKI 2 SAFE-BioPharma Association
Assurance levels, “frameworks“, interparty liability OMB 04-04 – Level 1: Little or no confidence in the asserted identity’s validity – Level 2: Some confidence in the asserted identity’s validity – Level 3: High confidence in the asserted identity’s validity – Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level – Registration and identity proofing – Tokens – Token and credential management mechanisms – Protocols used to support the authentication mechanism between the Claimant and the Verifier – Assertion mechanisms 3 SAFE-BioPharma Association
Assurance levels, “frameworks“, interparty liability PKI – FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. – Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI – FICAM • Levels 1-3 4 SAFE-BioPharma Association
4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADS I Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
Non-PKI TFPs FICAM certified – LOA 1 – OIX – LOA 1-2 – InCommon – LOA 1-3 – Kantara In process – LOA 2-3 – SAFE-BioPharma Assn – Under TFET review 6 SAFE-BioPharma Association
Interparty Liability SAFE-BioPharma – Closed membership association – Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate – Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentials Other TFPs – Part of why we are here 7 SAFE-BioPharma Association
Authentication and credentials PKI is covered by the FBCA CP and CPS – Multiple certificate types – Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI – NIST SP 800-63 – Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens – Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI – LOA 1&2 – memorized secrets, pre-registered knowledge tokens – LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device – LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association

Recommended

38708257 fotosintesis2
38708257 fotosintesis238708257 fotosintesis2
38708257 fotosintesis2biocarmelianas
 
Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3cjharrington
 
I Minds2009 8 Seconds
I Minds2009 8 SecondsI Minds2009 8 Seconds
I Minds2009 8 Secondsimec.archive
 
I Minds2009 Tinkertouch
I Minds2009 TinkertouchI Minds2009 Tinkertouch
I Minds2009 Tinkertouchimec.archive
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...imec.archive
 
Mobile National Days 2011 english
Mobile National Days 2011 englishMobile National Days 2011 english
Mobile National Days 2011 english11 Prozent Communication
 
Matrix print
Matrix printMatrix print
Matrix printSofia Palawan
 
Maria ĂĄlvarez mĂşsica-inglĂŠs
Maria ĂĄlvarez mĂşsica-inglĂŠsMaria ĂĄlvarez mĂşsica-inglĂŠs
Maria ĂĄlvarez mĂşsica-inglĂŠsiesaguia
 

Recommended

38708257 fotosintesis2
38708257 fotosintesis238708257 fotosintesis2
38708257 fotosintesis2biocarmelianas
 
Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3cjharrington
 
I Minds2009 8 Seconds
I Minds2009 8 SecondsI Minds2009 8 Seconds
I Minds2009 8 Secondsimec.archive
 
I Minds2009 Tinkertouch
I Minds2009 TinkertouchI Minds2009 Tinkertouch
I Minds2009 Tinkertouchimec.archive
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...imec.archive
 
Mobile National Days 2011 english
Mobile National Days 2011 englishMobile National Days 2011 english
Mobile National Days 2011 english11 Prozent Communication
 
Matrix print
Matrix printMatrix print
Matrix printSofia Palawan
 
Maria ĂĄlvarez mĂşsica-inglĂŠs
Maria ĂĄlvarez mĂşsica-inglĂŠsMaria ĂĄlvarez mĂşsica-inglĂŠs
Maria ĂĄlvarez mĂşsica-inglĂŠsiesaguia
 
Ferias Em Africa 2
Ferias Em Africa 2Ferias Em Africa 2
Ferias Em Africa 2GrigorisTsountas
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalJamie Clark
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screenimec.archive
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsJamie Clark
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spreadguest03e64fb
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsJamie Clark
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtecimec.archive
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lecAFATous
 
Fotosintesis2
Fotosintesis2Fotosintesis2
Fotosintesis2biocarmelianas
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decockimec.archive
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategyimec.archive
 
G8 joomag comics3 (1)
G8 joomag comics3 (1)G8 joomag comics3 (1)
G8 joomag comics3 (1)Eduardo Sarabia Flores
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...imec.archive
 
Graph
GraphGraph
GraphSofia Palawan
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deusimec.archive
 
Sumo
SumoSumo
Sumoimec.archive
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialJamie Clark
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitimec.archive
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Pptimec.archive
 
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...Jamie Clark
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationJamie Clark
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Jamie Clark
 

More Related Content

Viewers also liked

Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalJamie Clark
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screenimec.archive
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsJamie Clark
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spreadguest03e64fb
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsJamie Clark
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtecimec.archive
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lecAFATous
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decockimec.archive
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategyimec.archive
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...imec.archive
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deusimec.archive
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialJamie Clark
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitimec.archive
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Pptimec.archive
 

Viewers also liked (19)

Ferias Em Africa 2
Ferias Em Africa 2Ferias Em Africa 2
Ferias Em Africa 2
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screen
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w comments
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spread
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w comments
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtec
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lec
 
Fotosintesis2
Fotosintesis2Fotosintesis2
Fotosintesis2
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategy
 
G8 joomag comics3 (1)
G8 joomag comics3 (1)G8 joomag comics3 (1)
G8 joomag comics3 (1)
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
 
Graph
GraphGraph
Graph
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus
 
Sumo
SumoSumo
Sumo
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficial
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visit
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Ppt
 

More from Jamie Clark

OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...Jamie Clark
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationJamie Clark
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Jamie Clark
 
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)Jamie Clark
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsJamie Clark
 
NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012Jamie Clark
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012Jamie Clark
 
Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Jamie Clark
 
Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateJamie Clark
 
Cathy Medich SC system standards
Cathy Medich SC system standardsCathy Medich SC system standards
Cathy Medich SC system standardsJamie Clark
 
EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831Jamie Clark
 
Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Jamie Clark
 
CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 Jamie Clark
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Jamie Clark
 
Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Jamie Clark
 
LISA OASIS-feb2011
LISA OASIS-feb2011LISA OASIS-feb2011
LISA OASIS-feb2011Jamie Clark
 
Potential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectPotential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectJamie Clark
 
Clark : Global process, local needs
Clark : Global process, local needsClark : Global process, local needs
Clark : Global process, local needsJamie Clark
 

More from Jamie Clark (18)

OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestation
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121
 
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012
 
Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011
 
Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-update
 
Cathy Medich SC system standards
Cathy Medich SC system standardsCathy Medich SC system standards
Cathy Medich SC system standards
 
EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831
 
Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13
 
CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008
 
Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011
 
LISA OASIS-feb2011
LISA OASIS-feb2011LISA OASIS-feb2011
LISA OASIS-feb2011
 
Potential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectPotential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards project
 
Clark : Global process, local needs
Clark : Global process, local needsClark : Global process, local needs
Clark : Global process, local needs
 

Recently uploaded

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Recently uploaded (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Rich furr 20111017 topics 2 & 3

  • 1. NSTIC Day How does industry drive forward SAFE-BioPharma Association
  • 2. Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. – PKI, non-PKI 2 SAFE-BioPharma Association
  • 3. Assurance levels, “frameworks“, interparty liability OMB 04-04 – Level 1: Little or no confidence in the asserted identity’s validity – Level 2: Some confidence in the asserted identity’s validity – Level 3: High confidence in the asserted identity’s validity – Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level – Registration and identity proofing – Tokens – Token and credential management mechanisms – Protocols used to support the authentication mechanism between the Claimant and the Verifier – Assertion mechanisms 3 SAFE-BioPharma Association
  • 4. Assurance levels, “frameworks“, interparty liability PKI – FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. – Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI – FICAM • Levels 1-3 4 SAFE-BioPharma Association
  • 5. 4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADS I Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
  • 6. Non-PKI TFPs FICAM certified – LOA 1 – OIX – LOA 1-2 – InCommon – LOA 1-3 – Kantara In process – LOA 2-3 – SAFE-BioPharma Assn – Under TFET review 6 SAFE-BioPharma Association
  • 7. Interparty Liability SAFE-BioPharma – Closed membership association – Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate – Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentials Other TFPs – Part of why we are here 7 SAFE-BioPharma Association
  • 8. Authentication and credentials PKI is covered by the FBCA CP and CPS – Multiple certificate types – Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI – NIST SP 800-63 – Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens – Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
  • 9. Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI – LOA 1&2 – memorized secrets, pre-registered knowledge tokens – LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device – LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association