OpenID Foundation iGov Working Group Update - October 22, 2018

•Download as PPTX, PDF•

0 likes•1,133 views

OpenID Foundation iGov Working Group update presented by Paul Grassi (Easy Dynamics) and Bjorn Hjelm (Verizon) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.

Technology

iGov WG
October 22, 2018
Paul Grassi
Easy Dynamics
Adam Cooper
Next ID
John Bradley
Yubico
http://openid.net/wg/igov/

iGov WG Status
Both iGov Profiles out for Implementer’s Draft
vote.
Vote YES!
Long Overdue!

Next Steps
We need an implementation
Vectors of Trust use cases
Attribute metadata specs

Why metadata?
01
02
03
Limitations in Assurance Levels
Attributes collected as part of identity proofing may not the same
assurance level of other attributes. In fact, for some attributes, assurance
is not even in play.
Use Cases Exist
Financial sector in US exploring metadata use cases for “Know your
customer.” International MNO and financial use cases in pilot.
Specifications Exist
NISTIR 8112 - https://pages.nist.gov/NISTIR-8112/NISTIR-8112.html. UK in
process of developing a metadata specification.

What's hot

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...

OpenIDFoundation

OpenID Foundation FastFed Working Group Update - 2017-10-16

MikeLeszcz

OpenID Foundation RISC WG Update - 2017-10-16

MikeLeszcz

MODRNA WG Update - Dec 2021

Bjorn Hjelm

OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update

MikeLeszcz

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...

OpenIDFoundation

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...

OpenIDFoundation

An Overview of the interface of MODRNA and GSMA Mobile Connect

Bjorn Hjelm

OpenID Foundation MODRNA WG Overview

Bjorn Hjelm

OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion

MikeLeszcz

OpenID Foundation Research & Education Working Group Update - October 22, 2018

OpenIDFoundation

An overview of the interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile Connect presentation as part of "International Identity Standards – Innovation in Government & Global Interoperability" on September 20, 2016, at Global Identity Summit 2016. More details at https://events.afcea.org/GlobalID16/Public/Content.aspx?ID=61320&sortMenu=102002 and https://events.afcea.org//GlobalID16/CUSTOM/pdf/innov-in-federation.pdf.

OpenID Connect: The Mobile Profile

Bjorn Hjelm

OpenID Foundation MODRNA WG overview at EIC 2019

Bjorn Hjelm

Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG

Bjorn Hjelm

MODRNA WG update - OpenID Foundation Workshop at EIC 2021

Bjorn Hjelm

Client-side applications are becoming an increasingly popular technology to build applications owing to the advanced user experience that they provide consumers. Authentication and API authorization for these applications are also becoming equally popular topics that many developers have a hard time getting their heads around. Check these slides, where Johann Nallathamby, Head of Solutions Architecture for IAM at WSO2, will attempt to demystify some complexities and misconceptions surrounding this topic and help you better understand the most important features to consider when choosing an authentication and API authorization solution for client-side applications. These slides will review: - The broader classification of client-side applications and their legacy and more recent authentication and API authorization patterns - Sender-constrained token patterns - Solution patterns being employed to improve user experience in client-side applications

[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...

WSO2

The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication. Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more. In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.

NIST 800-63 Guidance & FIDO Authentication

FIDO Alliance

Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624

Jean-François LOMBARDO

To view recording of this webinar please use the below URL: http://wso2.com/library/webinars/2016/06/enterprise-security-requirements/ Meeting enterprise security requirements has now become challenging due to development of orthogonal aspects. Systems are diverse because a single vendor can’t cater to all these needs. Some enterprise also introduce public SaaS in addition to their internal on-premise system. APIs are used to make data in these systems readily available in order to integrate with other systems and automate processes. Identity and access management (IAM) systems are expected to provide centralized authentication and authorization despite the increase in complexity of data, systems and identities. This webinar will discuss how to Enable SSO for heterogeneous systems Handle different types of enterprise identities Protect your data and APIs Implement centralized authorization and authentication management

Enterprise Security Requirements

WSO2

apidays LIVE Australia 2021 - Levelling up database security by thinking in A...

apidays

What's hot (20)

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...

OpenID Foundation FastFed Working Group Update - 2017-10-16

OpenID Foundation RISC WG Update - 2017-10-16

MODRNA WG Update - Dec 2021

OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...

An Overview of the interface of MODRNA and GSMA Mobile Connect

OpenID Foundation MODRNA WG Overview

OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion

OpenID Foundation Research & Education Working Group Update - October 22, 2018

OpenID Connect: The Mobile Profile

OpenID Foundation MODRNA WG overview at EIC 2019

Overview of the OpenID Foundation's Mobile Profile of OpenID Connect MODRNA WG

MODRNA WG update - OpenID Foundation Workshop at EIC 2021

[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...

NIST 800-63 Guidance & FIDO Authentication

Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624

Enterprise Security Requirements

apidays LIVE Australia 2021 - Levelling up database security by thinking in A...

Similar to OpenID Foundation iGov Working Group Update - October 22, 2018

Mulin Holstein PKI-strategy

fEngel

IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...

IRJET Journal

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

Cohesive Networks

https://ssimeetup.org/pan-canadian-trust-framework-pctf-ssi-tim-bouma-webinar-59/ We are very proud to release a special webinar to introduce the next chapter of the “Self-Sovereign Identity Book” from two of the most eminent authorities on digital identity in government: Tim Bouma and Dave Roberts, senior public servants with the Government of Canada and major contributors to the Pan-Canadian Trust Framework (PCTF). In this chapter, Tim and Dave explain the PCTF model and how it maps to the SSI model and the Trust over IP (ToIP) stack. This webinar describes how a world leader in digital identity (which Canada has been for two decades) sees the opportunity in the new decentralized identity model represented by SSI (Self-Sovereign Identity).

The Pan-Canadian Trust Framework (PCTF) for SSI

SSIMeetup

Public Sector Profile of the Pan-Canadian Trust Framework

Tim Bouma

The CMMC, NIST 800-171, and ISO/IEC 27001 frameworks include the application of a structured approach to cybersecurity and a formal risk assessment process, and the implementation of customized security controls. However, each of them has a distinct scope. The webinar covers • US legislative overview, impacts and update in NIST adoption • Weaving together NIST PF and NIST 800-171 • Quick definitions for CMMC / 27001 / 800-171 • Common scope elements between CMMC / 27001 / 800-171 • Differences in scope between CMMC / 27001 / 800-171 • When to implement each of the three • How these three can support each other • The link between these three and cyber insurance • How each of these is used to measure and implement compliance Presenters: Anthony English One of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance. George Usi George Usi is the CEO of Omnistruct Inc, a GaaS (cyber Governance as a Service) company with a vision to be the safety airbag of cyber risk and compliance. After more than twenty-five years in internet open standards, networking, and security, George recognized that getting hacked in an Internet-delivered world was a matter of when. He also recognized that cyber laws with the potential of steep fines for business leaders who neglect to illustrate cyber security diligence would evolve with more aggressive sanctions in arrears of hacker success. So, he ideated a goal to eliminate cyber risk and set a mission for Omnistruct to be the “safety airbag” of cyber compliance. With a continuous audit and documentation approach, business owners can protect consumer privacy rights when they ideate, illustrate, and continuously measure their cyber posture using a new US guideline in cyber risk developed by NIST. George attended California State University Chico, is a graduate of California State University Sacramento and a graduate of the Stanford Latino Executive Initiative (SLEI-ed) and Latino Business Action Network (LBAN) Graduate School of Business certificate program. ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701 Webinars: https://pecb.com/webinars Articles: https://pecb.com/article Whitepapers: https://pecb.com/whitepaper

CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know

PECB

NISTIR 8202 Blockchain Technology Overview Dylan Yaga Peter Mell Nik Roby Karen Scarfone This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 NISTIR 8202 Blockchain Technology Overview Dylan Yaga Peter Mell Computer Security Division Information Technology Laboratory Nik Roby G2, Inc. Annapolis Junction, MD Karen Scarfone Scarfone Cybersecurity Clifton, VA This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 October 2018 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology National Institute of Standards and Technology Internal Report 8202 66 pages (October 2018) This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications. Comments on this publication may be submitted to: National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930 Email: [email protected] All comments are subject to release under the Freedom of Information Act (FOIA). https://csrc.nist.gov/publications mailto:[email protected] NISTIR 8202 BLOCKCHAIN TECHNOLOGY OVERVIEW ii This publication is available free of charge from : https://doi.org/10.6028/N IST.IR .8202 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and st ...

NISTIR 8202 Blockchain Technology Overview Dyla.docx

vannagoforth

IRJET- An Approach to Authenticating Devise in IoT using Blockchain

IRJET Journal

Security and Privacy in IoT and Cyber-physical Systems

Bob Marcus

Nist.ir.8202

IT Strategy Group

The State of FIDO

FIDO Alliance

Blockchain technology overview

RishabhMalik32

Authentication and Privacy in Cloud

Mphasis

Micro segmentation and zero trust for security and compliance - Guardicore an...

YouAttestSlideshare

OpenChain Mini-Summit May 2023

Shane Coughlan

IRJET-Securing Electronic Health Records using Blockchain

IRJET Journal

Uploaded as a courtesy by: Dave Sweigert NIST Special Publication 500-293: US Government Cloud Computing Technology Roadmap ◾ Vol. I, Rel. 1.0 (Draft) (High-Priority Requirements to Further USG Agency Cloud Computing Adoption) (Dec. 1, 2011) (full-text) ◾ Vol. II Rel. 1.0 (Draft) (Useful Information for Cloud Adopters) (Dec. 1, 2011) (full-text). ◾ Vol. III (First Working Draft) (Technical Considerations for USG Cloud Computer Deployment Decisions) (Nov. 3, 2011) (full-text). Overview Edit Volume I Edit Volume I is aimed at interested parties who wish to gain a general understanding and overview of the background, purpose, context, work, results, and next steps of the U.S. Government Cloud Computing Technology Roadmap initiative. It frames the discussion and introduces the roadmap in terms of: ◾ Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption; ◾ Interoperability, portability, and security standards, guidelines, and technology that must be in place to satisfy these requirements; and ◾ Recommended list of Priority Action Plans (PAPs) as candidates for development and implementation, through voluntary self-tasking by the cloud computing stakeholder community, to support standards, guidelines, and technology development.

NIST Special Publication 500-293: US Government Cloud Computing Technology R...

David Sweigert

The new model for stronger, simpler online authentication has implications beyond businesses and their consumers, including government policy and applications. FIDO authentication was designed with security and privacy at the forefront, making it a natural complement for government initiatives in these areas. Explore FIDO's role in policy, what the Alliance is doing in policy and how governments are working to implement FIDO authentication.

Strong Authentication Trends in Government

FIDO Alliance

Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud

IRJET Journal

IRJET- Blockchain for Large-Scale Internet of Things Data Storage and Protection

IRJET Journal

Similar to OpenID Foundation iGov Working Group Update - October 22, 2018 (20)

Mulin Holstein PKI-strategy

IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

The Pan-Canadian Trust Framework (PCTF) for SSI

Public Sector Profile of the Pan-Canadian Trust Framework

CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know

NISTIR 8202 Blockchain Technology Overview Dyla.docx

IRJET- An Approach to Authenticating Devise in IoT using Blockchain

Security and Privacy in IoT and Cyber-physical Systems

Nist.ir.8202

The State of FIDO

Blockchain technology overview

Authentication and Privacy in Cloud

Micro segmentation and zero trust for security and compliance - Guardicore an...

OpenChain Mini-Summit May 2023

IRJET-Securing Electronic Health Records using Blockchain

NIST Special Publication 500-293: US Government Cloud Computing Technology R...

Strong Authentication Trends in Government

Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud

IRJET- Blockchain for Large-Scale Internet of Things Data Storage and Protection

Recently uploaded

Manulife - Insurer Transformation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

ICT role in 21st century education and its challenges

rafiqahmad00786416

Real Time Object Detection Using Open CV

Khem

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Recently uploaded (20)

Manulife - Insurer Transformation Award 2024

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ICT role in 21st century education and its challenges

Real Time Object Detection Using Open CV

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Ransomware_Q4_2023. The report. [EN].pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Data Cloud, More than a CDP by Matt Robison

Apidays New York 2024 - The value of a flexible API Management solution for O...

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

MS Copilot expands with MS Graph connectors

Powerful Google developer tools for immediate impact! (2023-24 C)

OpenID Foundation iGov Working Group Update - October 22, 2018

1. iGov WG October 22, 2018 Paul Grassi Easy Dynamics Adam Cooper Next ID John Bradley Yubico http://openid.net/wg/igov/

2. Purpose Develop a security and privacy profile of the OpenID Connect and OAuth specifications. Enable standardized integration with public sector relying parties in multiple jurisdictions. Allow users to authenticate and share consented attribute information with public sector services across the globe. iGov

3. iGov Specifications • International Government Assurance Profile (iGov) for OAuth 2.0 – http://openid.net/specs/openid-igov-oauth2-1_0.html – Profiles the OAuth 2.0 protocol framework to increase baseline security, provide greater interoperability, and structure deployments applicable to consumer-to-government deployments. • International Government Assurance Profile (iGov) for OpenID Connect 1.0 – http://openid.net/specs/openid-igov-profile-1_0.html – Building on the OAuth 2.0 iGov profile, this spec. define an OpenID Connect profile that provides governments with a foundation for securing federated access to public services online.

4. iGov WG Status Both iGov Profiles out for Implementer’s Draft vote. Vote YES! Long Overdue!

5. Next Steps We need an implementation Vectors of Trust use cases Attribute metadata specs

6. Why metadata? 01 02 03 Limitations in Assurance Levels Attributes collected as part of identity proofing may not the same assurance level of other attributes. In fact, for some attributes, assurance is not even in play. Use Cases Exist Financial sector in US exploring metadata use cases for “Know your customer.” International MNO and financial use cases in pilot. Specifications Exist NISTIR 8112 - https://pages.nist.gov/NISTIR-8112/NISTIR-8112.html. UK in process of developing a metadata specification.

7. Issue Possible Mitigation(s) • Little to no governance. • No enforcement. • Trust framework services in doubt. • Draft NIST SP 800-53r5 changed use FICAM approved profiles to NIST approved profiles. • But, “NIST approved” isn’t defined. • OMB Draft Identity Memo could resolve this. It’s never too late to provide feedback. • NIST, or other designee, has to write a NISTIR defining the profile making process and how agencies can participate. Precedent example: https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.797 7.pdf. • Private-sector led value prop for agencies to adopt trust frameworks. • Lack of agency awareness.  Of technology.  Of open/public standards process.  Of comment process.  Of what ID an other states mean.  How/who gets to vote. Agencies are used to this type of material going through the CIO council for approval, not the private sector with a ‘single NIST’ vote. • Commitment to SAML. Opportunity(ies) • IT Modernization. • SSA transformation and S.2155 - Economic Growth, Regulatory Relief, and Consumer Protection Act, Section 215 – Reducing Identity Fraud. • IRS transformation. • Federal Student Aid loan processing RFP includes identity. Issues and Opps in US Gov iGov

8. Thank you http://openid.net/wg/igov/

OpenID Foundation iGov Working Group Update - October 22, 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to OpenID Foundation iGov Working Group Update - October 22, 2018

Similar to OpenID Foundation iGov Working Group Update - October 22, 2018 (20)

More from OpenIDFoundation

More from OpenIDFoundation (12)

Recently uploaded

Recently uploaded (20)

OpenID Foundation iGov Working Group Update - October 22, 2018