GTRI Presentation to

IDESG TFTMMatt Moyer11 Jun 2014

• Componentization of FICAM TFS into Trustmarks

• Sample FICAM Trustmark Definition

• Overview of Trustmark Issuance and Binding

Agenda

• Analyzed full set of FICAM TFS v2 requirements• Looked at LOA1 to LOA4

• Focused only on SAML identity scheme

• Componentized FICAM in conjunction with NIEF• Primary objective is maximal reuse of components

• Identified 41 total FICAM components (trustmarks)• 30 pertain to FICAM SAML IDPs

• Others pertain to FICAM RPs and BAE endpoints

• 32 can be reused within NIEF now

Componentization of FICAM TFS

List of FICAM TFS SAML IDP Trustmarks

FICAM LOA1 SAML IDP TIP

FICAM LOA2 SAML IDP TIP

FICAM Non-PKI LOA3 SAML IDP TIP

FICAM LOA4 SAML HoK IDP TIP

Organizational Trustmarks 2 (common)

LOA-Specific ID Trust Trustmarks 1 6 6 1

Privacy Trustmarks 1 5 (common)

Crypto Mgmt. Trustmarks 3 (common)

SAML Interop. Trustmarks 4 (common) 5

Attribute Profile Trustmarks 1 (common)

Required Trustmarks 11 19 19 16

Optional Trustmarks 1 2 2 1

Total Trustmarks 12 21 21 17

Some Stats…

NIEF Trustmark Count 82

Trustmarks Needed for GTRI Pilot 63

FICAM Trustmark Count 41

NIEF/FICAM Trustmark Overlap Count 32

Trustmarks Related to Security & Resilience 52

Trustmarks Related to Privacy 21

Trustmarks Related to Interoperability 48

Trustmarks Related to Cost-Effectiveness & Ease of Use 7

Total Trustmarks Identified (so far) 107

FICAM Stats in Context

A Sample Trustmark Definition(Partial Screen Shots of Components)

Trustmark Assessment Tool Process Flow

Trustmark Assessment Tool

Database

Trustmark Assessment

Tool

FICAM LOA 2 Authn

ProcessTD

Trustmark Provider

Trustmark Recipient

TrustmarkDefinitions

1. Load TDs intoAssessment Tool

2. Receive requestfor trustmark fromTrustmark Recipientcandidate

3. Perform assessmentof Trustmark Recipientcandidate

4. Store assessmentartifacts / evidencein database

5. Issue trustmark toTrustmark Recipient

Sample Screen Shot fromGTRI Trustmark Assessment Tool

NIEF Trustmark Issuance Process Flow

NIEFTrust Fabric

Registry

NIEF Trustmark Assessment Processes

Trustmark 1

Trustmark 2

Trustmark N

NIEF Trust Fabric Entry

Trustmark 1

Trustmark 2

Trustmark N

Signed by NIEF

NIEF Member Agency

(Trustmark Recipient)

Trustmark Assessment Tool

Trust Fabric Entry Editor

Trust Fabric RegistryManager Tool

NIEF Trustmark Usage Process Flow

NIEFTrust Fabric

Registry

Trustmark Relying Party

1. Query for trust fabric entrieswith required trustmarks,in accordance with local TIP

Trust Interoperability

Profile

2. Receive matching trust fabric entries

3. Installentriesin localproduct

Questions?