identity assurance profiles and framework documents: peek into proposed ficam changes
DESCRIPTION
Identity Assurance Profiles and Framework Documents: Peek into Proposed Ficam changes. 12/12/12. Topics. Background Big pic Detailed pic. Program Basics: Documents. Identity Assurance Assessment Framework Identity Assurance Profiles Bronze (NIST Level 1) Silver (NIST Level 2 ) - PowerPoint PPT PresentationTRANSCRIPT
1
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS:PEEK INTO PROPOSED FICAM CHANGES
12/12/12
12/12/12
2
Topics• Background• Big pic • Detailed pic
12/12/12
Program Basics: Documents• Identity Assurance
Assessment Framework• Identity Assurance Profiles
• Bronze (NIST Level 1)• Silver (NIST Level 2)
• Assurance Addendum to the Participation Agreement
312/12/12
Program Basics: Assurance Advisory Committee (AAC)
What is the AAC, and what does it do?• Represents stakeholders in the assurance process:
IdPs, SPs, auditors• Oversight for program• Advisory to Steering • Assess applications, recommend approval (or denial) to
Steering• Recommend changes to documents or program
5
Program Basics: Assurance Advisory Committee (AAC)
Who is the AAC?• Tim Cameron, National Student Clearinghouse (SP)• Mary Dunker, Chair, Virginia Tech University (IdP)• Steve Devoti, University of Wisconsin-Madison (IdP)• 2nd Auditor• Jacob Farmer, Indiana University (member at large)• Chris Holmes, Baylor University (InCommon Steering)• Scott Koranda, University of Wisconsin-Milwaukee/LIGO (SP)• Steve Kurncz, Michigan State University (auditor)• Ann West, InCommon/Internet2 (InCommon staff)
12/12/12
6
Assurance Advisory Committee (AAC)
Ex-Officio (non-voting)• Marilyn McMillan, New York University (InCommon Steering)• Tom Barton, University of Chicago (InCommon TAC)• Renee Shuey, Penn State (InCommon TAC)• Jack Suess, UMBC (InCommon Steering)
For more information, visit
http://www.incommon.org/assurance/aac.html
12/12/12
7
FICAM Trust Framework Providers• Identity Credential and Access Management Subcommittee
• Federal CIO Council • Information Security and Identity Management Committee
• Trust Framework Provider Adoption Process (2009)• Comparability assessment
• 800-63 as basis for LoA requirements. Incorporates previous work done by the Feds as well under E-Authentication Initiative
• Privacy, organizational maturity, legal status, authority for InCommon and for InCommon to assess for IdP Operators
• Web SSO SAML2 Profile: Over the wire
• Trust Framework Providers • InCommon, Kantara, OIX, Safe/BioPharma
12/12/12
8
InCommon’s History with FICAM• 2009-2010
• Spring - 1.0 begun review by FICAM. Community implememtatino begun.
• Fall - Refining of Silver begun due to community feedback• 2011
• Spring – 1.1 Reviewed and approved by community • Fall – FICAM asks for Simplified Bronze. InCommon develops 1.2.
• 2012 • Spring – 1.0 and InCommon fullly approved TFP. 1.2 reviewed and
approved by community. InCommon submits1.2 to FICAM for their approval.
• Est. 2013 • January – 1.2 approved by FICAM.
12/12/12
9
What’s the hold up?
This is a new audit!• Federal availability• FICAM program evolving
• Negotiating on behalf of Higher Ed• Changes reflected in 1.2
requires resubmission for the spec
• Big pic items
12/12/12
10
Alternative Means• IAAF 1.1: “From time to time, InCommon may identify
alternative means developed by experts from the Research & Higher Education sector as specifying means that are comparable or superior to identified requirements in one or more of its IAPs. “
• Page 2: “Normative criteria to be used in an assessment process are expressed in separate Identity Assurance Profile and approved alternative means documents.”
12/12/12
11
Who’s Spec is it Anyway?• Hot potato
• Time and Trust• How do we evaluate these things?• Who gets to say?
• Where will this show up?• Authentication technologies: multifactor• Cryptography: AD Silver Cookbook• Identity proofing: knowledge-based
12/12/12
12
Other Big Pics: Where we are… Bronze audit and no-audit option Bronze and 4.2.4 Credential
Issuance and Management Bronze and protection of PII Registration and Credential Records
Retention – 7.5 years Approved Algorithm –
Alternative Means Scope: Profiles are password only –
Alternative Means
12/12/12
13
What’s Next?• Develop Process for Alternative Means
with Assurance Advisory Committee
• Continue discussion to work through a couple detailed questions
• Work on FICAM approval expected January 2013
• Publish FICAM-approved spec for community review
• Announce implementation extravaganza and programs!
12/12/12