Download - IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1
![Page 1: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/1.jpg)
1
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS:PEEK INTO PROPOSED FICAM CHANGES
12/12/12
12/12/12
![Page 2: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/2.jpg)
2
Topics• Background• Big pic • Detailed pic
12/12/12
![Page 3: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/3.jpg)
Program Basics: Documents• Identity Assurance
Assessment Framework• Identity Assurance Profiles
• Bronze (NIST Level 1)• Silver (NIST Level 2)
• Assurance Addendum to the Participation Agreement
312/12/12
![Page 4: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/4.jpg)
Program Basics: Assurance Advisory Committee (AAC)
What is the AAC, and what does it do?• Represents stakeholders in the assurance process:
IdPs, SPs, auditors• Oversight for program• Advisory to Steering • Assess applications, recommend approval (or denial) to
Steering• Recommend changes to documents or program
![Page 5: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/5.jpg)
5
Program Basics: Assurance Advisory Committee (AAC)
Who is the AAC?• Tim Cameron, National Student Clearinghouse (SP)• Mary Dunker, Chair, Virginia Tech University (IdP)• Steve Devoti, University of Wisconsin-Madison (IdP)• 2nd Auditor• Jacob Farmer, Indiana University (member at large)• Chris Holmes, Baylor University (InCommon Steering)• Scott Koranda, University of Wisconsin-Milwaukee/LIGO (SP)• Steve Kurncz, Michigan State University (auditor)• Ann West, InCommon/Internet2 (InCommon staff)
12/12/12
![Page 6: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/6.jpg)
6
Assurance Advisory Committee (AAC)
Ex-Officio (non-voting)• Marilyn McMillan, New York University (InCommon Steering)• Tom Barton, University of Chicago (InCommon TAC)• Renee Shuey, Penn State (InCommon TAC)• Jack Suess, UMBC (InCommon Steering)
For more information, visit
http://www.incommon.org/assurance/aac.html
12/12/12
![Page 7: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/7.jpg)
7
FICAM Trust Framework Providers• Identity Credential and Access Management Subcommittee
• Federal CIO Council • Information Security and Identity Management Committee
• Trust Framework Provider Adoption Process (2009)• Comparability assessment
• 800-63 as basis for LoA requirements. Incorporates previous work done by the Feds as well under E-Authentication Initiative
• Privacy, organizational maturity, legal status, authority for InCommon and for InCommon to assess for IdP Operators
• Web SSO SAML2 Profile: Over the wire
• Trust Framework Providers • InCommon, Kantara, OIX, Safe/BioPharma
12/12/12
![Page 8: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/8.jpg)
8
InCommon’s History with FICAM• 2009-2010
• Spring - 1.0 begun review by FICAM. Community implememtatino begun.
• Fall - Refining of Silver begun due to community feedback
• 2011• Spring – 1.1 Reviewed and approved by community • Fall – FICAM asks for Simplified Bronze. InCommon develops 1.2.
• 2012 • Spring – 1.0 and InCommon fullly approved TFP. 1.2 reviewed and
approved by community. InCommon submits1.2 to FICAM for their approval.
• Est. 2013 • January – 1.2 approved by FICAM.
12/12/12
![Page 9: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/9.jpg)
9
What’s the hold up?
This is a new audit!• Federal availability• FICAM program evolving
• Negotiating on behalf of Higher Ed• Changes reflected in 1.2
requires resubmission for the spec
• Big pic items
12/12/12
![Page 10: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/10.jpg)
10
Alternative Means• IAAF 1.1: “From time to time, InCommon may identify
alternative means developed by experts from the Research & Higher Education sector as specifying means that are comparable or superior to identified requirements in one or more of its IAPs. “
• Page 2: “Normative criteria to be used in an assessment process are expressed in separate Identity Assurance Profile and approved alternative means documents.”
12/12/12
![Page 11: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/11.jpg)
11
Who’s Spec is it Anyway?• Hot potato
• Time and Trust• How do we evaluate these things?• Who gets to say?
• Where will this show up?• Authentication technologies: multifactor• Cryptography: AD Silver Cookbook• Identity proofing: knowledge-based
12/12/12
![Page 12: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/12.jpg)
12
Other Big Pics: Where we are…
Bronze audit and no-audit option Bronze and 4.2.4 Credential
Issuance and Management Bronze and protection of PII Registration and Credential Records
Retention – 7.5 years Approved Algorithm –
Alternative Means Scope: Profiles are password only –
Alternative Means
12/12/12
![Page 13: IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1](https://reader035.vdocuments.us/reader035/viewer/2022070409/56649e7c5503460f94b7e442/html5/thumbnails/13.jpg)
13
What’s Next?
• Develop Process for Alternative Means with Assurance Advisory Committee
• Continue discussion to work through a couple detailed questions
• Work on FICAM approval expected January 2013
• Publish FICAM-approved spec for community review
• Announce implementation extravaganza and programs!
12/12/12