using levels of assurance renee shuey nmi-edit camp: charting your authentication roadmap february...
TRANSCRIPT
![Page 1: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/1.jpg)
Using Levels of Using Levels of AssuranceAssurance
Renee ShueyRenee Shueynmi-edit CAMP: Charting Your nmi-edit CAMP: Charting Your
Authentication RoadmapAuthentication RoadmapFebruary 8, 2007February 8, 2007
![Page 2: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/2.jpg)
AgendaAgenda
DisclaimerDisclaimer About Penn StateAbout Penn State Level Set on Levels of AssuranceLevel Set on Levels of Assurance
– Delivering of the packageDelivering of the package Uses for LOA Uses for LOA
– Both Internal and External to the Both Internal and External to the universityuniversity
Points to PonderPoints to Ponder Discussion, Q&ADiscussion, Q&A
![Page 3: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/3.jpg)
Penn StatePenn State
![Page 4: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/4.jpg)
Penn StatePenn State
Established 1855, Established 1855, PA’s Land GrantPA’s Land Grant
24 campus 24 campus locationslocations
80K students, 10K 80K students, 10K faculty, 10K stafffaculty, 10K staff
$640M annual $640M annual research research expenditureexpenditure
![Page 5: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/5.jpg)
Penn State IAM - TechnologyPenn State IAM - Technology Kerberos, DCE, Active Kerberos, DCE, Active
DirectoryDirectory
LDAP (eduPerson)LDAP (eduPerson)
Cosign (WebAccess)Cosign (WebAccess)
ShibbolethShibboleth
Member of InCommonMember of InCommon
22ndnd Factor Factor AuthenticationAuthentication
““Access Account” - Access Account” - branding for Penn branding for Penn State identity ~120KState identity ~120K
““Short Term Access Short Term Access Accounts” Accounts”
““Friends of Penn Friends of Penn State” - branding for State” - branding for external identity, external identity, ~450K~450K
![Page 6: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/6.jpg)
Level Set - Delivering Level Set - Delivering of the Package….of the Package….
![Page 7: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/7.jpg)
It’s all about how It’s all about how certain you are…certain you are…
![Page 8: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/8.jpg)
And how Certain you And how Certain you need to be…need to be…
![Page 9: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/9.jpg)
Scenario 1…
deleted image of favorite web site here…
![Page 10: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/10.jpg)
deleted photo of well known delivery vehicle.
![Page 11: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/11.jpg)
deleted photo of individual from well known delivery service
![Page 12: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/12.jpg)
deleted image of nicely wrapped gift here….
![Page 13: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/13.jpg)
Scenario 2…
deleted image of favorite website
![Page 14: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/14.jpg)
![Page 15: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/15.jpg)
![Page 16: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/16.jpg)
![Page 17: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/17.jpg)
![Page 18: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/18.jpg)
Risk
Identity Proofing
Logical & Physical Control
Indemnification
Liability
Laws & Regulations
Data
Intellectual Property
Transaction
Identifying and Mitigating Risk
![Page 19: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/19.jpg)
Uses for Uses for Levels of AssuranceLevels of Assurance
![Page 20: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/20.jpg)
![Page 21: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/21.jpg)
eCommerce ComplianceeCommerce Compliance
Payment Card Industry Questionnaire Payment Card Industry Questionnaire 8.118.11– Is there an account-lockout mechanism Is there an account-lockout mechanism
that blocks a malicious user from that blocks a malicious user from obtaining access to an account by obtaining access to an account by multiple password retries or brute force? multiple password retries or brute force? Yes No Yes No
Card Industry following bank industry Card Industry following bank industry requirement for 2requirement for 2ndnd Factor Factor AuthenticationAuthentication
![Page 22: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/22.jpg)
Business Transactions
Electronic Signatures
Promissory Notes
![Page 23: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/23.jpg)
W-2 Information OnlineW-2 Information Online
![Page 24: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/24.jpg)
“THE” Demo
(at least the boss’s part)
Internet2 FastLane Demo
![Page 25: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/25.jpg)
Points to PonderPoints to PonderDecreasing of LOADecreasing of LOAPassword ResetsPassword Resets
![Page 26: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/26.jpg)
In Person Proofing
![Page 27: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/27.jpg)
It’s a big, big worldNot all university affiliates are located on the campus
In fact, there are some we never see
![Page 28: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/28.jpg)
Remote ProofingNotary
Forms of Id
![Page 29: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/29.jpg)
Self Service - Ask Self Service - Ask Questions?Questions?
? ??
?
?
? ?? ?
Mother’s Maiden Name
Favorite Color
Favorite Pet’s Name
Create own Q & ASpouse’s Nickname
First Concert Attended
![Page 30: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/30.jpg)
www.londonstimes.us
DistributionAt times snail mail is still preferred and more trusted…
![Page 31: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/31.jpg)
Points to PonderPoints to PonderMultiple Registration Multiple Registration
AuthoritiesAuthorities
![Page 32: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/32.jpg)
Multiple Registration Authorities World Campus
Registrar
Admissions
Human Resources
Accounts Office
Hershey Medical
![Page 33: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/33.jpg)
Multiple Registration Multiple Registration AuthoritiesAuthorities
Registration Authority’s need to change Registration Authority’s need to change their requirements to meet identity their requirements to meet identity provider requirements.provider requirements.
Understand processes tied to business Understand processes tied to business such as the activation of accounts, such as the activation of accounts, resetting of passwords, etcresetting of passwords, etc
Applications relying on these processes Applications relying on these processes – Applications need to changeApplications need to change– Processes for proofing, notification, etc all need Processes for proofing, notification, etc all need
to be changedto be changed– Activation of accounts and resetting of Activation of accounts and resetting of
passwords needs to changepasswords needs to change
![Page 34: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/34.jpg)
Multiple Registration Multiple Registration Authorities Multi-factor Authorities Multi-factor
AuthenticationAuthentication multi-factor remote network
authentication. identity proofing procedures require
verification of identifying materials and information.
based on proof of possession of a key or a one-time password through a cryptographic protocol.
![Page 35: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/35.jpg)
Points to PonderPoints to PonderChanging the CultureChanging the Culture
![Page 36: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/36.jpg)
Changing the CultureChanging the Culture
Identifying & Adding new applications Identifying & Adding new applications and servicesand services
Risk AssessmentRisk Assessment– OwnershipOwnership– Data, Transaction, FunctionData, Transaction, Function
Access control = authentication + LoA Access control = authentication + LoA + attributes+ attributes
![Page 37: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/37.jpg)
To Summarize:
It’s All about how certain you are…
And How Certain you need to be…
![Page 38: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/38.jpg)
Questions/CommentsQuestions/Comments
Contact InformationContact Information
Renee ShueyRenee Shuey
ITS Emerging Technologies GroupITS Emerging Technologies Group
Pennsylvania State UniversityPennsylvania State University
[email protected]@PSU.EDU
![Page 39: Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007](https://reader035.vdocuments.us/reader035/viewer/2022062409/56649cf95503460f949ca8e3/html5/thumbnails/39.jpg)
Copyright Renee Shuey 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.