Identity Authentication amp Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan Kantara Initiative Don Thibeau OpenID Foundation Open Identity Exchange ID: 795980
Download The PPT/PDF document "Building Trusted Transactions" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Building Trusted Transactions
Identity Authentication & Attribute ExchangeIn Public and Private FederationsOASIS Conference September 2010Joni Brennan, Kantara InitiativeDon Thibeau, OpenID Foundation Open Identity Exchange
Slide2Overview
What’s all this fuss about Trust Frameworks?
Slide3Slide4The Trust Community
Four main roles involved in making online exchanges trustworthy: End-Entities who are the subjects of identity credentialsCredential Service Providers (CSPs)AuditorsEntities that rely upon the credentials issued by CSPs, referred to as “relying parties.” Our Identity Assurance Framework is targeted to address each of these community roles…
Slide5Slide6Slide7Kantara Initiative approach to Federated Identity
Identity Assurance Framework – one stop policy shop…
Slide8Identity Assurance Framework Components
Slide9Slide10Slide11Kantara
Initiative Accreditation and CertificationWho should apply and how?Assessors / AuditorsCredential Service Providers, Identity ProvidersFor More InformationVisit our Assurance Certification Center: http://bit.ly/assurance_certificationConnect with me: joni@ieee-isto.org
Slide12What’s Next?
Profiles, profiles and more profilesJurisdictional (governments), HealthCare, Financial, Telecommunications, etcFederation Interoperability Work Group (FIWG)With input from international stakeholders FIWG developing tools for Federations to use for Interoperation.Enabling communication of Meta-Data between FederationsOpen for adoption by communities world-wide via Creative Commons IPR
Slide13Benefits of Adoption
US Government ICAM Adopted Level 1, 2, 3 non-cryptoIdentity Assurance Framework (IAF) is technology AgnosticCan be adopted as organizational policy framework regardless of the technology protocol in place.Lowers cost to jurisdictions and entities enabling eased transition in to Trust Framework ModelHas Kantara Initiative international community input
Austria, Canada, Denmark, France, Japan, New Zealand, Sweden, United Kingdom, United States – the list keeps growingEnables Inter-federation through trusted and certified credentialsCould be applied across jurisdictional federations like the European Union.Enables Government entities to leverage private-sector activities
Slide14Working Together
Building Trust…
Slide15Collaboration
Slide16Kantara Initiative
Work GroupsKantara Initiative – Identity Assurance (IAWG)http://kantarainitiative.org/confluence/display/idassurance/eGovernment (eGovWG)http://kantarainitiative.org/confluence/display/eGov/
Federation Interoperability http://kantarainitiative.org/confluence/display/fiwg/Privacy and Public Policy (P3WG)http://kantarainitiative.org/confluence/display/p3wg/
Slide17Open Identity Exchange (OIX)
Work GroupsTelco Data Work GroupVerizon, AT&T, TNS, Pacific East, etc.Public Media National Public Radio, Public Broadcasting Service, etc.Librarians, Authors, PublishersNational Institute of Health, National Library of Medicine, ORCID, APA, etc
Identity Attributes Trust Framework Google, Yahoo!, AOL, Hot Mail, etc.
Slide18OIX/Kantara
Collaborative Work GroupsUS ICAM Higher Levels of AssuranceOIX, KI, US GSA, US NIH, etc.A public private partnership to define new technical /policy profiles for higher levels of assurance (NIST LoA 2 and 3)A forum and forcing function to map policy and legal issues to government and citizen interaction over the webA collaboration among leading industry organizations to break new ground in trust framework development
Slide19Introduction to OIX
A Market Solution to Online Identity Trust…
Slide20A Matter of Trust
Relying Parties must be able to trust that the Identity Provider is providing accurate customer dataIdentity Providers must be able to trust that the Relying Party is legitimate (i.e., not a hacker, phisher, etc)Direct RP-to-IDP trust agreements are a common solution, but are impossible to manage at Internet scale
Slide21OIX Trust
FrameworkTrust CommunityThe Trust Framework Solution
IdentityServiceProviderRelyingParty
user
Slide22Credit Card Trust
FrameworkTrust CommunityProven Trust Frameworks Exist!
Slide23The OIX Identity Trust Framework Model
Open Identity Exchange
Trust framework agreements
IdentityServiceProviderRelyingParty
user
Slide24What OIX Provides
RefereeNeutral, technology agnostic provider of trust frameworksCertification Listing ServiceMachine-readable information about trust framework participants and certifications
Slide25OIX Drives Adoption
By improving market efficiencyBy providing openness and transparencyBy ensuring credibility and accountability in the systemBy enabling improved user experience
Slide26Real World Examples
OIX U.S. ICAM (Identity, Credential, and Access Management) Trust frameworkFor U.S. federal government agenciesOIX Telecom Data Trust FrameworkFor Telco Data Services providersFor Data Aggregators
Slide27Summary
OIX and KI work together to providean Internet-scale solution to enable trusted onlinedigital identities
Slide28Thank You!
Get in touch with us…Joni@kantarainitiative.org Don@openidentityexchange.org