GTRI Presentation to IDESG TFTM Matt Moyer 11 Jun 2014
Dec 17, 2015
• Componentization of FICAM TFS into Trustmarks
• Sample FICAM Trustmark Definition
• Overview of Trustmark Issuance and Binding
Agenda
• Analyzed full set of FICAM TFS v2 requirements• Looked at LOA1 to LOA4
• Focused only on SAML identity scheme
• Componentized FICAM in conjunction with NIEF• Primary objective is maximal reuse of components
• Identified 41 total FICAM components (trustmarks)• 30 pertain to FICAM SAML IDPs
• Others pertain to FICAM RPs and BAE endpoints
• 32 can be reused within NIEF now
Componentization of FICAM TFS
FICAM LOA1 SAML IDP TIP
FICAM LOA2 SAML IDP TIP
FICAM Non-PKI LOA3 SAML IDP TIP
FICAM LOA4 SAML HoK IDP TIP
Organizational Trustmarks 2 (common)
LOA-Specific ID Trust Trustmarks 1 6 6 1
Privacy Trustmarks 1 5 (common)
Crypto Mgmt. Trustmarks 3 (common)
SAML Interop. Trustmarks 4 (common) 5
Attribute Profile Trustmarks 1 (common)
Required Trustmarks 11 19 19 16
Optional Trustmarks 1 2 2 1
Total Trustmarks 12 21 21 17
Some Stats…
NIEF Trustmark Count 82
Trustmarks Needed for GTRI Pilot 63
FICAM Trustmark Count 41
NIEF/FICAM Trustmark Overlap Count 32
Trustmarks Related to Security & Resilience 52
Trustmarks Related to Privacy 21
Trustmarks Related to Interoperability 48
Trustmarks Related to Cost-Effectiveness & Ease of Use 7
Total Trustmarks Identified (so far) 107
FICAM Stats in Context
Trustmark Assessment Tool Process Flow
Trustmark Assessment Tool
Database
Trustmark Assessment
Tool
FICAM LOA 2 Authn
ProcessTD
Trustmark Provider
Trustmark Recipient
TrustmarkDefinitions
1. Load TDs intoAssessment Tool
2. Receive requestfor trustmark fromTrustmark Recipientcandidate
3. Perform assessmentof Trustmark Recipientcandidate
4. Store assessmentartifacts / evidencein database
5. Issue trustmark toTrustmark Recipient
NIEF Trustmark Issuance Process Flow
NIEFTrust Fabric
Registry
NIEF Trustmark Assessment Processes
Trustmark 1
Trustmark 2
Trustmark N
NIEF Trust Fabric Entry
Trustmark 1
Trustmark 2
Trustmark N
Signed by NIEF
NIEF Member Agency
(Trustmark Recipient)
Trustmark Assessment Tool
Trust Fabric Entry Editor
Trust Fabric RegistryManager Tool
NIEF Trustmark Usage Process Flow
NIEFTrust Fabric
Registry
Trustmark Relying Party
1. Query for trust fabric entrieswith required trustmarks,in accordance with local TIP
Trust Interoperability
Profile
2. Receive matching trust fabric entries
3. Installentriesin localproduct