Kantara Overview June 2013

Trust Frameworks: Shaping the future of Digital Identity

Joni Brennan, Executive Director2013

Problem

2012 2Kantara Initiative - Trust Frameworks: A Global Context

• Inefficient

• Does not scale

• Poor high risk solution

3

Kantara Initiative: OverviewValues

Kantara Initiative - Trust Frameworks: A Global Context

Organizations, Industry and Governments join Kantara because we value:

• TrustOperating Accreditation, Approval and Certification programs

• PrivacyDeveloping privacy respecting solutions.

• SecurityDeveloping high security solutions and practices

• CommunityBridging technology and policy requirements

Trustees:

Trustees At-Large:

• Government of Canada

• Trans-European ResearchEducation Networking Association

4

Kantara Initiative: OverviewStats

Kantara Initiative - Trust Frameworks: A Global Context

50+ MembersApproved CSPs

100’s of Participants Accredited Assessors

5

Kantara Initiative: OverviewFederation, Compliance, and Interoperability

Kantara Initiative - Trust Frameworks: A Global Context

Members join Kantara because we build trust and harmonization by developing compliance criteria based on requirements of end-users, relying parties and identity providers.

Organizations become APPROVED because we operate compliance programs for multiple solutions that fit a variety of requirements and jurisdictions.

Kantara Builds Bridges

*Non-Profit 501c6

6

Kantara Initiative: OverviewGovernance Model

Kantara Initiative - Trust Frameworks: A Global Context

Assurance Review Board

Interoperability Review Board

Operates Compliance Programs

Leadership Council

Consists of: Work and Discussion

Group Leadership

Develops Requirements and Practices

Board of Trustees

Kantara Initiative: OverviewWork and Discussion Groups

JURISDICTIONPOLICY/TECH

KANTARA INITIATIVE WORK AND DISCUSSION GROUPS

USER-FOCUSED

ISWG

UMAWG

ConsumerID

• (BCTF) Business Cases for Trusted Federations

• (Consumer ID) Consumer Identity

• (eGov) eGovernment

• (FI) Federation Interoperability

• (HIA) Heath Identity Assurance

• (IA) Identity Assurance

• (IS) Information Sharing

• (Japan) Japan

• (P3) Privacy and Public Policy

• (Telco ID) Telecommunication Identification

• (UMA) User Managed Access

• (CBP) Cloud Identity Best Practices

• (AIM) Attributes In Motion

WORK & DISCUSSION GROUP ACRONYMS:

Kantara Initiative - Trust Frameworks: A Global Context 7

ISWG

HIAWG P3WG

eGovWG

IAWG

AMDG

HIAWG

TELCO ID

eGovWG

JAPAN

CIBP AIM

8

Kantara Initiative: OverviewLiaisons and Governments

Kantara Initiative - Trust Frameworks: A Global Context

• ISO: 29115, 29100, 29191, 27001, 27002, etc

• ITU-T: X.1254 (was X.EAA), OITF

• OASIS: eGovernment, SAML SSTC, PMRM, etc

• OECD Internet Technical Advisory Committee (ITAC)

• Governments (Canada, UK, US, Sweden)

• Developing UK/US cross recognition approach (extending country by country)

• Providing neutral forum for Government Programs and Agencies to share information and identify common goals

• Performing confidential and non-confidential program reviews upon request for specific international governments and government agencies

9

Kantara Initiative: OverviewNational / International Initiatives

Kantara Initiative - Trust Frameworks: A Global Context

• US FICAM

• Only cross-vertical LoA 1-3 non-crypto Approved Trust Framework Provider

• US NSTIC

• Kantara Identity Assurance Framework – Service Assessment Criteria

• Ecosystem of Assessors

• AuthN >> moving toward Attribute Assurance

• UK IDAP

• Cross Jurisdiction recognition

• EUSTIC

• Kantara supporting as media sponsor and relevance to Kantara initiatives

• SWEDEN E-legitimation

• Kantara IAF referenced in emerging program toward municipality policy/tech interop

Federation and Trust FrameworksBased on Levels of Assurance : Illustrated

10Kantara Initiative - Trust Frameworks: A Global Context

Federation and Trust FrameworksWhat does Federation look like?

11Kantara Initiative - Trust Frameworks: A Global Context

Identity Provider

Service Provider

Trust

BA

NK

INS

UR

AN

CE

CO

MP

AN

Y

Authentication

Service Access

Kantara Trust Framework:Component Services

12Kantara Initiative - Trust Frameworks: A Global Context

Credential Service Provider

Identity Proofing /

Verification

Organizational Trust

Credential Issuance /

Management

Responding to industry experts Kantara members create path to component service recognition.

Component Services: • Identity Proofing /

Verification • Credential Issuance

and Management

Kantara Accreditation and Approval: Developing Trust Framework Profiles

2012 13Kantara Initiative - Trust Frameworks: A Global Context

Core FrameworkCommon, Well-Vetted

Foundation

Technical ProfileSpecific Technical Deployment Rules

Privacy ProfileSpecific Policy / Regulation

Rules

Industry ProfileSpecific Industry Based Considerations / Rules

Jurisdiction Profile Specific Policy / Regulation

Rules

14

Kantara Initiative: Overview What does a Trust Framework look like?

Kantara Initiative - Trust Frameworks: A Global Context

Trust

Input Requirements in to Kantara

Kantara and end-user

stakeholders develop criteria for assessment

Kantara Accredited Assessors

perform assessments

Relying Parties&

End-Users

Criteria for IdP / CSP Assessment

to verify Trust

15

Trust Framework Model

Kantara Initiative - Trust Frameworks: A Global Context

Registration

Verification

Assessment

Certification Process

Trust Status Listing Service

Interested Parties

Trust Status Listing Service, Registry, White List

Identity Assurance Framework: Documents

16Kantara Initiative - Trust Frameworks: A Global Context

IAF 1000 - OverviewOverview of of the IAF documents and structure

IAF 1100 - Glossary Glossary of terms used in the IAF documents

IAF 1200 – Levels of AssuranceOverview in detail of the Levels of Assurance

IAF 1300 – Assurance Assessment SchemeProcess of how the Assurance Program operates

IAF 1400 – Service Assessment CriteriaCriteria that a Service will need to provide compliance to for

Service Approval at the different Levels of Assurance

IAF 1600 – Assessor Qualifications and RequirementsQualifications that an Assessor must prove to become

Accredited to perform IAF assessments

Note: a Trust Framework may apply specific profiles for specific Technology and Privacy Constraints used to achieve Levels of Assurance

17

Kantara Trust Framework:Structure

Kantara Initiative - Trust Frameworks: A Global Context

Board of Trustees

Trust StatusPublished to:

Assurance Assessment

Scheme(AAS)

Assessor Qualifications & Requirements

(AQR)

Service Assessment

Criteria(SAC)

Core IAF Document Set

Identity Assurance Framework (IAF) Complete Set of IAF Documents

Identity Assurance Work Group (IAWG)

Manages the Set of IAF Documents

Assurance Review Board (ARB)

Reviews & Verifies External Assessment

List Services, Registries, Whitelists

Kantara Trust Framework:Accredited Assessors and Approved CSPs

Kantara Accredited to LoA 1-4

18Kantara Initiative - Trust Frameworks: A Global Context

Kantara Approved to LoA 3 non-crpyto

Verizon Universal Identity Service (VUIS)** ICAM Trust Framework Approval

IDPV Component Recognition

Norton Credential Service Provider *ICAM Trust Framework Approval (Conditional)

Registered Applicant

Shaping the Future of Digital Identity

• @kantaranews• kantarainitiative.org• kantarainitiative.org/listinfo/community• bit.ly/Kantara_Assurance• kantarainitiative.org/membership/

19Kantara Initiative - Trust Frameworks: A Global Context

Thanks!

Questions?

• Kantara Executive Director: Joni Brennan [email protected]

• General Inquiries: [email protected]