Tftm committee march 12 2014
This presentation is the property of its rightful owner.
Sponsored Links
1 / 10

TFTM Committee March 12, 2014 PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on
  • Presentation posted in: General

TFTM 01-06 Interim Trust Mark /Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck. TFTM Committee March 12, 2014. Key terms for this discussion. Key terms for this discussion. Accreditation. Administrative Responsibilities:

Download Presentation

TFTM Committee March 12, 2014

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Tftm committee march 12 2014

TFTM 01-06Interim Trust Mark/Listing Approach PaperAnalysis of Current Industry Trustmark Programsand GTRI PILOT ApproachDiscussion Deck

TFTM Committee

March 12, 2014

IDESG TFTM Committee


Tftm committee march 12 2014

Key terms for this discussion

IDESG TFTM Committee


Tftm committee march 12 2014

Key terms for this discussion

IDESG TFTM Committee


Tftm committee march 12 2014

Accreditation

  • Administrative Responsibilities:

  • Document and maintain :

    • Policies and participation rules

    • Requirements

    • Application/Onboarding processes

    • Standard agreement for accredited entities

  • Maintain public trust list/registry of accredited entities

  • Operational Responsibilities:

  • Evaluate the capability of applicant entities for certification activities

  • Perform policy mapping, as appropriate, for entity certification policies/requirements conformance/comparability to Accreditation Program requirements

Accreditation Program

Accredit

Certification

  • Administrative Responsibilities:

  • Document and maintain:

    • Requirements

    • Assessment Processes

    • Assessment Criteria

    • Application/onboarding processes

    • Standard agreement for certified entities

    • Formal recognition of certified services

  • Maintain public trust list/registry of certified entities

  • Operational Responsibilities:

  • Perform and document assessments

  • Validate conformance to Certification Program requirements

  • Provide formal recognition for approved/validated identity services

  • Monitor continued conformance for certified entities

Certification Program

Certify/Issue

Certify/Issue

Trust Mark Issuance

  • Operational Responsibilities:

  • Execute and maintain Trust Mark (Usage) Agreements for certified entities

  • Monitor continued conformance to Trustmark usage requirements for certified entities

  • Establish and maintain security and controls for issued trust marks

  • Administrative Responsibilities:

  • Document and maintain Trust Mark issuance and usage policies and participation rules

  • Document and maintain Trust Mark (Usage) Agreement

  • Document and maintain security and controls for Trustmark monitoring.

Service Provider

Service Provider

IDESG TFTM Committee


Tftm committee march 12 2014

IE Roles Current Industry and GTRI Pilot Models

GTRI Pilot Model (Trustmark Concept Map)

Current Industry Model

Stakeholder

Community

Is Represented By

Trustmark Recipient

(e.g., IDP, CSP, AA)

Trust Framework Provider

Certifies TF

Conformity

Issues

Trust marks

Assessor/

Auditor

Issues

Identity

Assertions

Required By

Defines

Trust Framework

Relying

Parties

Required

By

Assessment Rules/Criteria

End

Users

Source : GTRI

IDESG TFTM Committee


Tftm committee march 12 2014

GTRI Examples of Modular Trust Components

Modular Trust Components (AKA “Trust Marks”)= Sets of defined requirements for trust in specific areas

Source : GTRI

Examples of Modular Trust Components that may be defined requirements for trust marks.

IDESG TFTM Committee


Tftm committee march 12 2014

Potential Sources for Modular Trust Components

Source : GTRI

IDESG TFTM Committee


Tftm committee march 12 2014

The Need for NSTIC Core Requirements

The following activities seek to define common, core requirements for trust and

are directly related:

GTRI pilot seeks to define “modular trust components “ (AKA “Trustmarks”) that can be used/reused by multiple organizations.

Need to define common, core requirements for trust components that are/should be common to different stakeholder communities – e.g., business, legal, security, privacy, etc.

TFTM 01-05: Requirements Mapping and Analysis Paper

Requirements analysis and mapping of trust framework components to assess their alignment with NSTIC/IDESG Guiding Principles.

Could inform the process of establishing core requirements and trustmarks based on TF components most aligned with IDESG/NSTIC Guiding Principles

Could support reuse of framework components within the identity ecosystem.

The NPO issued “derived requirements” from NSTIC strategy to articulate requirements for NSTIC guiding principles (strategy, privacy, interoperability, ease of use) that should be a starting point forcommon, core requirements for the Identity Ecosystem Framework.

IDESG TFTM Committee


Tftm committee march 12 2014

Building the Identity Ecosystem Framework

See NSTIC NPO 11/26/2013 Blog: Interim Identity Ecosystem: “Are we there yet?”

IDESG TFTM Committee


Tftm committee march 12 2014

Examples of 34 NSTIC Derived Requirements

IDESG TFTM Committee


  • Login