Identity ecosystem functional model discussion guide
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Identity Ecosystem Functional Model DISCUSSION GUIDE PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

Identity Ecosystem Functional Model DISCUSSION GUIDE. IDESG Security Committee September 19, 2013 Adam Madlin. Today’s Agenda. NSTIC requirements Our approach Starting point functional model Identify key characteristics Next steps. DRAFT Functional Model Goals.

Download Presentation

Identity Ecosystem Functional Model DISCUSSION GUIDE

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Identity ecosystem functional model discussion guide

Identity Ecosystem Functional ModelDISCUSSION GUIDE

IDESG Security Committee

September 19, 2013

Adam Madlin


Today s agenda

Today’s Agenda

  • NSTIC requirements

  • Our approach

  • Starting point functional model

  • Identify key characteristics

  • Next steps


Draft functional model goals

DRAFT Functional Model Goals

  • Create the Identity Ecosystem functional model

  • Define and differentiate IDE functional model vs. framework.

  • Support the NSTIC guiding principles

    • Privacy-­enhancing and voluntary

    • Secure and resilient. (includes scalability)

    • Interoperable

    • Cost-­effective and easy to use

  • Phased releases to support ecosystem evolution

    • Initial release within 6 months, synchronized with initial Trust Framework release

  • Identify gaps to be addressed

  • Other Goals?

Functional Model High Level Plan

Sept 5, 2013


Draft high level plan

DRAFT High Level Plan

  • Review existing accepted functional models and catalogue them

  • Agree on overall goals

  • Identify key requirements and characteristics

  • Develop our functional model

Functional Model High Level Plan

Sept 5, 2013


Basic definitions of roles

Basic Definitions of Roles

  • Attribute Authority - An entity recognized as having the authority to verify the association of attributes to an identity.

  • Attribute Manager

  • Attribute Provider

  • Attribute Verifier

  • Credential Manager - The process of issuing, maintaining, and authenticating a credential is fulfilled by a Credential Manager.

  • Credential Service Provider (CSP) -  A Credential Service Provider comprises an Identity Provider and Credential Manager.

  • Identity Proofer - An Identity Proofer verifies people’s identities before an enterprise issues them accounts and credentials.

  • Identity Provider (IdP) –

    An Identity Provider is an entity which issues identifiers to other entities

    or

    An entity or system that creates, maintains, and manages identity information and provides principal authentication to other service providers.

  • Intermediary – There can be an operational layer between the Identity Providers, Attribute Providers and Relying Parties in an identity ecosystem, which may be known as an Intermediary.   The Intermediary may be a passive pass-through transactional layer, or it may have logic to process transactions in accordance with policy.

  • Relying Party (RP) - A Relying Party is an organization relies on an identity validation to ensure that the individual is who they claim to be.

  • Service Provider - An organization or system that wishes to provide a commercial service (in the private sector), or is mandated to support a government entitlement (in the public sector).


Nstic derived requirements

NSTIC Derived Requirements


Functional models

Functional Models


Oitf model

OITF Model


Fmahg model based on oitf model

FMAHG Model (based on OITF model)


Based on kantara iaf model

Based on Kantara IAF Model

Entity

may possess

may possess

Token

Manager

Token

Identity

Record

Attribute

Manager

manages

manages

Credential

Manager

manages

Token-Identity

Link Manager

uses

Online Services

Provider

Sources: Anil John, GSA TSF

Functional Model High Level Plan

Sept 5, 2013


800 63 model

800-63 Model


Incommon model

InCommon Model


Nstic model

NSTIC Model

Functional Model High Level Plan

Sept 5, 2013


Aba idm trust framework model

ABA IDM Trust Framework Model


Functional model characteristics requirements

Functional ModelCharacteristics / Requirements

  • Value add to participant as a result of existence of ecosystem

    • New added value to participant

  • Ability to federate between and among other networks

  • Widely supported

  • Interoperable

  • Scalable

  • Support NSTIC guiding principles

  • Identification – disambiguate entities within a set scope

  • E-authentication

  • Structure information sharing

  • Verification of issuer

  • Privacy protected storage of information

  • Privacy protected collection of information

  • Function for linking and matching disparate records


Characteristics

Characteristics


  • Login