Identity ecosystem functional model discussion guide
Sponsored Links
This presentation is the property of its rightful owner.
1 / 16

Identity Ecosystem Functional Model DISCUSSION GUIDE PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Identity Ecosystem Functional Model DISCUSSION GUIDE. IDESG Security Committee September 19, 2013 Adam Madlin. Today’s Agenda. NSTIC requirements Our approach Starting point functional model Identify key characteristics Next steps. DRAFT Functional Model Goals.

Download Presentation

Identity Ecosystem Functional Model DISCUSSION GUIDE

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Identity Ecosystem Functional ModelDISCUSSION GUIDE

IDESG Security Committee

September 19, 2013

Adam Madlin

Today’s Agenda

  • NSTIC requirements

  • Our approach

  • Starting point functional model

  • Identify key characteristics

  • Next steps

DRAFT Functional Model Goals

  • Create the Identity Ecosystem functional model

  • Define and differentiate IDE functional model vs. framework.

  • Support the NSTIC guiding principles

    • Privacy-­enhancing and voluntary

    • Secure and resilient. (includes scalability)

    • Interoperable

    • Cost-­effective and easy to use

  • Phased releases to support ecosystem evolution

    • Initial release within 6 months, synchronized with initial Trust Framework release

  • Identify gaps to be addressed

  • Other Goals?

Functional Model High Level Plan

Sept 5, 2013

DRAFT High Level Plan

  • Review existing accepted functional models and catalogue them

  • Agree on overall goals

  • Identify key requirements and characteristics

  • Develop our functional model

Functional Model High Level Plan

Sept 5, 2013

Basic Definitions of Roles

  • Attribute Authority - An entity recognized as having the authority to verify the association of attributes to an identity.

  • Attribute Manager

  • Attribute Provider

  • Attribute Verifier

  • Credential Manager - The process of issuing, maintaining, and authenticating a credential is fulfilled by a Credential Manager.

  • Credential Service Provider (CSP) -  A Credential Service Provider comprises an Identity Provider and Credential Manager.

  • Identity Proofer - An Identity Proofer verifies people’s identities before an enterprise issues them accounts and credentials.

  • Identity Provider (IdP) –

    An Identity Provider is an entity which issues identifiers to other entities


    An entity or system that creates, maintains, and manages identity information and provides principal authentication to other service providers.

  • Intermediary – There can be an operational layer between the Identity Providers, Attribute Providers and Relying Parties in an identity ecosystem, which may be known as an Intermediary.   The Intermediary may be a passive pass-through transactional layer, or it may have logic to process transactions in accordance with policy.

  • Relying Party (RP) - A Relying Party is an organization relies on an identity validation to ensure that the individual is who they claim to be.

  • Service Provider - An organization or system that wishes to provide a commercial service (in the private sector), or is mandated to support a government entitlement (in the public sector).

NSTIC Derived Requirements

Functional Models

OITF Model

FMAHG Model (based on OITF model)

Based on Kantara IAF Model


may possess

may possess














Link Manager


Online Services


Sources: Anil John, GSA TSF

Functional Model High Level Plan

Sept 5, 2013

800-63 Model

InCommon Model


Functional Model High Level Plan

Sept 5, 2013

ABA IDM Trust Framework Model

Functional ModelCharacteristics / Requirements

  • Value add to participant as a result of existence of ecosystem

    • New added value to participant

  • Ability to federate between and among other networks

  • Widely supported

  • Interoperable

  • Scalable

  • Support NSTIC guiding principles

  • Identification – disambiguate entities within a set scope

  • E-authentication

  • Structure information sharing

  • Verification of issuer

  • Privacy protected storage of information

  • Privacy protected collection of information

  • Function for linking and matching disparate records


  • Login