Assuring Identities in an Open Trust Framework

1. Assuring Identities in an Open Trust Framework Interoperability and Connectivity: Privacy, Security and Trust in Health Information Exchange - 5th Annual WHIT Congress – 11/10/2009The Identity Assurance Framework Kantara Initiative Pete Palmer Co-Chair - Kantara Healthcare Identity Assurance Work Group

2. Provider Disclaimer This presentation is the result of work developed by volunteers of the Electronic Authentication Partnership, the Liberty Alliance, and the Kantara Initiative and is not a work product of Surescripts.

3. Kantara Overview • Founded: April 20, 2009 • Trustees: AOL, BT, CA, Fidelity, Intel, Internet Society, Liberty Alliance, Neustar, Novell, NRI, NTT, Oracle, PayPal and Sun ( see: http://kantarainitiative.org/confluence/display/GI/Current+Members ) • Purpose: • To bridge and harmonize identity community efforts • To ensure secure online interactions • To enhance personal privacy • To assure interoperability between OpenID, Liberty, InfoCard and other identity management solutions.

4. Kantara Healthcare Work Group • Founded: August, 2009 • History: Was Liberty Alliance Health Care Work Group • Purposes: • Implement patient access to their medical information and health care providers system using open source solutions • Implement simplified health care worker identity management • Review/Endorse identity assurance framework to support health information exchanges (HIEs) and the US nationwide health information network (NHIN) • Review/endorse patient identification standards for on-line and card identifiers • Work with vendors to help foster interoperability • Current co-chairs: John Fraser, MEDNETWorld.com, Pete Palmer, Surescripts, and Rick Moore, eHealth Ohio. • Home Page: http://kantarainitiative.org/confluence/display/healthidassurance/Home • Full Charter is at: http://kantarainitiative.org/confluence/display/healthidassurance/Charter

5. Identity in the Physical World

6. Joe’s Fish Market.Com Tropical, Fresh Water, Shell Fish, Lobster,Frogs, Whales, Seals, Clams Today’s Collection of Identity Silos

7. What the User wants… • Simplified online experience • Get rid of the need for multiple user-ids and passwords • Fewer clicks • Protected personal information • Reduce my risk from fraud • Better product & service offerings • Web 2.0 and/or “smart phone” data service integration

8. There are Two Problem Areas • Technical Interoperability • Does the client application I'm using “talk” to the systems I want to use? (can I type in my PIN on my iPhone and have unfettered access to services without logging in again?) • Does the system that authenticates me (vouches for me) “talk” to the service provider systems I want to access? (can I login to my bank's site and use that to pay my taxes, book travel, and check my Gmail account?) • Operational Interoperability & Assurance • Do the commercial and government systems “trust” each others' systems, operating procedures, vetting practices, etc.? (i.e., understand & accept the distribution of liability when/if something goes wrong) We’ll focus today on the Operational Interoperability & Assurance Aspects

9. Identity Assurance Framework …so why the need for a common standard?

10. Separate Cards with Each Bank Linked Cards within Bank Networks Seamless Access Across all Networks Bank ATM Network B Bank ATM Network C Bank ATM Network A Bank ATM Network B Bank ATM Network C Bank ATM Network A .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com .com Bank C ATM Card Bank B ATM Card Bank A ATM Card Bank B ATM Card Bank C ATM Card Bank A ATM Card .com .com .com .com .com .com .com .com .com Linkage of Trust Domains Individual Accounts with Many Web Sites Federated Accounts within Trust Domain ATM Historic Analogy

11. End user (subscriber) Credential Service Provider Relying Parties Federation Operator Assessor Federated Cloud:RP applications trusting Federations, who enroll & monitor CSP’s compliant w/FO policies, based on Assessor Assessments Authentication Technology Identity Ecosystem: Trust Government Applications, Services, Resources

12. Identity Assurance Framework • What is it? • Framework supporting mutual acceptance, validation and lifecycle maintenance across identity federations (i.e. systems that trust each other) • Started with EAP Trust Framework, UK tScheme and US e-Auth Federation Credential Assessment Framework as baseline • Harmonized, best-of-breed industry identity assurance standard • Identity credential policy • Business procedure and rule set • Baseline commercial terms • Guideline to foster inter-federation (i.e. inter-trust) on a global scale • It consists of 4 parts: • Assurance Levels • Service Assessment Criteria • Assurance Assessment Scheme and Certification Program • Business Rules/Deployment Guidelines

13. End user (subscriber) Credential Service Provider Relying Parties Accredited Assessors List Certified Federations List Federation Operator Assessor IAF enabled Inter-Federated Cloud:RP applications trusting [Certified Federations, who enroll & monitor] IAF compliant CSP’s, based on Accredited Assessor Assessments Authentication Technology IAF’s Initial Focus Identity Ecosystem: Trust after IAF Government Applications, Services, Resources

14. IAF Assurance Levels • Four Primary Levels of Assurance • Level 1 – Little or no confidence in asserted identity’s validity • Level 2 – Some confidence • Level 3 – Significant level of confidence • Level 4 – Very high level of confidence • CSPs are certified by Assessors to a specific Level(s)

15. Assurance Level Assessment Criteria – Credential Mgmt Assessment Criteria – Identity Proofing Assessment Criteria – Organization Example Registration to a news website Minimal Organizational criteria Minimal criteria - Self assertion PIN and Password 1 Change of address of record by beneficiary Moderate organizational criteria Moderate criteria - Attestation of Govt. ID Single factor; Prove control of token through authentication protocol 2 Access to an online brokerage account Stringent organizational criteria Stringent criteria – stronger attestation and verification of records Multi-factor auth; Cryptographic protocol; “soft”, “hard”, or “OTP” tokens 3 Dispensation of a controlled drug or $1mm bank wire Stringent organizational criteria More stringent criteria – stronger attestation and verification Multi-factor auth w/hard tokens only; crypto protocol w/keys bound to auth process 4 IAF Assurance Levels Illustrated Note: Assurance level criteria as posited by the OMB M-04-04 & NIST SP 800-63

16. Credential Service Provider Relying Parties Assurance Assessment Scheme & Certification Program • Oversight by Member Committee (ARB) • Assessor is Accredited based on application of demonstrated expertise • CSP service is Certified to LOA(s) based on IAF compliance • Technology is Certified to be Interoperable • User has safe, simple access to services

17. Family/ Friends Social Networks Financial Institutions Industry Employers Commercial Government People, Entities, Machines... The Result – Identity Ecosystem • Ubiquitous interoperability • Minimize or Eliminate “Token Necklace” • Customer Convenience • Consistent User Experience • Plain Language • Simplified On-boarding • Low-to-No Cost • Ease of Service Selection • Clear Risk & Liability 17

18. Goal: Health care simplified authentication Health Information Systems – Clinics, Hospitals, etc Health Information Exchange - HIE • Interoperability for • Patient Lookup • Clinical Document Exchange • Privacy and Security HIE Gateway EMR Hospitals HIE Gateway NHIN Gateway EMR Payors RLS HIE Gateway HIE Gateway PHR Patient Logins HIE Member Users Simplified Sign Ons: to Clinics, Google Health, MS HealthVault, etc, or via iPhone or similar smartphone apps Simplified Sign Ons Clinics Patients Healthcare Workers

19. More Information on IAF and the Assurance Certification Program http://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Certification+Program Thank You! pete.palmer@surescripts.com