Elements of Trust Framework for Cyber Identity & Access Services

CYBER TRUST FRAMEWORK

Service Agreement

Trust Framework

ProviderIdentity

Providers

Credential Service

Providers

Attribute Providers

Relying Parties

Attribute Exchange Service

Federation Bridge &

Credential Exchange Operator

Multi-Lateral Trust &

Operating Agreement

Criteria & Methodology

for Cross Certification

Technical Specifications

Certification Practice

Statement

Bridge Service

Certificate Policy

Common Operating

Rules

Accreditation Certification

& Audit ProcessOperational

Trust Framework

Governance Trust Framework

Membership/Participation Governance Documents

Federation Trust Governance Documents

Technical Documents

Federation Organization Membership Agreement

Federation Organization Governance/

Bylaws

Trusted IdentityCredentials

Federation Governance

Body

• Standardized credentials and authentication processes.

• Single framework for governance with agreements, operating rules and technical specifications for interoperability through the federation operator.

PAGE 1 | TSCP

PAGE 2 | TSCP

TSCP Trust Framework Services

• TSCP maturing operational elements of the Trust Framework

• Business Models• Legal Agreements• Liability Models• Privacy Issues• Approved products

• Expanding operations and applicability of the TSCP Trust

Framework Services

Trust Framework Development Process

PAGE 3 | TSCP

Build Pilot Environment

Access Control Working Group

Trust Framework Working Group

• Business• Legal• Privacy• Technical

Conduct Pilot

Define Use

Cases

Configure Pilot Environment

Issue Credentials

NSTIC Grant - Financial Institution Pilot Use Cases

Employer Issued Credentials:

Responsibilities:

Proof and vet strong Identity information

Issues Credentials

Sets permissible use

Provides training and support

Authenticates login transactions

1. 401K Administrator Access

2. Employee Access

+

or

Log in

Log in

Employee choice

Employer choice

& PIN

& PIN

+& PIN

PAGE 5 | TSCP

Data Providers Data Consumers

Secure Information Sharing for Critical Infrastructure

Information Sharing Exchange Cloud

Environment EOC

Credential Providers

CommercialIdentity Providers

State GovernmentIdentity Providers

TSCP Trust Framework

Data Access Controls

GIS LayerAccess

Higher Level Credential

ILHDSIF

ILHDSIF

“Identity Provider”

Attribute Authorities

CommercialProviders

State Government“BAE” Providers

Higher Level Credential

TLS Session Multi Factor Authentication

Trusted PIV and PIV-I Authentication

Service

Smart Card Holder

Logical Access IdPApplication(s)

Mutually Authenticated TLS

Session Attribute Retrieval

1. US FBPKI 2. Extended CA 3. Community

SimpleIDTM Java Applet

gathers Smart Card Info

SiteMinder

ADFS DHSAttribute

Authorities

PACS

SAML 2 WSFederation

Information Sharing Registrar Portal

3

21

6 5

TSCP Specification or Interface document

TSCPAssertion

Profile

4

STEP 1 STEP 2

Step 3

STEP 4 STEP 5

Full NIST PKITS Compliant

PDVal performed on PIVAuth

Certificate via Pathfinder

Deployment

dependent

Vetting and/or

Approval process

Optional Call- Out to ‐

SAML Attribute

Provider or Back- End‐

Attribute Exchange

PIV/CAC/PIV-IData Profile

Entitlement Manager

SharePoint

No additional client middleware from TSCP

Information Sharing Cloud

PAGE 6 | TSCP

Policy Control

ADFS

PAGE 7 | TSCP

TSCP Operational Trust Framework

• Cyber Trust Framework - Business Models for Industry Partnership

• Cyber Trust Framework - Real World Implementation

• Cyber Trust Framework - Operational Technology Solutions

• Cyber Trust Framework - Government Initiatives

• Regional Secure Information Sharing Pilot for Critical Infrastructure

Workshop Track Themes