Upload
dora-leonard
View
240
Download
0
Tags:
Embed Size (px)
Citation preview
Elements of Trust Framework for Cyber Identity & Access Services
CYBER TRUST FRAMEWORK
Service Agreement
Trust Framework
ProviderIdentity
Providers
Credential Service
Providers
Attribute Providers
Relying Parties
Attribute Exchange Service
Federation Bridge &
Credential Exchange Operator
Multi-Lateral Trust &
Operating Agreement
Criteria & Methodology
for Cross Certification
Technical Specifications
Certification Practice
Statement
Bridge Service
Certificate Policy
Common Operating
Rules
Accreditation Certification
& Audit ProcessOperational
Trust Framework
Governance Trust Framework
Membership/Participation Governance Documents
Federation Trust Governance Documents
Technical Documents
Federation Organization Membership Agreement
Federation Organization Governance/
Bylaws
Trusted IdentityCredentials
Federation Governance
Body
• Standardized credentials and authentication processes.
• Single framework for governance with agreements, operating rules and technical specifications for interoperability through the federation operator.
PAGE 1 | TSCP
PAGE 2 | TSCP
TSCP Trust Framework Services
• TSCP maturing operational elements of the Trust Framework
• Business Models• Legal Agreements• Liability Models• Privacy Issues• Approved products
• Expanding operations and applicability of the TSCP Trust
Framework Services
Trust Framework Development Process
PAGE 3 | TSCP
Build Pilot Environment
Access Control Working Group
Trust Framework Working Group
• Business• Legal• Privacy• Technical
Conduct Pilot
Define Use
Cases
Configure Pilot Environment
Issue Credentials
NSTIC Grant - Financial Institution Pilot Use Cases
Employer Issued Credentials:
Responsibilities:
Proof and vet strong Identity information
Issues Credentials
Sets permissible use
Provides training and support
Authenticates login transactions
1. 401K Administrator Access
2. Employee Access
+
or
Log in
Log in
Employee choice
Employer choice
& PIN
& PIN
+& PIN
PAGE 5 | TSCP
Data Providers Data Consumers
Secure Information Sharing for Critical Infrastructure
Information Sharing Exchange Cloud
Environment EOC
Credential Providers
CommercialIdentity Providers
State GovernmentIdentity Providers
TSCP Trust Framework
Data Access Controls
GIS LayerAccess
Higher Level Credential
ILHDSIF
ILHDSIF
“Identity Provider”
Attribute Authorities
CommercialProviders
State Government“BAE” Providers
Higher Level Credential
TLS Session Multi Factor Authentication
Trusted PIV and PIV-I Authentication
Service
Smart Card Holder
Logical Access IdPApplication(s)
Mutually Authenticated TLS
Session Attribute Retrieval
1. US FBPKI 2. Extended CA 3. Community
SimpleIDTM Java Applet
gathers Smart Card Info
SiteMinder
ADFS DHSAttribute
Authorities
PACS
SAML 2 WSFederation
Information Sharing Registrar Portal
3
21
6 5
TSCP Specification or Interface document
TSCPAssertion
Profile
4
STEP 1 STEP 2
Step 3
STEP 4 STEP 5
Full NIST PKITS Compliant
PDVal performed on PIVAuth
Certificate via Pathfinder
Deployment
dependent
Vetting and/or
Approval process
Optional Call- Out to ‐
SAML Attribute
Provider or Back- End‐
Attribute Exchange
PIV/CAC/PIV-IData Profile
Entitlement Manager
SharePoint
No additional client middleware from TSCP
Information Sharing Cloud
PAGE 6 | TSCP
Policy Control
ADFS
PAGE 7 | TSCP
TSCP Operational Trust Framework
• Cyber Trust Framework - Business Models for Industry Partnership
• Cyber Trust Framework - Real World Implementation
• Cyber Trust Framework - Operational Technology Solutions
• Cyber Trust Framework - Government Initiatives
• Regional Secure Information Sharing Pilot for Critical Infrastructure
Workshop Track Themes