Embed Size (px)
DESCRIPTION
ITU Workshop on “ ICT Security Standardization for Developing Countries ” (Geneva, Switzerland, 15-16 September 2014). Introduction of ISO/IEC 29003 Identity Proofing. Patrick Curry Director, British Business Federation Authority (& SC27 WG5) p [email protected]. - PowerPoint PPT Presentation
Citation preview
Geneva, Switzerland, 15-16 September 2014
Introduction of ISO/IEC 29003Identity Proofing
Patrick CurryDirector, British Business Federation
Authority (& SC27 WG5)[email protected]
g
ITU Workshop on “ICT Security Standardizationfor Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
Geneva, Switzerland, 15-16 September 2014
2
Why is identity proofing so important?
Trust is globally, strategically essentialAuthentication is key to trustStrength of credential usually depends on strength of enrolment & registrationCore of enrolment is identity proofing and verification Situation is evolving fast and becoming more complex
National eIDEmployee credentialsConsumer credentialsLow and high maturities
Federation is key. Not to be confused with Mutual Recognition
Geneva, Switzerland, 15-16 September 2014
3
Why is identity proofing so important?
Strength of credential usually depends on strength of enrolment & registration. But:
AnonymityPartial anonymityPseudonymity
Depends on the use case
Geneva, Switzerland, 15-16 September 2014
4
What is identity proofing?Process from application to entry into a register = authoritative sourceQuestions
Does the identity exist?Can it be bound to a real person?
Identity proofingChecking the application & evidence of identity for Level of Assurance (LoA)Checking binding to the subject
VerificationExamining corroborative sources of dataLooking for contra-indicatorsNo involvement with the subject
Identity vs PII
Identity – the minimum number of attributes that allow the
person to be unique from all others in the context
Identity
Identity proofing and verification
Eligibility
Capability
Service Delivery
Business Administration
Key points
Identity is the minimumOne identity proofing process will always rely on other previous processes – unless it is the first. Authentication is only the act of identifying a returning user.
Geneva, Switzerland, 15-16 September 2014 6
Geneva, Switzerland, 15-16 September 2014
7
The Key EntitiesPerson
ComplicatedMuch national variation
OrganisationRegister(s) of Legal Organisations6 categories of attributes; 2 mandatory
DeviceTPM best practice – where do FIDO and IBOPS fit?Secure issuance
SoftwareTo be confirmed
Geneva, Switzerland, 15-16 September 2014
8
The fast changing international situation
National cyber strategiesCyber control frameworksPressure for strong authenticationNew regulations
EU eID Authentication & Signature RegulationsEmerging US ID Verification standard Many national e-ID programmesMore authentication requirements in supply chains
Geneva, Switzerland, 15-16 September 2014
9
The role of international standards
Enable interoperability = agilityEnable deployment and affordabilityReduces risks and costsStandards bodies need to:
Engage with governments and industryEstablish better coordinationMove faster
Conclusions and Recommendations
Too slow
Spread the load
Avoid gaps
Broadening communitiesBased on national policies
Become more proactiveCollaborate with ISO and ?Framework approachCommunicate betterGovernments need to participate
Geneva, Switzerland, 15-16 September 2014
10
