Elements of Trust Framework for Cyber Identity Access
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Governance Trust Framework Trusted Identity Credentials Operational Trust Framework Multi‐Lateral Trust & Operating Agreement Identity Providers Federation Bridge & Credential Exchange Operator Credential Service Providers Attribute Providers Federation Organization Membership Agreement • Standardized credentials and authentication processes. • Single framework for governance with agreements, operating rules and technical specifications for interoperability through the federation operator. PAGE 1 | TSCP Accreditation Certification & Audit Process Trust Framework Provider Relying Parties Attribute Exchange Service Bridge Service Certificate Policy Criteria & Methodology for Cross Certification Federation Governance Body Service Agreement Common Operating Rules Certification Practice Statement Technical Specifications Membership/Participation Governance Documents Federation Trust Governance Documents Technical Documents Federation Organization Governance/ Bylaws
TSCP Trust Framework Services • TSCP maturing operational elements of the Trust Framework • • • Business Models Legal Agreements Liability Models Privacy Issues Approved products • Expanding operations and applicability of the TSCP Trust Framework Services PAGE 2 | TSCP
Trust Framework Development Process Define Use Cases Access Control Working Group Trust Framework Working Group • Business • Legal • Privacy • Technical Build Pilot Environment Configure Pilot Environment Issue Credentials PAGE 3 | TSCP Conduct Pilot
NSTIC Grant - Financial Institution Pilot Use Cases 1. 401 K Administrator Access Employer Issued Credentials: Responsibilities: & PIN + ü Proof and vet strong Identity information Log in Employer choice ü Issues Credentials ü Sets permissible use ü Provides training and support ü Authenticates login transactions 2. Employee Access & PIN or & PIN + Log in Employee choice
Secure Information Sharing for Critical Infrastructure TSCP Trust Framework Data Providers Data Access Controls Data Consumers GIS Layer Access Information Sharing Exchange Cloud Environment ILH DSIF “Identity Provider” Credential Providers EOC ILH DSIF Attribute Authorities Higher Level Credential Commercial Identity Providers PAGE 5 | TSCP State Government Identity Providers Commercial Providers State Government “BAE” Providers
Trusted PIV and PIV-I Authentication Service STEP 1 STEP 2 Information Sharing Registrar Portal Logical Access Id. P Application(s) 1. US FBPKI 2. Extended CA 3. Community Smart Card Holder Full NIST PKITS Compliant 1 No additional client middleware from TSCP Information Sharing Cloud 2 TLS Session Multi Factor Authentication PDVal performed on PIVAuth Certificate via Pathfinder Mutually Authenticated TLS Session Attribute Retrieval SAML 2 STEP 5 Entitlement Manager Share. Point PAGE 6 | TSCP PIV/CAC/PIV-I Data Profile 5 STEP 4 Site. Minder TSCP Assertion Profile WS Federation 6 ADFS 3 4 Step 3 TSCP Specification or Interface document Simple. IDTM Java Applet gathers Smart Card Info Policy Control Deployment Optional Call‐‐‐Out to dependent PACS Vetting and/or Approval process ADFS DHS Attribute Authorities SAML Attribute Provider or Back‐‐‐End Attribute Exchange
TSCP Operational Trust Framework Workshop Track Themes • Cyber Trust Framework - Business Models for Industry Partnership • Cyber Trust Framework - Real World Implementation • Cyber Trust Framework - Operational Technology Solutions • Cyber Trust Framework - Government Initiatives • Regional Secure Information Sharing Pilot for Critical Infrastructure PAGE 7 | TSCP
- Slides: 7