assuring identities in an open trust framework interoperability and connectivity: privacy, security...
TRANSCRIPT
Assuring Identities in an Open Trust Framework
Interoperability and Connectivity: Privacy, Security and Trust in Health Information Exchange - 5th Annual WHIT Congress – 11/10/2009
The Identity Assurance FrameworkKantara Initiative
Pete PalmerCo-Chair - Kantara Healthcare Identity Assurance Work Group
Disclaimer
Provider
This presentation is the result of work developed by volunteers of the Electronic Authentication Partnership, the Liberty Alliance, and the Kantara Initiative and is not a work product of Surescripts.
Kantara Overview Founded: April 20, 2009 Trustees: AOL, BT, CA, Fidelity, Intel, Internet
Society, Liberty Alliance, Neustar, Novell, NRI, NTT, Oracle, PayPal and Sun
( see: http://kantarainitiative.org/confluence/display/GI/Current+Members )
Purpose: To bridge and harmonize identity community efforts To ensure secure online interactions To enhance personal privacy To assure interoperability between OpenID, Liberty,
InfoCard and other identity management solutions.
Kantara Healthcare Work Group Founded: August, 2009 History: Was Liberty Alliance Health Care Work Group Purposes:
Implement patient access to their medical information and health care providers system using open source solutions
Implement simplified health care worker identity management Review/Endorse identity assurance framework to support health information
exchanges (HIEs) and the US nationwide health information network (NHIN) Review/endorse patient identification standards for on-line and card identifiers Work with vendors to help foster interoperability
Current co-chairs: John Fraser, MEDNETWorld.com, Pete Palmer, Surescripts, and Rick Moore, eHealth Ohio.
Home Page: http://kantarainitiative.org/confluence/display/healthidassurance/Home
Full Charter is at: http://kantarainitiative.org/confluence/display/healthidassurance/Charter
Identity in the Physical World
Today’s Collection of Identity Silos
Joe’s Fish Market.Com
Tropical, Fresh Water, Shell Fish, Lobster,Frogs, Whales, Seals, Clams
What the User wants…
Simplified online experience Get rid of the need for multiple
user-ids and passwords Fewer clicks
Protected personal information Reduce my risk from fraud
Better product & service offerings Web 2.0 and/or “smart phone”
data service integration
There are Two Problem Areas Technical Interoperability
Does the client application I'm using “talk” to the systems I want to use? (can I type in my PIN on my iPhone and have unfettered access to services without logging in again?)
Does the system that authenticates me (vouches for me) “talk” to the service provider systems I want to access? (can I login to my bank's site and use that to pay my taxes, book travel, and check my Gmail account?)
Operational Interoperability & Assurance Do the commercial and government systems “trust” each
others' systems, operating procedures, vetting practices, etc.? (i.e., understand & accept the distribution of liability when/if something goes wrong)
We’ll focus today on the Operational Interoperability & Assurance Aspects
…so why the need for a common standard?
Identity Assurance Framework
ATM Historic Analogy
Seamless Access Across all Networks
Linkage of Trust Domains
.com .com
.com.com
.com.com
.com .com
.com.com
.com.com.com .com
.com.com
.com.com
Bank ATMNetwork A
Bank ATMNetwork B
Bank ATMNetwork C
Bank AATM Card
Bank BATM Card
Bank CATM Card
Separate Cards with Each Bank
Individual Accounts with Many Web Sites
.com
.com
.com
Bank AATM Card
Bank BATM Card
Bank CATM Card
Linked Cards within Bank Networks
Federated Accounts within Trust Domain
.com
.com
.com
.com
.com
.com
Bank ATMNetwork A
Bank ATMNetwork B
Bank ATMNetwork C
Federated Cloud:RP applications trusting
Federations, who enroll & monitor CSP’s compliant w/FO policies,
based on Assessor Assessments
Identity Ecosystem: Trust
End user (subscriber)
Federation OperatorAssessor
Government Applications,
Services, Resources
Authentication Technology
Credential Service Provider
RelyingParties
Identity Assurance Framework What is it?
Framework supporting mutual acceptance, validation and lifecycle maintenance across identity federations (i.e. systems that trust each other)
Started with EAP Trust Framework, UK tScheme and US e-Auth Federation Credential Assessment Framework as baseline
Harmonized, best-of-breed industry identity assurance standard Identity credential policy Business procedure and rule set Baseline commercial terms
Guideline to foster inter-federation (i.e. inter-trust) on a global scale It consists of 4 parts:
Assurance Levels Service Assessment Criteria Assurance Assessment Scheme and Certification Program Business Rules/Deployment Guidelines
IAF enabled Inter-Federated Cloud:RP applications trusting [Certified Federations, who enroll & monitor]
IAF compliant CSP’s, based on Accredited Assessor Assessments
Identity Ecosystem: Trust after IAF
End user (subscriber)
Federation OperatorAssessor
Government Applications,
Services, Resources
Accredited Assessors List
IAF’s Initial Focus
Authentication Technology
Certified Federations
List
Credential Service Provider
RelyingParties
IAF Assurance Levels
Four Primary Levels of Assurance Level 1 – Little or no confidence in asserted identity’s validity Level 2 – Some confidence Level 3 – Significant level of confidence Level 4 – Very high level of confidence
CSPs are certified by Assessors to a specific Level(s)
Note: Assurance level criteria as posited by the OMB M-04-04 & NIST SP 800-63
IAF Assurance Levels Illustrated
Multi-factor auth; Cryptographic protocol; “soft”, “hard”, or “OTP” tokens
Stringent criteria – stronger attestation and verification of records
Stringent organizational criteria
Access to an online brokerage account3
Multi-factor auth w/hard tokens only; crypto protocol w/keys bound to auth process
More stringent criteria – stronger attestation and verification
Stringent organizational criteria
Dispensation of a controlled drug or $1mm bank wire4
Single factor; Prove control of token through authentication protocol
Moderate criteria - Attestation of Govt. ID
Moderate organizational criteria
Change of address of record by beneficiary2
PIN and PasswordMinimal criteria - Self assertion
Minimal Organizational criteria
Registration to a news website1
Assessment Criteria – Credential Mgmt
Assessment Criteria – Identity Proofing
Assessment Criteria – Organization
ExampleAssurance
Level
Assurance Assessment Scheme & Certification Program Oversight by Member Committee
(ARB) Assessor is Accredited based on
application of demonstrated expertise
CSP service is Certified to LOA(s) based on IAF compliance
Technology is Certified to be Interoperable
User has safe, simple access to services
Credential Service Provider
RelyingParties
17
The Result – Identity Ecosystem
Commercial
SocialNetworks
Financial
Government
Institutions
Industry
Employers
Family/Friends
People, Entities,
Machines...
•Ubiquitous interoperability
•Minimize or Eliminate “Token Necklace”
•Customer Convenience
•Consistent User Experience
•Plain Language
•Simplified On-boarding
•Low-to-No Cost
•Ease of Service Selection
•Clear Risk & Liability
PHR
Hospitals
Clinics
Payors
Health Information Exchange - HIE
RLSRLS
EMR
EMR
Interoperability forInteroperability for• Patient LookupPatient Lookup• Clinical Document ExchangeClinical Document Exchange• Privacy and SecurityPrivacy and Security
Goal: Health care simplified authenticationGoal: Health care simplified authentication
Simplified Sign Ons
HIEMemberUsers
Simplified Sign Ons: to Clinics, Google Health, MS HealthVault, etc, or via iPhone or similar smartphone apps
Patient Logins
Health Information Systems – Clinics, Hospitals, etc
Patients Healthcare Workers
HIE Gateway
HIE Gateway
HIE Gateway
HIE Gateway
HIE Gateway
HIE Gateway
HIE Gateway
HIE Gateway
NHIN Gateway
NHIN Gateway
More Information on IAF and the Assurance Certification Program
http://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Certification+Program
Thank You! [email protected]