helena sims nacha – the electronic payments association overview of the electronic authentication...
TRANSCRIPT
Helena Sims
NACHA – The Electronic Payments Association
Overview ofThe Electronic Authentication
Partnership
Tenth Federal & Higher Education PKI Coordination Meeting
Electronic Authentication Partnership
Mission Statement
Goal:– Reliable Identity
Authentication– Convenience– Ease of use
We Propose to:– Create a voluntary partnership– Promote trust and Interoperability– Develop an evaluation process– Build on what exists– Work cooperatively with other
nations’ identity systems
Tasks:The EAP Will Develop
• Operating Rules Addressing
– Business requirements and processes
– Standards for Credentials
– Hierarchical assurance levels
– Criteria for evaluating credentials at each assurance level
• Evaluation, accreditation and compliance with credentialing process
• Accreditation List
EAP Framework: Benefits
• Focuses on traditional problem areas for federated authentication.
• Complements and leverages existing initiatives.• Provides a framework that will:
– Enhance the utility and portability of credentials across circles of trust.
– Expand markets by promoting wider use of credentials.
– Help authentication initiatives validate their approaches to credentialing.
EAP Framework
Authe
ntic
atio
n Ris
k an
d
Assur
ance
Lev
els
Cre
dent
ial r
equi
rem
ents
A
ccre
dita
tion
proc
ess
for
cred
entia
ls &
pro
vide
rs
Com
mon
bus
ines
s ru
les
Lis
t of t
rust
ed c
rede
ntia
l
pro
vide
rs w
ith E
AP
bran
d
Governance StructureA public/private governance structure to establish and maintain a federated identity
management framework
EAP Framework: Development Approach
USG
Private sector
Education
Health
Etc.
Processes and Rules Sets
Credential Standards
Evaluation processes
EAP Working Groups produce EAP
Framework
EAP Framework
Reassess and update based on market
conditions and changes
Background
• Spring 2003 White Papers by CSIS and Johns Hopkins
• June through December 2003 - Four CSIS Work Group Meetings
• December 11, 2003 - Public Forum to Announce EAP
• 2004 – Six Meetings So Far• Active Workgroups
Workgroups
• Business Requirements and Processes – Linda Elliot, PingID Network, Chair– Thomas J. Greco, Betrusted, Vice Chair
• Credential Services Assessment Criteria, Levels of Assurance – R.J. Schlecht, Mortgage Bankers Association of America,
Chair – Von Harrison, GSA, Vice Chair– Subworkgroup Chairs
• Dr. Peter Alterman, NIH• Nancy Black, Consultant
Workgroups
• Evaluation, Accreditation and Compliance– Cornelia Chebinou, National Association of
State Auditors, Comptrollers and Treasurers, Chair
• EAP Governance– Paula Arcioni, New Jersey Office of
Information Technology, Chair– Roger Cochetti, CompTIA, Vice Chair
Workgroup on Business Requirements and Processes
• General Rights and Obligations– Credential Services Providers– Relying Parties
• Assessor Participation
• Agreements Process to Bind Participants to Business Rules
• Privacy and Fair Information Practices
• Enforcement and Recourse, including fines
Workgroup on Services Assessment Criteria, Levels of Assurance and
Technical Interoperability• Levels of Assurance• Service Assessment Criteria (SAC) for use by
Assessors– Common Organizational SAC– Identity Proofing SAC– Credential Management SAC
• Technical Interoperability– Components of interoperability – Options and recommendations for EAP adoption
Workgroup on Evaluation, Accreditation and Compliance
• Accreditation, Assessment and Certification– Accreditation of Assessors– Certification of Credential Service Provider
Offerings– Process for Handling Non-Compliance– Acceptable Public Statements Regarding EAP
Accreditation and Certification
Workgroup on EAP Governance
• Developed Charter – Approved September 2, 2004
• Developing EAP Budget
Time Frames
• Remainder of 2004– Election of Board and Officers– Adoption of First Set of Operating Rules
• 2005 – Earlier Adopters Phase– Revise Rules Based on Experience
• 2006 –Production Phase - Begin Full Scale Implementation
EAP Information
• Next Meeting: February 9, 2005 in DC
– Come Join Us!
– To Register: [email protected]
• Web Site: www.eapartnership.org