Helena Sims

NACHA – The Electronic Payments Association

Overview ofThe Electronic Authentication

Partnership

Tenth Federal & Higher Education PKI Coordination Meeting

Electronic Authentication Partnership

Mission Statement

Goal:– Reliable Identity

Authentication– Convenience– Ease of use

We Propose to:– Create a voluntary partnership– Promote trust and Interoperability– Develop an evaluation process– Build on what exists– Work cooperatively with other

nations’ identity systems

Tasks:The EAP Will Develop

• Operating Rules Addressing

– Business requirements and processes

– Standards for Credentials

– Hierarchical assurance levels

– Criteria for evaluating credentials at each assurance level

• Evaluation, accreditation and compliance with credentialing process

• Accreditation List

EAP Framework: Benefits

• Focuses on traditional problem areas for federated authentication.

• Complements and leverages existing initiatives.• Provides a framework that will:

– Enhance the utility and portability of credentials across circles of trust.

– Expand markets by promoting wider use of credentials.

– Help authentication initiatives validate their approaches to credentialing.

EAP Framework

Authe

ntic

atio

n Ris

k an

d

Assur

ance

Lev

els

Cre

dent

ial r

equi

rem

ents

A

ccre

dita

tion

proc

ess

for

cred

entia

ls &

pro

vide

rs

Com

mon

bus

ines

s ru

les

Lis

t of t

rust

ed c

rede

ntia

l

pro

vide

rs w

ith E

AP

bran

d

Governance StructureA public/private governance structure to establish and maintain a federated identity

management framework

EAP Framework: Development Approach

USG

Private sector

Education

Health

Etc.

Processes and Rules Sets

Credential Standards

Evaluation processes

EAP Working Groups produce EAP

Framework

EAP Framework

Reassess and update based on market

conditions and changes

Background

• Spring 2003 White Papers by CSIS and Johns Hopkins

• June through December 2003 - Four CSIS Work Group Meetings

• December 11, 2003 - Public Forum to Announce EAP

• 2004 – Six Meetings So Far• Active Workgroups

Workgroups

• Business Requirements and Processes – Linda Elliot, PingID Network, Chair– Thomas J. Greco, Betrusted, Vice Chair

• Credential Services Assessment Criteria, Levels of Assurance – R.J. Schlecht, Mortgage Bankers Association of America,

Chair – Von Harrison, GSA, Vice Chair– Subworkgroup Chairs

• Dr. Peter Alterman, NIH• Nancy Black, Consultant

Workgroups

• Evaluation, Accreditation and Compliance– Cornelia Chebinou, National Association of

State Auditors, Comptrollers and Treasurers, Chair

• EAP Governance– Paula Arcioni, New Jersey Office of

Information Technology, Chair– Roger Cochetti, CompTIA, Vice Chair

Workgroup on Business Requirements and Processes

• General Rights and Obligations– Credential Services Providers– Relying Parties

• Assessor Participation

• Agreements Process to Bind Participants to Business Rules

• Privacy and Fair Information Practices

• Enforcement and Recourse, including fines

Workgroup on Services Assessment Criteria, Levels of Assurance and

Technical Interoperability• Levels of Assurance• Service Assessment Criteria (SAC) for use by

Assessors– Common Organizational SAC– Identity Proofing SAC– Credential Management SAC

• Technical Interoperability– Components of interoperability – Options and recommendations for EAP adoption

Workgroup on Evaluation, Accreditation and Compliance

• Accreditation, Assessment and Certification– Accreditation of Assessors– Certification of Credential Service Provider

Offerings– Process for Handling Non-Compliance– Acceptable Public Statements Regarding EAP

Accreditation and Certification

Workgroup on EAP Governance

• Developed Charter – Approved September 2, 2004

• Developing EAP Budget

Time Frames

• Remainder of 2004– Election of Board and Officers– Adoption of First Set of Operating Rules

• 2005 – Earlier Adopters Phase– Revise Rules Based on Experience

• 2006 –Production Phase - Begin Full Scale Implementation

EAP Information

• Next Meeting: February 9, 2005 in DC

– Come Join Us!

– To Register: lhumphries@nacha.org

• Web Site: www.eapartnership.org