this work was performed under the following financial assistance award 70nanb13h189 from the u.s....
TRANSCRIPT
Scaling InteroperableTrust through a
Trustmark Marketplace
Georgia Tech Research Institute**Slides extracted from various Presentations
–
With Permission**This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards and Technology
Our Approach: Componentization
…then we get:
If the frameworks were modular…
Greater transparency of trust framework
requirements
Greater ease of comparability
between frameworks
Greater potential for reusability of framework
components
Greater potential for participation in multiple trust frameworks by ID Ecosystem members with incremental effort and cost
And, most importantly:
ID Trust Framework B
ID Trust Framework A
NIST 800-63LOA 3 OAuth
ID Trust Framework C
FIPS 200FICAM SAML SSO FIPPs OpenID
These modular components are called Trustmarks.
A Trustmark-Based ID Ecosystem
IDP AP
RP RPRP
IDP AP
RP RP
IDP
RP
IDP
RP RP
IDP
RP
APIDP
ID Trust Framework B
ID Trust Framework A
ID Trust Framework C
Existing Trust Frameworks could be expressed as a set of components called a TIP.
Trust Interoperability Profile B
Trust Interoperability Profile A
Trust Interoperability Profile C
A Trustmark-Based ID Ecosystem
IDP AP
RP RPRP
IDP AP
RP RP
IDP
RP
IDP
RP RP
IDP
RP
APIDP
Then each member of the community can acquire the necessary Trustmarks based on the TIP.
TIP BTIP A TIP C
Trustmarks can be acquired through a Trustmark Provider.
Trustmark Provider There can be many Trustmark
Providers in the ID Ecosystem.
Trustmark Provider
Trustmark Provider
Trustmark Provider
Trustmark Provider
Trustmark Provider
Trustmark Provider
A Trustmark-Based ID Ecosystem
IDP AP
RP RPRP
IDP AP
RP RP
IDP
RP
IDP
RP RP
IDP
RP
APIDP
Trustmarks can be stored in a searchable Trustmark
Registries or shared directly with partners.
TIP BTIP A TIP C
Trustmark Registry
IDP X:RP Y:Etc.
Trustmark Registry
IDP X:RP Y:Etc.
Trustmark Registry
IDP X:RP Y:Etc.
Scope of the NSTIC Trustmark Pilot
Trustmark Framework
Normative Trustmark Spec
Normative TD SpecNormative
TIP SpecTrustmark Policy
TemplateTrustmark Agreement Template
NIEF Pilot Expanded Pilot via NASCIO/SICAM
Concept MaturationTrustmark Concept
PresentationTrustmark Pilot
Concept WebsiteOutreach to IDESGOutreach to NIEF
MembershipOutreach to SICAM
StakeholdersOutreach to Other
Stakeholders
Sample TDs, TIPs, and Trustmarks
Comm. Protocol TDs & Trustmarks
Identity LOA TDs & Trustmarks
End-User Privacy TDs & Trustmarks
Security Policy TDs & TrustmarksOther TDs & Trustmarks
Sample TIPs for NIEF Community
Sample Tools
Trustmark Assessment Tool
for Trustmark Providers
Trustmark Generating &
Publishing Tool for Trustmark Providers
Trustmark Registry Query Tool
1 2 3 4
5 6
Issue Trustmarks to Current NIEF Members
Modify Tech Framework, Specs, TDs, TIPs, Policies, Agreements, and Tools as Needed
Identify SICAM Use CasesIssue Trustmarks to More IDPs, APs, and RPs via
a New Trustmark ProviderDemonstrate SICAM Use Cases in a
Multiple-Trustmark-Provider Marketplace
Trustmark Defining
Organization
Stakeholder Community
Trustmark Definition
Is Represented By
Defines
Trustmark Recipient
Trustmark Relying Parties
Org. 1
Org. 2
End User
Trust Interop Profile
Trustmark A
Trustmark B
Trustmark C
Is Used By
Is Required By
Is Trusted By
Trustmark Provider
Is Required By
Issues
The Trustmark Framework
AAM
VA
InCo
mm
on
GFI
PM
FICA
M
NIE
F
Oth
ers
Creating Modular Common Components
TransformationProcess
Step 1: Gather trust and interop requirements
from many frameworks
Step 2: Break down and reassemble requirements into modular, reusable components
Step 3: Express modularized requirements in a standard
format to encourage broad reuse
TrustmarkDefinition
TrustmarkDefinition
TrustmarkDefinition
GTRI NSTIC Pilot Trustmark Analysis
122 distinct
trustmarks identified
(so far)
Covers FICAM,
GFIPM, & NIEF
communities
Also covers FIPPs
(privacy) topics
Trustmarks By Category
Identity Assurance Policy(10 Total, 10 Essential to Pilot)
Privacy Policy(23 Total, 15 Essential to Pilot)
Technical Interoperability(57 Total, 8 Essential to Pilot)
Technical Trust(4 Total, 3 Essential to Pilot)
Attribute Assurance Policy(2 Total, 2 Essential to Pilot)
Organizational Integrity / Bona Fides(6 Total, 3 Essential to Pilot)
Usability(2 Total, 0 Essential to Pilot)
Security Policy(18 Total, 18 Essential to Pilot)
Requirements = Trustmark Component Definitions (TCDs)
TCD Spec
Ensures that all TCDs contain the minimal info required to promote legitimacy and encourage reuse
• Name of TDO / Publisher• Canonical Published Location (URL/URI)• Name of TCD• Description and Intended Purpose• Target Stakeholder Audience of TCD• Date of Publication• Version Number• Visual Icon or Image
Defines a common structure and syntax for all TCDs
• Ensures consistency and machine readability for all TCDs• Allows for greater ease of understanding a TCD• Makes TCDs more likely to be considered for reuse (TCD reuse leads to trustmark reuse)• Allows for standards-based TCD tools to proliferate
XML
HTML
Trustmark Assessment Tool Process Flow
Trustmark Assessment Tool
Database
Trustmark Assessment
Tool
Trustmark Definitions& Profiles
Trustmark Provider
Trustmark Recipient
1. Load TCDs intoAssessment Tool
2. Receive requestfor trustmark fromTrustmark Recipientcandidate
3. Perform assessmentof Trustmark Recipientcandidate
4. Store assessmentartifacts / evidencein database
5. Issue trustmark toTrustmark Recipient