160 likes | 310 Vues
Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination Meeting. Helena Sims NACHA – The Electronic Payments Association. Electronic Authentication Partnership Mission Statement. Goal: Reliable Identity Authentication Convenience
 
                
                E N D
Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination Meeting Helena Sims NACHA – The Electronic Payments Association
Electronic Authentication PartnershipMission Statement Goal: • Reliable Identity Authentication • Convenience • Ease of use We Propose to: • Create a voluntary partnership • Promote trust and Interoperability • Develop an evaluation process • Build on what exists • Work cooperatively with other nations’ identity systems
Tasks:The EAP Will Develop • Operating Rules Addressing • Business requirements and processes • Standards for Credentials • Hierarchical assurance levels • Criteria for evaluating credentials at each assurance level • Evaluation, accreditation and compliance with credentialing process • Accreditation List
EAP Framework: Benefits • Focuses on traditional problem areas for federated authentication. • Complements and leverages existing initiatives. • Provides a framework that will: • Enhance the utility and portability of credentials across circles of trust. • Expand markets by promoting wider use of credentials. • Help authentication initiatives validate their approaches to credentialing.
EAP Framework Common business rules Accreditation process for credentials & providers List of trusted credential providers with EAP brand Credential requirements Authentication Risk and Assurance Levels Governance Structure A public/private governance structure to establish and maintain a federated identity management framework
Reassess and update based on market conditions and changes USG Credential Standards EAP Working Groups produce EAP Framework Private sector Education Processes and Rules Sets Health EAP Framework Etc. Evaluation processes EAP Framework: Development Approach
Background • Spring 2003 White Papers by CSIS and Johns Hopkins • June through December 2003 - Four CSIS Work Group Meetings • December 11, 2003 - Public Forum to Announce EAP • 2004 – Six Meetings So Far • Active Workgroups
Workgroups • Business Requirements and Processes • Linda Elliot, PingID Network, Chair • Thomas J. Greco, Betrusted, Vice Chair • Credential Services Assessment Criteria, Levels of Assurance • R.J. Schlecht, Mortgage Bankers Association of America, Chair • Von Harrison, GSA, Vice Chair • Subworkgroup Chairs • Dr. Peter Alterman, NIH • Nancy Black, Consultant
Workgroups • Evaluation, Accreditation and Compliance • Cornelia Chebinou, National Association of State Auditors, Comptrollers and Treasurers, Chair • EAP Governance • Paula Arcioni, New Jersey Office of Information Technology, Chair • Roger Cochetti, CompTIA, Vice Chair
Workgroup on Business Requirements and Processes • General Rights and Obligations • Credential Services Providers • Relying Parties • Assessor Participation • Agreements Process to Bind Participants to Business Rules • Privacy and Fair Information Practices • Enforcement and Recourse, including fines
Workgroup on Services Assessment Criteria, Levels of Assuranceand Technical Interoperability • Levels of Assurance • Service Assessment Criteria (SAC) for use by Assessors • Common Organizational SAC • Identity Proofing SAC • Credential Management SAC • Technical Interoperability • Components of interoperability • Options and recommendations for EAP adoption
Workgroup on Evaluation, Accreditation and Compliance • Accreditation, Assessment and Certification • Accreditation of Assessors • Certification of Credential Service Provider Offerings • Process for Handling Non-Compliance • Acceptable Public Statements Regarding EAP Accreditation and Certification
Workgroup on EAP Governance • Developed Charter – Approved September 2, 2004 • Developing EAP Budget
Time Frames • Remainder of 2004 • Election of Board and Officers • Adoption of First Set of Operating Rules • 2005 – Earlier Adopters Phase • Revise Rules Based on Experience • 2006 –Production Phase - Begin Full Scale Implementation
EAP Information • Next Meeting: February 9, 2005 in DC • Come Join Us! • To Register: lhumphries@nacha.org • Web Site: www.eapartnership.org