1 / 10

TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck

TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck. TFTM Committee April 16, 2014. What is a T rustmark? Definitions.

brooklyn
Télécharger la présentation

TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TFTM Sub-Committee 01-06What do we need for the IDESG Trust Mark ProgramDiscussion Deck TFTM Committee April 16, 2014 IDESG TFTM Committee

  2. What is a Trustmark? Definitions Used to indicate that a product or service provider has met the requirements of the Identity Ecosystem, as determined by an accreditation authority. (Source: NSTIC Strategy) Statement of conformance to a well-scoped set of identity trust and/or interoperability requirements. (Source: GTRI) Electronic labels or visual representations indicating that an e-merchant/service provider has demonstrated conformity to standards regarding, e.g., security, privacy, and business practice. (Source: European Consumers Centre Network) (E-commerce) An electronic commerce badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization. (Source: Techopedia) Many more… IDESG TFTM Committee

  3. What do these Trustmark Definitions have in common? Means for public recognition – “statement, label, representation, badge, image, logo, indication” Conformance requirements – “well-scoped set of requirements, identity Ecosystem requirements, trust standards” Determination of conformance – “statement of conformance, demonstrated conformity, has met the requirements,shown to be trustworthy” Implied but not as clearly stated: Trust marks issued by 3rd-party to online service providers – “(Trust mark) accreditation authority, issuing organization” IDESG TFTM Committee

  4. What does IDESG need for a Trustmark Program? Set of well-scoped identity management requirements At a minimum to address the NSTIC Guiding principles Means to determine/assert conformance to the defined requirements Requirements expressed as assessment criteria Assessment process Assessors Means to indicate/recognize conformance assertion Trustmark issuing organization IDESG TFTM Committee

  5. Who can receive a Trustmark(s)? Potentially all participating service providers in the Identity Ecosystem (NSTIC Strategy) IDPs CSPs Attribute Providers/Attribute Authorities Relying Parties Other IE participants? Identity media Transaction hubs? Trust brokers? Participants in Trust Frameworks but not necessarily TF Providers unless they are active participants Not end users/subjects IDESG TFTM Committee

  6. What should TFTM/IDESG do to establish requirements? Start with NSTIC Guiding Principles and derived requirements Privacy/Voluntary, Secure/Resilient, Interoperable, Usability/Ease-of-Use 34 derived requirements in 4 sets Coordinate with committees to analyze requirements in relation to functions in functional model Modify, add, delete Compile and document as 4 core sets of requirements (aka, GTRI modular trust components) TFTM Deliverable TFTM-01-04 NSTIC/IDESG Interim Requirements Catalog Could be administered as 4, or more, separate trust marks (GTRI model) Could be single NSTIC trust mark Determine if other requirements for specific communities/use cases should be added beyond core set e.g., GTRI Pilot, COPPA, Patriot Act/Customer Informations Programs, HIPPA, etc. IDESG TFTM Committee

  7. What should TFTM/IDESG do to assess conformance with requirements? Examine/analyze range of conformity assessment approaches Task under TFTM 01-06 Self-assertion, self-certification, peer-peer assessment, independent 3rd party, audit Entities/organizations performing IDM conformance assessments today Qualified/approved assessors IDESG capability to perform assessments Recommend approaches for 2014, 2015 and beyond Map and assess IDESG core requirements against current TFP frameworks and conformity assessment procedures/criteria Tasks for TFTM-01-05 and 01-06 Do current TF/TFP policies and procedures meet all IDESG requirements? Can assessments performed by external TFPs be adopted by IDESG? (FICAM model) IDESG TFTM Committee

  8. What should TFTM/IDESG do to determine/validate conformance based on assessment results? Examine/analyze range of conformity approaches for conformance determination Task under TFTM 01-06 Self-assertion, self-certification, peer-peer assessment, independent 3rd party, assessor/auditor Entities/organizations performing IDM conformance assessments Qualified/approved assessors IDESG capability to perform assessments Recommend approaches for 2014, 2015 and beyond IDESG TFTM Committee

  9. Should IDESG be a trust mark issuer? Examine/analyze trust mark issuer legal responsibilities and obligations Task under TFTM 01-06 Explore/analyze operational and legal options for trust mark issuance Task under TFTM 01-06 Make recommendation for IDESG trust mark issuance 2014, 2015 and beyond IDESG TFTM Committee

  10. Next Steps Summary Support the development and review of IDESG requirements (TFTM 01-04 & 05) Identify common, core requirements for contribution to IDESG committees to develop requirements specific to their domains Identify the priority components for the Identity Ecosystem Framework (01-03) Examine options and make recommendation for approach for IDESG trust mark program conformance assessment for 2014, 2015 and beyond(TFTM 01-06) Examine options and make recommendation for IDESG trust mark issuance for 2014, 2015 and beyond (TFTM 01-06) IDESG TFTM Committee

More Related