duff
Uploaded by
15 SLIDES
289 VUES
150LIKES

Enhancing Identity Assurance: The InCommon Silver Framework Overview

DESCRIPTION

The InCommon Silver workshop provides an overview of the Identity Assurance Profile (IAP), developed to establish best practices in identity and access management. This framework is crucial for compliance with NIST 800-63 recommendations for Level of Assurance 2 (LoA2). The InCommon Silver program outlines eight key assessment areas and three general requirement categories, focusing on documentation, authentication strength, and identity registration. The first cohort, including various major universities, aims to implement Silver compliance to foster collaboration and strengthen institutional identity management.

1 / 15

Télécharger la présentation

Enhancing Identity Assurance: The InCommon Silver Framework Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

Playing audio...

  1. Winter 2011 CSG Workshop: InCommon Silver January 12, 2011

  2. Speakers CSG: InCommon Silver

  3. Happy Valley CSG: InCommon Silver

  4. Agenda CSG: InCommon Silver

  5. Overview: What is “InCommon Silver”? • Identity Assurance Profile (IAP) developed by InCommon • Set of requirements around best practices for identity and access management • Aligned with the recommendations in NIST 800-63 for Level of Assurance 2 (LoA2) • Being “Silver compliant” will ensure that an institution’s conforming authentication assertions will be accepted by relying parties at LoA2. CSG: InCommon Silver

  6. InCommon Identity Assurance Program’sIdentity Management Functional Model CSG: InCommon Silver

  7. InCommon Silver Requirements • Eight Assessment Areas • Three General Categories of Requirements • Documentation of policies and procedures and standard operating practices • Strength of authentication and shared secrets (passwords) • Registration of identity subjects and issuance of credentials CSG: InCommon Silver

  8. CIC InCommon Silver Project • University of Chicago • University of Illinois • Indiana University • University of Iowa • University of Michigan • Michigan State University • University of Minnesota • Northwestern University • Ohio State University • The Pennsylvania State University • Purdue University • University of Wisconsin-Madison --------------- • Virginia Tech • University of Washington CSG: InCommon Silver

  9. CIC CIOs and Federation • CIC CIOs Provide Strong Executive Sponsorship • 2007 Goal: • Establish federation infrastructure • Join InCommon by 2008 • 2009 Goal: • Enable Collaboration for Above-the-Campus and Cloud Services • The CIC Universities will implement InCommon Silver to support LoA 2 by Fall 2011. CSG: InCommon Silver

  10. CIC Project Management • Organized with Co-leads • Renee Shuey (PSU), Tom Barton (Chicago) • Organized in Phases • Gap Analysis: Campuses had different problems to address • Leverage commonalities; understand differences • Identification of “Silver” population: not “all or nothing” • Regular conference calls • Reviewed IAP detail by detail • Engaged CIC Internal Auditors CSG: InCommon Silver

  11. CIC Project Organization • Work teams aligned with types of requirements • Developing Documentation • Authentication • Active Directory Implementations • Kerberos Implementations • Multi-Factor Implementations • Registration Authority Processes (later) CSG: InCommon Silver

  12. CIC First Cohort • Impact of Being First Cohort • Opportunity to test, influence IAP (Identity Assurance Profile) • Pain Points submitted to TAC (Technical Advisory Committee) • Support Refinement of IAP CSG: InCommon Silver

  13. What is the target? CSG: InCommon Silver

  14. Campus Level Project Management • Fit into Campus Project Management Culture • Silver project doesn’t stand in isolation • Recognize alignment; leverage other campus efforts • Next Segment: Four Campus Stories • Matt Kolb – Michigan State University • Mary Dunker – Virginia Tech • Chris Pruess – University of Iowa • Tom Barton – University of Chicago CSG: InCommon Silver

  15. Resources • CIC Identity Management Projecthttp://www.cic.net/Home/Projects/Technology/IdMgmt/Introduction.aspx • InCommon Identity Assurancehttp://www.incommonfederation.org/assurance/ • Internal Audit Involvementhttps://www.cic.net/Libraries/Technology/Internal_Audit_Involvement_Silver.sflb.ashx • Management Assertions Example https://www.cic.net/Libraries/Technology/Audit_Management_Assertions.sflb.ashx CSG: InCommon Silver

More Related