Download
liberty alliance identity assurance framework n.
Skip this Video
Loading SlideShow in 5 Seconds..
Liberty Alliance Identity Assurance Framework PowerPoint Presentation
Download Presentation
Liberty Alliance Identity Assurance Framework

Liberty Alliance Identity Assurance Framework

104 Views Download Presentation
Download Presentation

Liberty Alliance Identity Assurance Framework

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Liberty Alliance Identity Assurance Framework from a practical point of view ... in a Danish context Jan Riis jri lakeside.dk @ IDTrust’08 - NIST - Gaithersburg - 2008-03-05

  2. A little History • Danish Healthcare has been working 3 years with Identity Based Web Services • 2005 MedCom and Danish Regions • ”Competed” for the first standard/profile • No governance towards standardization: • No Authentication levels defined • No high level architecture for WS communication • No criteria for assuring trust of key WSP’s

  3. Consequences • Parties started out with 6 levels of ”authenticity” • Some based on PKI • Some based on username/pwd • Some levels for ”delegated trust”(systems vouching for user authenticity) • Some levels target cross-cutting security properties(non-repudiation of messages etc.)

  4. There is a need for IAF! • ITST standardized authentication levels in 2006 for all public systems • Directly referred to NIST work • 2007 Health sector standards were aligned with national guidelines • Without the national/international standards, this would not have happened!

  5. Trust relationships? • NIST Authentication levels does not relate directly to “trust” • So how will the concept of “trust” be used in Danish Health Care? • Enter: “Digital Health Denmark” • Aims at increasing treatment quality by “enabling” access to all relevant information

  6. A few years from now? Public Regional Solutions Other Health Solutions Governmental services (eg. public Medication/Prescription) Private HospitalSolutions Private Practitioners Solutions

  7. Solution 1 - establish trust? Public Regional Solutions Other Health Solutions S T S S T S Governmental services (eg. public Medication/Prescription) Private HospitalSolutions Private Practitioners Solutions S T S S T S

  8. Solution 2 - National ESB+PKI? Other Health Solutions Public Regional Solutions NationalESB+STSsolution Private Practitioners Solutions Private HospitalSolutions Governmental services (eg. public Medication/Prescription)

  9. National Distributed ESB+PKI Other Health Solutions Public Regional Solutions NationalESB+STSsolution Private Practitioners Solutions Private HospitalSolutions Governmental services (eg. public Medication/Prescription)

  10. Preconditions for implementation • Based on a “Federated ESB” pattern • Other parties are now exposing services on the “National ESB” • Digital Health is responsible for QoS etc. • Preconditions: • Common understanding of levels of authentication assurance • Very strong governance as to which criteria must be met to join the national ESB • Assessment criteria for services for the ESB • Accreditation and certification rules = Many parts of IAF

  11. Taking IAF further? • IdP’s/STS’ are also WSP’s • My wish:Separate the WSP assessment criteria from and create “SPAF” • Make IAF an IdP specialization of “SPAF”

  12. Trust! Another example of IAF usage • Health Professionals will once and again need access to other domains (other federations) IdP/STS

  13. Thank You! ? Questions?