FICAM Status Update & Adoption Process Overview
GFIPM FICAM
Status Update
GFIPM Delivery Team Meeting
November 2011
What is FICAM?
P
P
e
e
r
r
s
s
o
o
n
n
s
s
N
N
o
o
n
n
-
-
P
P
e
e
r
r
s
s
o
o
n
n
s
s
L
L
o
o
g
g
i
i
c
c
a
a
l
l
A
A
c
c
c
c
e
e
s
s
s
s
P
P
h
h
y
y
s
s
i
i
c
c
a
a
l
l
A
A
c
c
c
c
e
e
s
s
s
s
•
PIV Credentials
•
PIV-
Interoperable
Credentials
•
Open
Solutions
-
OpenID
-
iCard
-
SAML
-
WSFed
-
Etc.
U.S. Federal PKI
Trust Frameworks
ICAM Identity Assurance Governance
FICAM Relation to GFIPM
•
FICAM/GFIPM:
–
GFIPM can gain wider adoption of standards by
conforming to FICAM framework
•
Involves mostly minor changes to GFIPM specs
•
Already identified required changes
•
FICAM/NIEF:
–
NIEF can grow in size and scope by becoming a
FICAM Trust Framework Provider (TFP)
•
Requires GFIPM changes as a prerequisite
FICAM Trust Framework Provider
Adoption Process (TFPAP)
•
FICAM structure includes “Trust Framework
Providers” (TFPs)
•
TFP Adoption Process
–
Defines criteria for becoming a TFP
–
Criteria differ by NIST LOA
•
Several TFPs adopted
–
Includes InCommon, others
–
None at NIST LOA-3 yet
NIEF Adoption as FICAM TFP:
History and Current Status
•
“FICAM TFP Self-Assessment for NIEF”
–
Document written by GTRI in Summer 2011
–
Lays out six (6) steps required for TFP adoption
•
See next slide
–
Reviewed by FICAM reps w/ positive feedback
–
Available for review
•
Next Step: Begin working through the steps
–
Timeline is TBD (Funding?)
Steps for NIEF TFP Adoption (1-3)
1.
Make minor alterations to the GFIPM Web Browser User-to-
System Profile, and adopt it for use by NIEF IDPs and SPs.
–
Must conform to FICAM SAML Profile.
2.
Adopt a more clearly defined set of requirements regarding
IDP assertion of identities at NIST LOA 2 and LOA 3 as
defined in NIST Special Publication 800-63.
–
Draft policy language already written.
3.
Adopt a new set of policies regarding IDP and SP compliance
with FICAM policies to protect the privacy of end-user data.
Source: “FICAM TFP Self-Assessment for NIEF”
Steps for NIEF TFP Adoption (4-6)
4.
Develop appropriate frameworks and procedures to facilitate
audits of both the NIEF Center and NIEF IDPs for compliance
with applicable policies.
–
Could entail significant cost.
5.
Extend the GFIPM Metadata Spec to include a new entity
attribute to express the maximum NIST LOA (or to list all
LOAs) at which an IDP may assert identities.
6.
Formally submit a FICAM TFP Assessment Package, and work
with the FICAM Assessment Team as needed during the
assessment process.
Source: “FICAM TFP Self-Assessment for NIEF”
Relationships between GFIPM and FICAM frameworks, focusing on how GFIPM can conform to FICAM for wider standard adoption. Delve into the steps required for NIEF adoption as a FICAM Trust Framework Provider, highlighting necessary changes and processes for alignment. Understand the significance of governance, identity assurance, and trust frameworks within the context of ICAM and federal PKI credentials.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011
What is FICAM? Physical Access Logical Access Non-Persons Persons
ICAM Identity Assurance Governance PIV Credentials U.S. Federal PKI PIV- Interoperable Credentials Open Solutions - OpenID - iCard - SAML - WSFed - Etc. Trust Frameworks
FICAM Relation to GFIPM FICAM/GFIPM: GFIPM can gain wider adoption of standards by conforming to FICAM framework Involves mostly minor changes to GFIPM specs Already identified required changes FICAM/NIEF: NIEF can grow in size and scope by becoming a FICAM Trust Framework Provider (TFP) Requires GFIPM changes as a prerequisite
FICAM Trust Framework Provider Adoption Process (TFPAP) FICAM structure includes Trust Framework Providers (TFPs) TFP Adoption Process Defines criteria for becoming a TFP Criteria differ by NIST LOA Several TFPs adopted Includes InCommon, others None at NIST LOA-3 yet
NIEF Adoption as FICAM TFP: History and Current Status FICAM TFP Self-Assessment for NIEF Document written by GTRI in Summer 2011 Lays out six (6) steps required for TFP adoption See next slide Reviewed by FICAM reps w/ positive feedback Available for review Next Step: Begin working through the steps Timeline is TBD (Funding?)
Steps for NIEF TFP Adoption (1-3) 1. Make minor alterations to the GFIPM Web Browser User-to- System Profile, and adopt it for use by NIEF IDPs and SPs. Must conform to FICAM SAML Profile. 2. Adopt a more clearly defined set of requirements regarding IDP assertion of identities at NIST LOA 2 and LOA 3 as defined in NIST Special Publication 800-63. Draft policy language already written. 3. Adopt a new set of policies regarding IDP and SP compliance with FICAM policies to protect the privacy of end-user data. Source: FICAM TFP Self-Assessment for NIEF
Steps for NIEF TFP Adoption (4-6) 4. Develop appropriate frameworks and procedures to facilitate audits of both the NIEF Center and NIEF IDPs for compliance with applicable policies. Could entail significant cost. 5. Extend the GFIPM Metadata Spec to include a new entity attribute to express the maximum NIST LOA (or to list all LOAs) at which an IDP may assert identities. 6. Formally submit a FICAM TFP Assessment Package, and work with the FICAM Assessment Team as needed during the assessment process. Source: FICAM TFP Self-Assessment for NIEF
