SlideShare une entreprise Scribd logo

Rich furr 20111017 topics 2 & 3

Télécharger en tant que PPTX, PDF
Jamie Clark
Jamie Clark

Preso from SAFE-Biopharma's Rich Furr on standards relevant to e-identity: for IIW October 2011

TechnologieBusiness
1  sur  9
NSTIC Day How does industry drive forward SAFE-BioPharma Association
Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. – PKI, non-PKI 2 SAFE-BioPharma Association
Assurance levels, “frameworks“, interparty liability OMB 04-04 – Level 1: Little or no confidence in the asserted identity’s validity – Level 2: Some confidence in the asserted identity’s validity – Level 3: High confidence in the asserted identity’s validity – Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level – Registration and identity proofing – Tokens – Token and credential management mechanisms – Protocols used to support the authentication mechanism between the Claimant and the Verifier – Assertion mechanisms 3 SAFE-BioPharma Association
Assurance levels, “frameworks“, interparty liability PKI – FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. – Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI – FICAM • Levels 1-3 4 SAFE-BioPharma Association
4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADS I Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
Non-PKI TFPs FICAM certified – LOA 1 – OIX – LOA 1-2 – InCommon – LOA 1-3 – Kantara In process – LOA 2-3 – SAFE-BioPharma Assn – Under TFET review 6 SAFE-BioPharma Association
Interparty Liability SAFE-BioPharma – Closed membership association – Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate – Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentials Other TFPs – Part of why we are here 7 SAFE-BioPharma Association
Authentication and credentials PKI is covered by the FBCA CP and CPS – Multiple certificate types – Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI – NIST SP 800-63 – Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens – Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI – LOA 1&2 – memorized secrets, pre-registered knowledge tokens – LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device – LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association

Recommandé

38708257 fotosintesis2
38708257 fotosintesis238708257 fotosintesis2
38708257 fotosintesis2
biocarmelianas
 
Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3
cjharrington
 
I Minds2009 8 Seconds
I Minds2009 8 SecondsI Minds2009 8 Seconds
I Minds2009 8 Seconds
imec.archive
 
I Minds2009 Tinkertouch
I Minds2009 TinkertouchI Minds2009 Tinkertouch
I Minds2009 Tinkertouch
imec.archive
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
imec.archive
 
Mobile National Days 2011 english
Mobile National Days 2011 englishMobile National Days 2011 english
Mobile National Days 2011 english
11 Prozent Communication
 
Matrix print
Matrix printMatrix print
Matrix print
Sofia Palawan
 
Maria álvarez música-inglés
Maria álvarez música-inglésMaria álvarez música-inglés
Maria álvarez música-inglés
iesaguia
 

Recommandé

38708257 fotosintesis2
38708257 fotosintesis238708257 fotosintesis2
38708257 fotosintesis2
biocarmelianas
 
Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3
cjharrington
 
I Minds2009 8 Seconds
I Minds2009 8 SecondsI Minds2009 8 Seconds
I Minds2009 8 Seconds
imec.archive
 
I Minds2009 Tinkertouch
I Minds2009 TinkertouchI Minds2009 Tinkertouch
I Minds2009 Tinkertouch
imec.archive
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
imec.archive
 
Mobile National Days 2011 english
Mobile National Days 2011 englishMobile National Days 2011 english
Mobile National Days 2011 english
11 Prozent Communication
 
Matrix print
Matrix printMatrix print
Matrix print
Sofia Palawan
 
Maria álvarez música-inglés
Maria álvarez música-inglésMaria álvarez música-inglés
Maria álvarez música-inglés
iesaguia
 
Ferias Em Africa 2
Ferias Em Africa 2Ferias Em Africa 2
Ferias Em Africa 2
GrigorisTsountas
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
Jamie Clark
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screen
imec.archive
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w comments
Jamie Clark
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spread
guest03e64fb
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w comments
Jamie Clark
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtec
imec.archive
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lec
AFATous
 
Fotosintesis2
Fotosintesis2Fotosintesis2
Fotosintesis2
biocarmelianas
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
imec.archive
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategy
imec.archive
 
G8 joomag comics3 (1)
G8 joomag comics3 (1)G8 joomag comics3 (1)
G8 joomag comics3 (1)
Eduardo Sarabia Flores
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
imec.archive
 
Graph
GraphGraph
Graph
Sofia Palawan
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus
imec.archive
 
Sumo
SumoSumo
Sumo
imec.archive
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficial
Jamie Clark
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visit
imec.archive
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Ppt
imec.archive
 
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
Jamie Clark
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestation
Jamie Clark
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121
Jamie Clark
 

Contenu connexe

En vedette

Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
Jamie Clark
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screen
imec.archive
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spread
guest03e64fb
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtec
imec.archive
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
imec.archive
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategy
imec.archive
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
imec.archive
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus
imec.archive
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visit
imec.archive
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Ppt
imec.archive
 

En vedette (19)

Ferias Em Africa 2
Ferias Em Africa 2Ferias Em Africa 2
Ferias Em Africa 2
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screen
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w comments
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spread
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w comments
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtec
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lec
 
Fotosintesis2
Fotosintesis2Fotosintesis2
Fotosintesis2
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategy
 
G8 joomag comics3 (1)
G8 joomag comics3 (1)G8 joomag comics3 (1)
G8 joomag comics3 (1)
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
 
Graph
GraphGraph
Graph
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus
 
Sumo
SumoSumo
Sumo
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficial
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visit
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Ppt
 

Plus de Jamie Clark

Plus de Jamie Clark (18)

OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestation
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121
 
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012
 
Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011
 
Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-update
 
Cathy Medich SC system standards
Cathy Medich SC system standardsCathy Medich SC system standards
Cathy Medich SC system standards
 
EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831
 
Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13
 
CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008
 
Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011
 
LISA OASIS-feb2011
LISA OASIS-feb2011LISA OASIS-feb2011
LISA OASIS-feb2011
 
Potential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectPotential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards project
 
Clark : Global process, local needs
Clark : Global process, local needsClark : Global process, local needs
Clark : Global process, local needs
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Rich furr 20111017 topics 2 & 3

  • 1. NSTIC Day How does industry drive forward SAFE-BioPharma Association
  • 2. Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. – PKI, non-PKI 2 SAFE-BioPharma Association
  • 3. Assurance levels, “frameworks“, interparty liability OMB 04-04 – Level 1: Little or no confidence in the asserted identity’s validity – Level 2: Some confidence in the asserted identity’s validity – Level 3: High confidence in the asserted identity’s validity – Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level – Registration and identity proofing – Tokens – Token and credential management mechanisms – Protocols used to support the authentication mechanism between the Claimant and the Verifier – Assertion mechanisms 3 SAFE-BioPharma Association
  • 4. Assurance levels, “frameworks“, interparty liability PKI – FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. – Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI – FICAM • Levels 1-3 4 SAFE-BioPharma Association
  • 5. 4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADS I Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
  • 6. Non-PKI TFPs FICAM certified – LOA 1 – OIX – LOA 1-2 – InCommon – LOA 1-3 – Kantara In process – LOA 2-3 – SAFE-BioPharma Assn – Under TFET review 6 SAFE-BioPharma Association
  • 7. Interparty Liability SAFE-BioPharma – Closed membership association – Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate – Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentials Other TFPs – Part of why we are here 7 SAFE-BioPharma Association
  • 8. Authentication and credentials PKI is covered by the FBCA CP and CPS – Multiple certificate types – Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI – NIST SP 800-63 – Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens – Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
  • 9. Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI – LOA 1&2 – memorized secrets, pre-registered knowledge tokens – LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device – LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association