this presentation was prepared by georgia tech research institute using federal funds under award...
TRANSCRIPT
Scaling InteroperableTrust through a
Trustmark Marketplace
This presentation was prepared by Georgia Tech Research Institute using Federal funds under award 70NANB13H189 from National Institute of Standards and Technology , U.S. Department of Commerce. The statements, findings, conclusions, and recommendations are those of the author(s) and do not necessarily reflect the view of the National Institute of Standards and Technology or U.S. Department of Commerce.
Georgia Tech Research Institute
April 2015
2
A Perspective from the LE Community
Desire to share data across jurisdictions
Law Enforcement COI has over 1 million people in the US alone
18,000 US LE agencies
LE agencies are autonomous(NOT centrally funded)
Trust between agencies is a fundamental requirement
But must obey applicable access controls when sharing
Includes trusted transactions with private sector participants.
Federal Agencies
State Agencies
Local Agencies
PublicSector
Task Forces
Fusion Centers
LE agencies are highly heterogeneous with legacy investments
Legitimate business need to interact with many other COIs
Desire to reuse their existing credentials if possible
3
Global Information Sharing FACA
• Program started in 2005
• Funded by DOJ, DHS, & PM-ISE, others
• The need for standards, profiles, reference implementations, conformance testing, technical assistance.
• Complete standards-based solution to federated ID and authorization
• Continued evolution and maturation based on operational experience and new technologies
4
National Identity Exchange Federation (NIEF)
Objectives
• Share user identity and attribute information for authentication, identification, authorization, auditing
• Share agency and resource metadata information
• Provide onramp and roadmap other relevant ICAM initiatives
• Provide an operational trust framework for doing the above
• Educate and provide technical assistance
Established in 2008 as an outgrowth of the Global Federated Identity and Privilege Management (GFIPM) Initiative with a focus on justice and public
safety agencies at the federal, state, and local level. Today, NIEF is beginning to expand support other communities of interest.
5
NIEF As a Trust Framework
Technical Interoperability
Technical Trust & Crypto
COI Attribute Vocabulary
Legal Agreement
Certificate Policy
Audit Policy
End-User Privacy Policy
Membership Lifecycle Policy
Bona Fides Policy
6
NIEF Onboarding and Trust Fabric
Common Artifacts• Application Form• Authority to Operate
Doc(s)• Local Security Policy• FIPS 200 Checklist
IDPO Artifacts• Signed IDPO Agreement• Local User Agreement• Local User Vetting Policy• IDPO Attribute Map• IDP Implementation Doc
Form
Publish
7
Scaling Challenges
8
Achieving Cross-Framework Trust
ISE A
IDP AP
RP RP
IDP
RP
FederationB
IDP AP
RP RP
IDP
RP
Community of Interest
C
IDP AP
RP RP
IDP
RP
Suppose this user needs access to this RP.
ID Trust Framework A
ID Trust Framework B
ID Trust Framework C
9
Challenges with “Inter-federation”
Federation
IDP IDPIDP
RP RPRP
Federation
IDP IDPIDP
RP RPRP
1. No two TFs are the same, so mapping trust and interop requirements between them is hard. Think protocols, attributes, policies, etc.
Why?
2. TFs are moving targets, which further complicates the mapping process.
3. Transitive trust is diluted trust, so inter-federation trust cannot be as strong as intra-federation trust.
4. Contractual obligations usually cannot be transferred or assigned to 3rd parties, which makes inter-federation legal agreements difficult or impossible to execute.
(Many other issues exist.)
10
Our Approach: Componentization
…then we get:
If the frameworks were modular…
Greater transparency of trust framework
requirements
Greater ease of comparability
between frameworks
Greater potential for reusability of framework
components
Greater potential for participation in multiple trust frameworks by ID Ecosystem members with incremental effort and cost
And, most importantly:
ID Trust Framework B
ID Trust Framework A
NIST 800-63LOA 3 OAuth
ID Trust Framework C
FIPS 200FICAM SAML SSO FIPPs OpenID
11
A Trustmark Framework
ID Trust Framework B
ID Trust Framework A
NIST 800-63LOA 3
ID Trust Framework C
FICAM SAML SSO FIPPs OAuth OpenID FIPS 200
These modular components are called Trustmarks.
Think of trustmarks as mini reusable certifications.
12
FICAM SAML SSO Profile
NIST 800-63 / FICAM LOA 3 Identity
Fair Information Practice Principles (FIPPs)
FIPS 200 Security Practices
GFIPM Metadata Registry (User Attributes)
Scope of Trustmarks
Privacy
BusinessSecurity
TechnicalTrust
LegalTrustmark Policies & Trustmark Agreements
MACHINE READABLE
13
Bundling of Components for Business Context
Components
COI AFederation BTrust Framework C
PrivacySecurityInteroperabilityLegalBusiness ContinuityPersonnelOther
Component Types (Examples)
14
A Trustmark-Based Ecosystem
IDP AP
RP RPRP
IDP AP
RP RP
IDP
RP
IDP
RP RP
IDP
RP
APIDP
ID Trust Framework B
ID Trust Framework A
ID Trust Framework C
Existing Trust Frameworks could be expressed as a set of components called a TIP.
Trust Interoperability Profile B
Trust Interoperability Profile A
Trust Interoperability Profile C
15
A Trustmark-Based Ecosystem
IDP AP
RP RPRP
IDP AP
RP RP
IDP
RP
IDP
RP RP
IDP
RP
APIDP
Then each member of the community can acquire the necessary Trustmarks based on the TIP.
TIP BTIP A TIP C
Trustmarks can be acquired through a Trustmark Provider.
Trustmark Provider There can be many Trustmark
Providers in the ID Ecosystem.
Trustmark Provider
Trustmark Provider
Trustmark Provider
Trustmark Provider
Trustmark Provider
Trustmark Provider
16
A Trustmark-Based Ecosystem
IDP AP
RP RPRP
IDP AP
RP RP
IDP
RP
IDP
RP RP
IDP
RP
APIDP
Trustmarks can be stored in a searchable Trustmark
Registries or shared directly with partners.
TIP BTIP A TIP C
Trustmark Registry
IDP X:RP Y:Etc.
Trustmark Registry
IDP X:RP Y:Etc.
Trustmark Registry
IDP X:RP Y:Etc.
Roles and Responsibilities of the Actors
Stakeholder Community
Requirements
DefinesComplying
Party
Interested Parties
Listing, Certification,Audit Letter, Etc.
Is Used By
Is Required By
Is Trusted By
Requirements Assessor
Is Relied on By
Issues
Trustmark Defining
Organization
Stakeholder Community
Trustmark Definition
Is Represented By
Defines
Trustmark Recipient
Trustmark Relying Parties
Org. 1
Org. 2
End User
Trust Interop Profile
Trustmark A
Trustmark B
Trustmark C
Is Used By
Is Required By
Is Trusted By
Trustmark Provider
Is Required By
Issues
The Trustmark Framework
NormativeSpecsRequired
Trustmark Definitions
Metadata:
• Publisher: U.S. General Services Administration• Name: NIST/FICAM LOA 2 IDPO TD• URL: <URL>• Description and Intended Purpose: …• Target Stakeholder Audience: …• Date of Publication: 15 Apr 2014• Version: 1.0• Visual Icon:
Conformance Criteria:
Conformance to the Identity Provider Organization (IDPO) conformance target of this TD requires the following.
1. The IDPO MUST …2. The IDPO MUST …3. The IDPO MAY …4. …
Assessment Process:
Before issuing a trustmark subject to this TD, a Trustmark Provider MUST complete the following assessment steps.
1. The TP MUST …2. The TP MUST …3. The TP MUST …
Certification as a Trustmark Provider:
Before an entity may issue trustmarks subject to this TD, it MUST complete the following certification process.
1. The entity MUST …2. The entity MUST …3. The entity MUST …
Trustmark Extension Schema:
Trustmarks issued subject to this TD MUST conform to the Trustmark Base Schema, and MUST also conform to the following Trustmark Extension Schema.
XSD
XML
XML
XML?
XML
Sample Trustmark Definition
https://trustmark.gtri.gatech.edu/operational-pilot/trustmark-definitions/
21
Example Conformance Criteria:Registration and Issuance
22
Example Assessment Steps:Registration and Issuance
Trust Interoperability Profile (TIP):Bundling Trustmarks for Business Context
Metadata:
• Publisher: U.S. Dept. of Justice• URL: <URL>• Name: U.S. Law Enforcement Community Info Sharing TIP• Description and Intended Purpose: …• Date of Publication: 15 Jun 2014• Version: 1.0• Digital Signature of Issuer: <SIGNATURE>
Trust and Interoperability Criteria:
Identity Provider Organization (IDPO) Trustmark Requirements:
Service Provider Organization (SPO) Trustmark Requirements:
XML
Trustmark Requirement Approved Trustmark Providers
FICAM SAML SSO IDP
MUST HAVE NIEF or IJIS
NIEF/FICAM LOA 2 IDPO
MUST HAVE NIEF or Kantara
NIEF Attribute Profile IDPO
MUST HAVE (ANY)
XYZ Privacy Policy IDPO
SHOULD HAVE (ANY)
Trustmark Requirement Approved Trustmark Providers
FICAM SAML SSO SP
MUST HAVE NIEF or IJIS
NIEF Attribute Profile SPO
MUST HAVE (ANY)
XYZ Privacy Policy SPO
MUST HAVE (ANY)
Trustmark Assessment Tool Process Flow
Trustmark Assessment Tool
Database
Trustmark Assessment
Tool
Registration and Issuance
Requirements TD
Trustmark Provider
Trustmark Recipient Candidate
TrustmarkDefinitions
1. Load TDs intoAssessment Tool
2. Receive requestfor trustmark fromTrustmark RecipientCandidate
3. Perform assessmentof Trustmark RecipientCandidate
4. Store assessmentartifacts / evidencein database
5. Issue trustmark toTrustmark Recipient
Sample Screen Shot fromTrustmark Assessment Tool
Trustmark Binding
Trustmark 1
Trustmark 2
Trustmark N
Endpoint Metadata
TM1 Attr
TM2 Attr
TMN Attr
[3rd Party] Issued Trustmarks
Trustmark Relying Party
(TRP)
Trustmark Definition 1
Attribute Definition
Trustmark Definition 2
Attribute Definition
Trustmark Definition N
Attribute Definition
Other Attrs
Trustmark Attributes expressed in Endpoint Metadata- We do this today in SAML- Metadata structure could be that
of [OIDC Disc], [OIDC DCR], or [OAuth DCR]
Trustmark Attribute values are URLs of locations of issued Trustmarks
Trustmark Attributes defined by Trustmark Definitions
“Levels” of Trustmark Reliance
Trustmark 1
Trustmark 2
Trustmark N
Endpoint Metadata
TM1 Attr
TM2 Attr
TMN Attr
Trustmark Relying Party
(TRP)
Trustmark Definition 1
Attribute Definition
Trustmark Definition 2
Attribute Definition
Trustmark Definition N
Attribute Definition
Other Attrs
0. TRP does not have to rely on Trustmarks (backwards-compatibility).
1. TRP can check for presence of appropriate Trustmark Attributes according to TDs it cares about.
2. TRP can follow Trustmark links and verify Trustmark legitimacy and Binding legitimacy.
NIEF Trustmark Issuance and Binding
NIEFTrust Fabric
Registry
NIEF Trustmark Assessment Processes
Trustmark 1
Trustmark 2
Trustmark N
NIEF Trust Fabric Entry
Trustmark 1
Trustmark 2
Trustmark N
Signed by NIEF
NIEF Member Agency
(Trustmark Recipient)
Trustmark Assessment Tool
Trust Fabric Entry Editor
Trust Fabric RegistryManager Tool
NIEF Trustmark Usage by TRPs
NIEFTrust Fabric
Registry
Trustmark Relying Party
1. Query for trust fabric entrieswith required trustmarks,in accordance with local TIP
Trust Interoperability
Profile (TIP)
2. Receive matching trust fabric entries
3. Installentriesin localproduct
Trustmark Legal Framework
Trustmark Provider
Trustmark Recipient
Trustmark Relying Party
Trustmark Policy
Trustmark
Trustmark Recipient
Agreement
Trustmark Relying Party Agreement
Explicit
RelationshipExplicit
Relationship
Implicit Relationship
Explicit Reference
Explicit ReferenceExplicit Reference
Explicit Reference
• Development & Refinement of Trustmark Concept
• Technical Framework 1.0• https://trustmark.gtri.gatech.edu/specifications/trustmark-framework/1.0/
• NIEF Trustmark (Component) Definitions (62)• https://trustmark.gtri.gatech.edu/operational-pilot/trustmark-definitions/
• NIEF Trust Interoperability Profiles (10)• https://trustmark.gtri.gatech.edu/operational-pilot/trust-interoperability-pr
ofiles/
• Development of Software Tools• Trustmark Assessor Tool, Trust Fabric Registry, & Others
• Socialization of Trustmark Concept• Trustmark Pilot Website: https://trustmark.gtri.gatech.edu
• Conducting Operational Pilots
Progress to Date