SlideShare uma empresa Scribd logo

Rich furr 20111017 topics 2 & 3

Transferir como PPTX, PDF
Jamie Clark
Jamie Clark

Preso from SAFE-Biopharma's Rich Furr on standards relevant to e-identity: for IIW October 2011

TecnologiaNegócios
1 de 9
NSTIC Day How does industry drive forward SAFE-BioPharma Association
Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. – PKI, non-PKI 2 SAFE-BioPharma Association
Assurance levels, “frameworks“, interparty liability OMB 04-04 – Level 1: Little or no confidence in the asserted identity’s validity – Level 2: Some confidence in the asserted identity’s validity – Level 3: High confidence in the asserted identity’s validity – Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level – Registration and identity proofing – Tokens – Token and credential management mechanisms – Protocols used to support the authentication mechanism between the Claimant and the Verifier – Assertion mechanisms 3 SAFE-BioPharma Association
Assurance levels, “frameworks“, interparty liability PKI – FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. – Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI – FICAM • Levels 1-3 4 SAFE-BioPharma Association
4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADS I Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
Non-PKI TFPs FICAM certified – LOA 1 – OIX – LOA 1-2 – InCommon – LOA 1-3 – Kantara In process – LOA 2-3 – SAFE-BioPharma Assn – Under TFET review 6 SAFE-BioPharma Association
Interparty Liability SAFE-BioPharma – Closed membership association – Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate – Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentials Other TFPs – Part of why we are here 7 SAFE-BioPharma Association
Authentication and credentials PKI is covered by the FBCA CP and CPS – Multiple certificate types – Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI – NIST SP 800-63 – Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens – Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI – LOA 1&2 – memorized secrets, pre-registered knowledge tokens – LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device – LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association

Recomendados

38708257 fotosintesis2
38708257 fotosintesis238708257 fotosintesis2
38708257 fotosintesis2biocarmelianas
 
Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3cjharrington
 
I Minds2009 8 Seconds
I Minds2009 8 SecondsI Minds2009 8 Seconds
I Minds2009 8 Secondsimec.archive
 
I Minds2009 Tinkertouch
I Minds2009 TinkertouchI Minds2009 Tinkertouch
I Minds2009 Tinkertouchimec.archive
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...imec.archive
 
Mobile National Days 2011 english
Mobile National Days 2011 englishMobile National Days 2011 english
Mobile National Days 2011 english11 Prozent Communication
 
Matrix print
Matrix printMatrix print
Matrix printSofia Palawan
 
Maria álvarez música-inglés
Maria álvarez música-inglésMaria álvarez música-inglés
Maria álvarez música-inglésiesaguia
 

Recomendados

38708257 fotosintesis2
38708257 fotosintesis238708257 fotosintesis2
38708257 fotosintesis2biocarmelianas
 
Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3Rdc Listing Presentation 081909 R3
Rdc Listing Presentation 081909 R3cjharrington
 
I Minds2009 8 Seconds
I Minds2009 8 SecondsI Minds2009 8 Seconds
I Minds2009 8 Secondsimec.archive
 
I Minds2009 Tinkertouch
I Minds2009 TinkertouchI Minds2009 Tinkertouch
I Minds2009 Tinkertouchimec.archive
 
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo ...imec.archive
 
Mobile National Days 2011 english
Mobile National Days 2011 englishMobile National Days 2011 english
Mobile National Days 2011 english11 Prozent Communication
 
Matrix print
Matrix printMatrix print
Matrix printSofia Palawan
 
Maria álvarez música-inglés
Maria álvarez música-inglésMaria álvarez música-inglés
Maria álvarez música-inglésiesaguia
 
Ferias Em Africa 2
Ferias Em Africa 2Ferias Em Africa 2
Ferias Em Africa 2GrigorisTsountas
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalJamie Clark
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screenimec.archive
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsJamie Clark
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spreadguest03e64fb
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsJamie Clark
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtecimec.archive
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lecAFATous
 
Fotosintesis2
Fotosintesis2Fotosintesis2
Fotosintesis2biocarmelianas
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decockimec.archive
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategyimec.archive
 
G8 joomag comics3 (1)
G8 joomag comics3 (1)G8 joomag comics3 (1)
G8 joomag comics3 (1)Eduardo Sarabia Flores
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...imec.archive
 
Graph
GraphGraph
GraphSofia Palawan
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deusimec.archive
 
Sumo
SumoSumo
Sumoimec.archive
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialJamie Clark
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitimec.archive
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Pptimec.archive
 
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...Jamie Clark
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationJamie Clark
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Jamie Clark
 

Mais conteúdo relacionado

Destaque

Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalJamie Clark
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screenimec.archive
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsJamie Clark
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spreadguest03e64fb
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsJamie Clark
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtecimec.archive
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lecAFATous
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decockimec.archive
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategyimec.archive
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...imec.archive
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deusimec.archive
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialJamie Clark
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitimec.archive
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Pptimec.archive
 

Destaque (19)

Ferias Em Africa 2
Ferias Em Africa 2Ferias Em Africa 2
Ferias Em Africa 2
 
Open source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010finalOpen source eu-ict-ipr-clark-2010final
Open source eu-ict-ipr-clark-2010final
 
Leen Vandezande - energy screen
Leen Vandezande - energy screenLeen Vandezande - energy screen
Leen Vandezande - energy screen
 
NSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w commentsNSTIC draft charter August 2012 w comments
NSTIC draft charter August 2012 w comments
 
Production Of Double Page Spread
Production Of Double Page SpreadProduction Of Double Page Spread
Production Of Double Page Spread
 
NSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w commentsNSTIC draft bylaws August 2012 w comments
NSTIC draft bylaws August 2012 w comments
 
Brokerage 2007 vodtec
Brokerage 2007 vodtecBrokerage 2007 vodtec
Brokerage 2007 vodtec
 
Q932+sgo reference fa lec
Q932+sgo reference fa lecQ932+sgo reference fa lec
Q932+sgo reference fa lec
 
Fotosintesis2
Fotosintesis2Fotosintesis2
Fotosintesis2
 
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier DecockIpr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
Ipr08 1 Bewaar Uw Intellectuele Eigendom Claire Van De Velde & Olivier Decock
 
Wim De Waele - IBBT Strategy
Wim De Waele - IBBT StrategyWim De Waele - IBBT Strategy
Wim De Waele - IBBT Strategy
 
G8 joomag comics3 (1)
G8 joomag comics3 (1)G8 joomag comics3 (1)
G8 joomag comics3 (1)
 
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
Crsm 9 2009 Pieter Ballon Vub Market Implications For Different Deploymen...
 
Graph
GraphGraph
Graph
 
05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus05 Overzicht Realisaties Deus
05 Overzicht Realisaties Deus
 
Sumo
SumoSumo
Sumo
 
Oasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficialOasis cloud-law-ics-unofficial
Oasis cloud-law-ics-unofficial
 
Leen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visitLeen Thielemans - M HKA Game for interactive & mobile museum visit
Leen Thielemans - M HKA Game for interactive & mobile museum visit
 
Ecrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo PptEcrea1a Van Audenhove Leo Ppt
Ecrea1a Van Audenhove Leo Ppt
 

Mais de Jamie Clark

OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...Jamie Clark
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationJamie Clark
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Jamie Clark
 
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)Jamie Clark
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsJamie Clark
 
NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012Jamie Clark
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012Jamie Clark
 
Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Jamie Clark
 
Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateJamie Clark
 
Cathy Medich SC system standards
Cathy Medich SC system standardsCathy Medich SC system standards
Cathy Medich SC system standardsJamie Clark
 
EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831Jamie Clark
 
Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Jamie Clark
 
CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 Jamie Clark
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Jamie Clark
 
Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Jamie Clark
 
LISA OASIS-feb2011
LISA OASIS-feb2011LISA OASIS-feb2011
LISA OASIS-feb2011Jamie Clark
 
Potential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectPotential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectJamie Clark
 
Clark : Global process, local needs
Clark : Global process, local needsClark : Global process, local needs
Clark : Global process, local needsJamie Clark
 

Mais de Jamie Clark (18)

OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
 
Complementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestationComplementary trust: IDEF Registry and Kantara cross-attestation
Complementary trust: IDEF Registry and Kantara cross-attestation
 
Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121Briefing on OASIS XLIFF OMOS TC 20160121
Briefing on OASIS XLIFF OMOS TC 20160121
 
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
PM-ISE SCC statement to DHS on Cyber ISAO executive order 13691 (unofficial)
 
OASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of thingsOASIS: open source and open standards: internet of things
OASIS: open source and open standards: internet of things
 
NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012NSTIC draft bylaws july 2012
NSTIC draft bylaws july 2012
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012
 
Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011Beijing MoST standards + IPR conference Clark-OASIS-2011
Beijing MoST standards + IPR conference Clark-OASIS-2011
 
Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-update
 
Cathy Medich SC system standards
Cathy Medich SC system standardsCathy Medich SC system standards
Cathy Medich SC system standards
 
EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831EC cloudconsult OASIS 20110831
EC cloudconsult OASIS 20110831
 
Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13Standards brainstorming: NSTIC/IIW13
Standards brainstorming: NSTIC/IIW13
 
CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010 CESI SOA Standards Conference Beijing 2010
CESI SOA Standards Conference Beijing 2010
 
Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008Ontolog Forum: Semantic Interop March 2008
Ontolog Forum: Semantic Interop March 2008
 
Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011Oasis: Standards & the Cloud June2011
Oasis: Standards & the Cloud June2011
 
LISA OASIS-feb2011
LISA OASIS-feb2011LISA OASIS-feb2011
LISA OASIS-feb2011
 
Potential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards projectPotential OASIS Geothermal Energy standards project
Potential OASIS Geothermal Energy standards project
 
Clark : Global process, local needs
Clark : Global process, local needsClark : Global process, local needs
Clark : Global process, local needs
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Rich furr 20111017 topics 2 & 3

  • 1. NSTIC Day How does industry drive forward SAFE-BioPharma Association
  • 2. Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. – PKI, non-PKI 2 SAFE-BioPharma Association
  • 3. Assurance levels, “frameworks“, interparty liability OMB 04-04 – Level 1: Little or no confidence in the asserted identity’s validity – Level 2: Some confidence in the asserted identity’s validity – Level 3: High confidence in the asserted identity’s validity – Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level – Registration and identity proofing – Tokens – Token and credential management mechanisms – Protocols used to support the authentication mechanism between the Claimant and the Verifier – Assertion mechanisms 3 SAFE-BioPharma Association
  • 4. Assurance levels, “frameworks“, interparty liability PKI – FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. – Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI – FICAM • Levels 1-3 4 SAFE-BioPharma Association
  • 5. 4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADS I Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
  • 6. Non-PKI TFPs FICAM certified – LOA 1 – OIX – LOA 1-2 – InCommon – LOA 1-3 – Kantara In process – LOA 2-3 – SAFE-BioPharma Assn – Under TFET review 6 SAFE-BioPharma Association
  • 7. Interparty Liability SAFE-BioPharma – Closed membership association – Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate – Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentials Other TFPs – Part of why we are here 7 SAFE-BioPharma Association
  • 8. Authentication and credentials PKI is covered by the FBCA CP and CPS – Multiple certificate types – Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI – NIST SP 800-63 – Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens – Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
  • 9. Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI – LOA 1&2 – memorized secrets, pre-registered knowledge tokens – LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device – LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association