GTRI-Trustmark Presentation April 2015
advertisement
Scaling Interoperable Trust through a Trustmark Marketplace Georgia Tech Research Institute April 2015 This presentation was prepared by Georgia Tech Research Institute using Federal funds under award 70NANB13H189 from National Institute of Standards and Technology , U.S. Department of Commerce. The statements, findings, conclusions, and recommendations are those of the author(s) and do not necessarily reflect the view of the National Institute of Standards and Technology or U.S. Department of Commerce. A Perspective from the LE Community Law Enforcement COI has over 1 million people in the US alone 18,000 US LE agencies Desire to share data across jurisdictions But must obey applicable access controls when sharing LE agencies are autonomous (NOT centrally funded) Trust between agencies is a fundamental requirement Includes trusted transactions with private sector participants. Desire to reuse their existing credentials if possible Legitimate business need to interact with many other COIs LE agencies are highly heterogeneous with legacy investments 2 Federal Agencies State Agencies Local Agencies Public Sector Task Forces Fusion Centers Global Information Sharing FACA • Program started in 2005 • Funded by DOJ, DHS, & PM-ISE, others • The need for standards, profiles, reference implementations, conformance testing, technical assistance. • Complete standards-based solution to federated ID and authorization • Continued evolution and maturation based on operational experience and new technologies 3 National Identity Exchange Federation (NIEF) Established in 2008 as an outgrowth of the Global Federated Identity and Privilege Management (GFIPM) Initiative with a focus on justice and public safety agencies at the federal, state, and local level. Today, NIEF is beginning to expand support other communities of interest. Objectives • Share user identity and attribute information for authentication, identification, authorization, auditing • Share agency and resource metadata information • Provide onramp and roadmap other relevant ICAM initiatives • Provide an operational trust framework for doing the above • Educate and provide technical assistance 4 NIEF As a Trust Framework Membership Lifecycle Policy Bona Fides Policy Certificate Policy Audit Policy End-User Privacy Policy COI Attribute Vocabulary Technical Trust & Crypto Technical Interoperability Legal Agreement 5 NIEF Onboarding and Trust Fabric Common Artifacts • Application Form • Authority to Operate IDPO Artifacts Doc(s) Signed IDPO Agreement • Local Security•Policy • Local User Agreement • FIPS 200 Checklist • Local User Vetting Policy • IDPO Attribute Map • IDP Implementation Doc Form Publish 6 Scaling Challenges 7 Achieving Cross-Framework Trust Suppose this user needs access to this RP. IDP IDP IDP ISE A RP ID Trust Framework C ID Trust Framework A IDP AP RP Federation B RP 8 AP AP IDP RP IDP RP ID Trust Framework B RP RP Community of Interest C RP RP Challenges with “Inter-federation” IDP IDP IDP IDP Federation RP RP IDP Federation RP Why? 1. No two TFs are the same, so mapping trust and interop requirements between them is hard. Think protocols, attributes, policies, etc. 2. TFs are moving targets, which further complicates the mapping process. 9 IDP 3. Transitive trust is diluted trust, so inter-federation trust cannot be as strong as intra-federation trust. RP RP RP 4. Contractual obligations usually cannot be transferred or assigned to 3rd parties, which makes inter-federation legal agreements difficult or impossible to execute. (Many other issues exist.) Our Approach: Componentization If the frameworks were modular… ID Trust Framework A FICAM SAML SSO ID Trust Framework B NIST 800-63 LOA 3 FIPPs OAuth ID Trust Framework C OpenID FIPS 200 …then we get: Greater transparency of trust framework requirements And, most importantly: 10 Greater ease of comparability between frameworks Greater potential for reusability of framework components Greater potential for participation in multiple trust frameworks by ID Ecosystem members with incremental effort and cost A Trustmark Framework ID Trust Framework A FICAM SAML SSO ID Trust Framework B FIPPs NIST 800-63 LOA 3 OAuth ID Trust Framework C OpenID FIPS 200 These modular components are called Trustmarks. Think of trustmarks as mini reusable certifications. 11 Scope of Trustmarks FICAM SAML SSO Profile NIST 800-63 / FICAM LOA 3 Identity Fair Information Practice Principles (FIPPs) FIPS 200 Security Practices GFIPM Metadata Registry (User Attributes) Trustmark Policies & Trustmark Agreements 12 Bundling of Components for Business Context Components Component Types (Examples) Privacy Security Interoperability Legal Business Continuity Personnel Other COI A Federation B Trust Framework C 13 A Trustmark-Based Ecosystem IDP IDP AP IDP IDP AP IDP IDP AP ID Trust Framework A Trust Interoperability ID Trust Framework B Trust Interoperability ID Trust Framework C Trust Interoperability Profile A Profile B Profile C Existing Trust Frameworks could be expressed as a set of components called a TIP. RP 14 RP RP RP RP RP RP RP RP A Trustmark-Based Ecosystem TIP B TIP A IDP IDP AP IDP TIP C IDP AP IDP AP Trustmark Provider Trustmark Provider Trustmark Provider IDP Then each There member community Trustmarks canofbethe can many be Trustmark acquiredcan acquire the necessary on the TIP. Providers throughTrustmarks a in Trustmark the ID based Ecosystem. Provider. Trustmark Provider Trustmark Provider Trustmark Provider RP 15 RP RP RP RP RP RP RP RP A Trustmark-Based Ecosystem TIP B TIP A IDP IDP AP IDP TIP C IDP AP IDP Trustmarks can be stored in a searchable Trustmark Registries or shared directly with partners. IDP X: RP Y: Etc. Trustmark Registry RP 16 RP RP RP RP AP IDP X: RP Y: Etc. Trustmark Registry IDP X: RP Y: Etc. Trustmark Registry RP IDP RP RP RP Roles and Responsibilities of the Actors Requirements Assessor Stakeholder Community Issues Is Used By Complying Party Defines Listing, Certification, Audit Letter, Etc. Is Trusted By Is Relied on By Requirements Is Required By Interested Parties The Trustmark Framework Trustmark Provider Stakeholder Community Issues Is Used By Is Represented By Trust Interop Profile Normative Specs Required Trustmark A Trustmark Recipient Trustmark Defining Organization Trustmark B Trustmark C Is Trusted By Is Required By Defines Trustmark Definition Org. 1 Is Required By Trustmark Relying Parties Org. 2 End User Trustmark Definitions Conformance Criteria: Metadata: Conformance to the Identity Provider Organization (IDPO) conformance target of this TD requires the following. 1. 2. 3. 4. The IDPO MUST … The IDPO MUST … The IDPO MAY … … XML Assessment Process: • • • • • • • • Publisher: U.S. General Services Administration Name: NIST/FICAM LOA 2 IDPO TD URL: <URL> Description and Intended Purpose: … Target Stakeholder Audience: … Date of Publication: 15 Apr 2014 Version: 1.0 Visual Icon: Before issuing a trustmark subject to this TD, a Trustmark Provider MUST complete the following assessment steps. 1. The TP MUST … 2. The TP MUST … 3. The TP MUST … XML XML Trustmark Extension Schema: Trustmarks issued subject to this TD MUST conform to the Trustmark Base Schema, and MUST also conform to the following Trustmark Extension Schema. XSD Certification as a Trustmark Provider: Before an entity may issue trustmarks subject to this TD, it MUST complete the following certification process. 1. The entity MUST … 2. The entity MUST … 3. The entity MUST … ? XML Sample Trustmark Definition https://trustmark.gtri.gatech.edu/operational-pilot/trustmark-definitions/ Example Conformance Criteria: Registration and Issuance 21 Example Assessment Steps: Registration and Issuance 22 Trust Interoperability Profile (TIP): Bundling Trustmarks for Business Context Trust and Interoperability Criteria: Identity Provider Organization (IDPO) Trustmark Requirements: Trustmark Requirement Approved Trustmark Providers FICAM SAML SSO IDP MUST HAVE NIEF or IJIS NIEF/FICAM LOA 2 IDPO MUST HAVE NIEF or Kantara NIEF Attribute Profile IDPO MUST HAVE (ANY) XYZ Privacy Policy IDPO SHOULD HAVE (ANY) XML Service Provider Organization (SPO) Trustmark Requirements: Trustmark Requirement Approved Trustmark Providers FICAM SAML SSO SP MUST HAVE NIEF or IJIS NIEF Attribute Profile SPO MUST HAVE (ANY) XYZ Privacy Policy SPO MUST HAVE (ANY) Metadata: • • • • • • • Publisher: U.S. Dept. of Justice URL: <URL> Name: U.S. Law Enforcement Community Info Sharing TIP Description and Intended Purpose: … Date of Publication: 15 Jun 2014 Version: 1.0 Digital Signature of Issuer: <SIGNATURE> Trustmark Assessment Tool Process Flow Trustmark Provider Registration and Issuance Requirements TD Trustmark Assessment Tool 2. Receive request for trustmark from Trustmark Recipient Candidate 1. Load TDs into Assessment Tool 3. Perform assessment of Trustmark Recipient Candidate 4. Store assessment artifacts / evidence in database Trustmark Definitions Trustmark Assessment Tool Database 5. Issue trustmark to Trustmark Recipient Trustmark Recipient Candidate Sample Screen Shot from Trustmark Assessment Tool Trustmark Binding [3rd Party] Issued Trustmarks Trustmark 1 Trustmark Attribute values are URLs of locations of issued Trustmarks Endpoint Metadata Trustmark Relying Party (TRP) Other Attrs TM1 Attr Trustmark Definition 1 TM2 Attr Attribute Definition Trustmark 2 TMN Attr Trustmark N Trustmark Definition 2 Attribute Definition Trustmark Attributes expressed in Endpoint Metadata - We do this today in SAML Metadata structure could be that of [OIDC Disc], [OIDC DCR], or [OAuth DCR] Trustmark Attributes defined by Trustmark Definitions Trustmark Definition N Attribute Definition “Levels” of Trustmark Reliance 0. TRP does not have to rely on Trustmarks (backwardscompatibility). Trustmark 1 Endpoint Metadata Other Attrs Trustmark Relying Party (TRP) TM1 Attr Trustmark Definition 1 TM2 Attr Attribute Definition Trustmark 2 TMN Attr Trustmark N Trustmark Definition 2 Attribute Definition 2. TRP can follow Trustmark links and verify Trustmark legitimacy and Binding legitimacy. 1. TRP can check for presence of appropriate Trustmark Attributes according to TDs it cares about. Trustmark Definition N Attribute Definition NIEF Trustmark Issuance and Binding NIEF Trustmark Assessment Processes Trustmark Assessment Tool Trust Fabric Entry Editor Trustmark 1 NIEF Member Agency (Trustmark Recipient) Trustmark 2 NIEF Trust Fabric Entry NIEF Trust Fabric Registry Trustmark 1 Trustmark 2 Trustmark N Trustmark N Signed by NIEF Trust Fabric Registry Manager Tool NIEF Trustmark Usage by TRPs NIEF Trust Fabric Registry Trust Interoperability Profile (TIP) 1. Query for trust fabric entries with required trustmarks, in accordance with local TIP 2. Receive matching trust fabric entries 3. Install entries in local product Trustmark Relying Party Trustmark Legal Framework Explicit Reference Explicit Reference Trustmark Trustmark Relying Party Implicit Relationship Trustmark Recipient Trustmark Provider Trustmark Relying Party Agreement Explicit Reference Trustmark Recipient Agreement Trustmark Policy Explicit Reference Progress to Date • Development & Refinement of Trustmark Concept • Technical Framework 1.0 • https://trustmark.gtri.gatech.edu/specifications/trustmarkframework/1.0/ • NIEF Trustmark (Component) Definitions (62) • https://trustmark.gtri.gatech.edu/operational-pilot/trustmarkdefinitions/ • NIEF Trust Interoperability Profiles (10) • https://trustmark.gtri.gatech.edu/operational-pilot/trustinteroperability-profiles/ • Development of Software Tools • Trustmark Assessor Tool, Trust Fabric Registry, & Others • Socialization of Trustmark Concept • Trustmark Pilot Website: https://trustmark.gtri.gatech.edu • Conducting Operational Pilots To Learn More… https://trustmark.gtri.gatech.edu
