1 / 16

Helena Sims NACHA – The Electronic Payments Association

Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination Meeting. Helena Sims NACHA – The Electronic Payments Association. Electronic Authentication Partnership Mission Statement. Goal: Reliable Identity Authentication Convenience

Leo
Download Presentation

Helena Sims NACHA – The Electronic Payments Association

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination Meeting Helena Sims NACHA – The Electronic Payments Association

  2. Electronic Authentication PartnershipMission Statement Goal: • Reliable Identity Authentication • Convenience • Ease of use We Propose to: • Create a voluntary partnership • Promote trust and Interoperability • Develop an evaluation process • Build on what exists • Work cooperatively with other nations’ identity systems

  3. Tasks:The EAP Will Develop • Operating Rules Addressing • Business requirements and processes • Standards for Credentials • Hierarchical assurance levels • Criteria for evaluating credentials at each assurance level • Evaluation, accreditation and compliance with credentialing process • Accreditation List

  4. EAP Framework: Benefits • Focuses on traditional problem areas for federated authentication. • Complements and leverages existing initiatives. • Provides a framework that will: • Enhance the utility and portability of credentials across circles of trust. • Expand markets by promoting wider use of credentials. • Help authentication initiatives validate their approaches to credentialing.

  5. EAP Framework Common business rules Accreditation process for credentials & providers List of trusted credential providers with EAP brand Credential requirements Authentication Risk and Assurance Levels Governance Structure A public/private governance structure to establish and maintain a federated identity management framework

  6. Reassess and update based on market conditions and changes USG Credential Standards EAP Working Groups produce EAP Framework Private sector Education Processes and Rules Sets Health EAP Framework Etc. Evaluation processes EAP Framework: Development Approach

  7. Background • Spring 2003 White Papers by CSIS and Johns Hopkins • June through December 2003 - Four CSIS Work Group Meetings • December 11, 2003 - Public Forum to Announce EAP • 2004 – Six Meetings So Far • Active Workgroups

  8. Workgroups • Business Requirements and Processes • Linda Elliot, PingID Network, Chair • Thomas J. Greco, Betrusted, Vice Chair • Credential Services Assessment Criteria, Levels of Assurance • R.J. Schlecht, Mortgage Bankers Association of America, Chair • Von Harrison, GSA, Vice Chair • Subworkgroup Chairs • Dr. Peter Alterman, NIH • Nancy Black, Consultant

  9. Workgroups • Evaluation, Accreditation and Compliance • Cornelia Chebinou, National Association of State Auditors, Comptrollers and Treasurers, Chair • EAP Governance • Paula Arcioni, New Jersey Office of Information Technology, Chair • Roger Cochetti, CompTIA, Vice Chair

  10. Workgroup on Business Requirements and Processes • General Rights and Obligations • Credential Services Providers • Relying Parties • Assessor Participation • Agreements Process to Bind Participants to Business Rules • Privacy and Fair Information Practices • Enforcement and Recourse, including fines

  11. Workgroup on Services Assessment Criteria, Levels of Assuranceand Technical Interoperability • Levels of Assurance • Service Assessment Criteria (SAC) for use by Assessors • Common Organizational SAC • Identity Proofing SAC • Credential Management SAC • Technical Interoperability • Components of interoperability • Options and recommendations for EAP adoption

  12. Workgroup on Evaluation, Accreditation and Compliance • Accreditation, Assessment and Certification • Accreditation of Assessors • Certification of Credential Service Provider Offerings • Process for Handling Non-Compliance • Acceptable Public Statements Regarding EAP Accreditation and Certification

  13. Workgroup on EAP Governance • Developed Charter – Approved September 2, 2004 • Developing EAP Budget

  14. Time Frames • Remainder of 2004 • Election of Board and Officers • Adoption of First Set of Operating Rules • 2005 – Earlier Adopters Phase • Revise Rules Based on Experience • 2006 –Production Phase - Begin Full Scale Implementation

  15. EAP Information • Next Meeting: February 9, 2005 in DC • Come Join Us! • To Register: lhumphries@nacha.org • Web Site: www.eapartnership.org

  16. Questions?

More Related