| |
 Subscribe in a RSS reader • Subscribe via Email
Reporting From RSA 2010: Identity, Health Care, and a Higher Realm of Credentials
Written by Mike Kirkwood. Read the full article.
This week we are reporting from RSA, the security conference in San Francisco. We’ve seen hackers, threats, and industry leaders roaming these halls – and among these we found leaders of the identity community, people who are thought leaders focused on creating a safe Internet for all individuals.
This includes folks who in the Identity Commons and OASIS workgroups, and the 1-year-old Kantara Initiative. The latter was announced to the public at RSA 2009, and this year it hosted an all-day workshop that brought cloud computing into the forefront of the dialog.
Diverse Community of Interests Coming Together
Today’s all-day workshop offered by the Kantara Initiative focused almost exclusively on identity services and included viewpoints from several perspectives: enterprises (CA, Ping Identity, Aetna, Oracle, HP), service providers (NTT), consumer applications (Paypal, Google), and government agencies (NIH).
The room was packed – standing room only. After the kickoff we had a chance to ask Trent Adams, chair of the Kantara leadership council, to share his thoughts about identity, cloud computing and year one of the new organization.
He talked about the potential big win that existed for the organization because of its involvment in preparing standards for federal government approval. These are in historic times, he said, and embracing openness at the federal level was an opportunity the organization decided was valuable for the community. We’re keeping our ears open to learn more about how identity services will be enabled and approved through the government.
Landscape Change: Cloud Computing Invigorates Identity Efforts
One thing that is clear is that things get more complicated when combining identity services with cloud computing. We were reminded that many of the technologies that have been developed, including things like OpenID and SAML were designed around the same scenarios of sharing across domains. Identity can be solved in a multi-vendor, multi-protocol, and multiple-infrastructure world.
Matthew Gardiner of CA summed the importance of the link between identity solutions and cloud computing in his talk, “Identity as Security Glue for the Cloud”:
“I want to say the phrase cloud security in the first few moments of my talk because you’ll be hearing it a thousand times before the end of the conference. Cloud security can be viewed as a Rubik’s cube of security implications, when identity services and combining them within the vectors of Iaas, PaaS, and SasS combined with private, public, and hybrid clouds.”
The West Coast Perspective on Health Care
 RSA and HIMSS fall on the same week this year. While nearly all of the healthcare IT leadership headed to Atlanta, several companies also came to San Francisco.
Yesterday, MEDecision presented their solution and connections to different Web applications and health care records and systems, and gave a very tangible set of scenarios showing how cloud computing and identity meet around sharing information about a person who is a patient.
At the same time on the East Cost, MEDecision was also at HIMSS demonstrating open exchange of health information in a HIE product offering that helps connect services across providers in order to aggregate a view of an individual. The company offers software and services to insurers to negotiate their cloud-based work flow, including moving private data across pharmacy, doctors, insurers, and the entire health care landscape.
No Passwords in the Cloud
 Patrick Harding of Ping Identity spoke about his company has learn about cloud computing in this session, “How the Cloud is Changing Federated Identity Requirements”. A few of his observations:
- Software is no longer build vs. buy. It now includes subscribe, which by definition is a shorter term relationship.
- Cloud computing is an evolution of architecture. It arrives after Web services, which evolved from Web, client server, and mainframe.
- Complexity of the identity layer is harder than ever for the simple reason that there are more apps per user than ever before.
- Services are becoming any-to-any, where internal (employee) and external (customer) classifications don’t matter nearly as much as before. Because of this firewalls are losing their usefulness.
- Audit is no longer an afterthought. Auditors don’t care how or where applications hosted, but hey do need their reports! This includes Sarbanes-Oxley, HIPAA, Gramm-Leach, Bliley, and more.
A core theme of this session was how the consumer mindset is driving requirements for application experience. Consumers expect it to work on any device, be secure, and be portable. To deliver on this, it must be easy to use. At the same time, password risk must be reduced.
A key trend that Harding pointed out is moving identity systems from “push” models into “pull” models. Instead of updating partners and directories by batch services, companies need to be building real-time identity resolution in applications.
We asked Harding if he had any predictions for where that type of service will come from. His response led us to the conclusion that the leader will be a brand and service that people trust and understand the motivations of. It will likely enter the market from a higher realm of credentials than Twitter or Facebook – perhaps from financial services.
Context is Fundamental: Person, Father, Employee, All of the Above
One thing we learned today is that Google’s App Engine is worth watching as this space evolves. Several interesting things are being done in this sandbox that haven’t been accomplished other places, including how to connect consumer services to enterprise login discovery using domain.
Google has inserted itself into the sweet spot by getting consumers and enterprises alike hooked on their applications, giving the company a unique view of the challenges and solutions in joining identity with cloud computing. We’ll be taking a closer look at these offerings and where Google is headed.
Another thing we observed is the power of the network. NTT gave a demonstration of the power of mixing identity protocols (SAML and OpenID) for the purpose of connecting social, information, and financial transactions in the browser with one login. It starts to show how the next generation Internet might work, where the application requests profile from the cloud rather than a user typing it in.
A summary of overlapping-world-multi-protocol integration has been shared on Google’s site.
Subscribe in a RSS reader • Subscribe via Email
Announcing Liaison with OASIS eGov MS
The Kantara Initiative (KI) and OASIS are pleased to announce that the KI eGov Work Group (WG) and the OASIS eGov Member Section (MS) have established a Liaison relationship.
Scope:
The scope of this liaison relationship is to foster the aligned interests of both groups such that the OASIS eGov MS becomes the first point of contact/filter for works coming out of the KI eGov WG that flow into OASIS Technical Committees (TCs) and other Member Sections. Likewise, the KI eGov WG shall become the first point of KI contact for works flowing out of the OASIS eGov MS. This informal relationship will enable the KI eGov WG and the OASIS eGov MS to build a view of the landscape of identity and access management standards within KI and OASIS that have an ‘eGov’ factor.
The liaison relationship between the KI eGov WG and the OASIS eGov MS is seen as the first of a number of such liaisons. Near-term communications revolve around the eGov Profile v2 work underway, and any impact it might have for the OASIS Security Services TC regarding SAML use in eGov scenarios. Some discussions to this effect have already been raised.
To foster the discussions between the OASIS eGov MS and KI eGov WG, each group will appoint a joint liaison officer and generate a monthly report/update of each other’s activities including pointers to work on the horizon.
The Kantara Initiative and OASIS extend congratulations to both groups on their efforts to foster what will be a meaningful and productive liaison for eGov standards. We look forward to exciting work from both groups.
For more information on how to become involved in the KI eGov WG please visit their home page here http://kantarainitiative.org/confluence/display/eGov
For more information on how to become involved in the OASIS eGov MS please visit this page www.oasis-egov.org/join
Subscribe in a RSS reader • Subscribe via Email
A Windfall for Identity Assurance
On behalf of Frank Villavicencio, chair of the Identity Assurance WG. Also published at Frank Villavicencio’s blog page.
First off, I would like to would like to express my sympathy to those affected by the terrible earthquake that hit Chile this past weekend.
Envio mi palabra de aliento y de optimismo al pueblo Chileno. Tengo muy buenos amigos Chilenos y a todos les deseo lo mejor en vista de estas circunstancias, a sus familias y a todos los afectados… Las cosas de Dios son sin duda alguna indescrifrables.
In this blog post, I would like to share with you some recent developments in the world of identity assurance, which as you know from my recent blog posts: “Identity Assurance, an everyday life issue” part 1 and part 2, is a top of mind issue for me and for us here at Identropy. Quite frankly, I could not hope for better timing for these blogs to come about.
On Friday February 26th, 2010 the US Federal Government’s Identity, Credential, and Access Management (ICAM) Trust Framework Evaluation Team (TFET) reviewed Kantara Initiative’s latest submission and granted it Provisional Approval as a Trust Framework Provider at Levels 1, 2 & non-crypto Level 3 under the Open Identity Solutions for Open Government program. The removal of the provisional status will hinge on the release by TFET of additional guidance for assessors concerning privacy and Kantara’s adoption of this guidance.
This is for me an extraordinary milestone, not only in my role of Chair of the Identity Assurance Work Group, but as an identity assurance activist altogether. Kantara submitted its application for the US Federal Government adoption of the Identity Assurance Framework (IAF) in November of 2009. Prior to that date, the IAWG has been working very hard, collaborating with Kantara and the Assurance Review Board (who oversees the Kantara Initiative Identity Assurance Certification Program) to achieve this important goal (albeit still under provisional status).
The significance of this milestone is that it represents an important step towards fostering the adoption of identity-enabled Government services at known levels of assurance, relying on identity credentials issued and managed by non-Government parties (referred to as Credential Service Providers in the IAF). It will create the right conditions for the certification program to be adopted in real-life scenarios and for the industry to benefit from a proven, best-of-breed certification program that effectively enables interoperability and trust. This means that the IAF will not be just a “paper” standard, incarnated in a compendium of documents, but an actual technology-agnostic program that organizations can certify against.
With the adoption of risk-based models, identity federation can achieve Internet scale, and facilitate public access to online information at specific levels of assurance. With adoption will also come economies of scale and further collaboration and interoperability across industries and Governments.
As someone who has been involved in identity management and identity assurance for quite some time, I cannot help but feel excited about the times I live in, and optimistic about what is to come.
I do anticipate and hope for more endorsements of the IAF in the near future by other organizations, and more importantly, the start of a paradigm shift in the way we all think about identity, both within the Enterprise and in a federated environment. Ultimately, this path will allow the identerati to focus on the real end goal: delivering identity-enabled solutions and services with the level of trust and confidence that is appropriate for the transactions being performed.
But this is just a first step…
Frank
Subscribe in a RSS reader • Subscribe via Email
Announcing the formation of the Interoperability WG – Call for Participation
Below is a call for participation sent to the Kantara community@ list by Ari Kermaier, co-chair of the Interoperability Review Board. Please feel free to pass this note on to colleagues or friends who may be interested.
—————————————————-
The Kantara Initiative is expanding its focus beyond SAML 2.0 and is working to cultivate and manage new certification programs covering a broad spectrum of developing identity and access protocols. Some of the emerging standards currently under consideration for testing are:
- WS–Trust
- WS–Security
- OpenID
- InfoCard
- Oauth
- XRD
To support the development of the new test procedures needed for this program, the Kantara Initiative is announcing the formation of the Kantara Initiative Interoperability Work Group (IOPWG) – chartered to support the Kantara Initiative Interoperability Program through the development of Test Procedures to be used by the Interoperability Review Board, regardless of protocol. The IOPWG will work closely with the Interoperability Review Board (IRB), the Kantara Initiative sub-committee responsible for member oversight of the Interoperability Program.
In addition, the IOPWG will be available to provide expertise and technical support to the IRB during the course of any of the Kantara Initiative Interoperability events, and will assist in resolving questions of protocol interpretation that may arise among test participants.
If you’d like to get involved in the Kantara Initiative Interoperability Program to recommend test procedures for such emerging standards as WS–Trust, WS–Security. OpenID, InfoCard, Oauth and XRD, the IOPWG is the group for you!
For more information on the Interoperability Workgroup, please visit the IOPWG home page at http://kantarainitiative.org/confluence/display/iopwg to see:
- The Charter
- Mail list and Archives
- Designated IPR Policy options for operation
- “Join this Group” Button
ANYONE may participate in a Kantara Initiative Work Group. If you or your colleagues would like to join this group, you will simply need to complete the Group Participation Agreement here:
http://signup.kantarainitiative.org/?selectedGroup=23
(NOTE: joining Kantara Initiative as a Member does not automatically enroll you as a Participant in any particular WG or DG–you must specifically join those groups in which you choose to participate):
Of course, if you encounter any problems on our Website, the Kantara Initiative Staff is always happy to assist! If you have any questions about the Kantara Initiative or how to get involved please don’t hesitate to send us a message (support[at]kantarainitiative[dot]org) or use our contact form here: http://kantarainitiative.org/confluence/display/GI/Contact+Us
Please join us in congratulating the IOPWG on its formation!
Regards,
Ari
Subscribe in a RSS reader • Subscribe via Email
Identity Assurance, an everyday life issue – articles from the IAWG Chair
Frank Villavicencio, Kantara Initiative’s Identity Assurance Work Group (IAWG) chair, has posted a very interesting 2 part blog article called “Identity Assurance, an everyday life issue”. In this 2 part series of articles Frank provides an excellent overview of Identity Assurance concepts as well as examples of how Identity Assurance applies to everyday life experiences. The intro to the articles is copied below and the full series can be read from the links provided.
Read the full articles:
Part 1
Part 2
——————————-
Introduction
The notion of identity assurance is to establish, with a level of certainty, that the human being represented by a credential in an electronic transaction is in fact the alleged person. Whether you realize it or not, whenever you perform an electronic transaction, you are making some kind identity assurance tradeoff.
Identity assurance does not only apply to scenarios in the extranet in which consumers or users from one organization interact with systems in another. It also applies within the enterprise where you need to view identity lifecycle management holistically, as opposed to fragmented steps, such as provisioning, authentication, single sign-on, etc.; and how they contribute to creating and maintaining identity assurance.
——————————-
Thanks for the great articles Frank!
Subscribe in a RSS reader • Subscribe via Email
FuGen added to Kantara Initiative’s RSA Security Pre-Conference Workshop, March 1 2010
FuGen Solutions joins Kantara Initiative’s annual identity workshop at the RSA Conference, March 1, 2010, 8am-5pm. NTT, Ping Identity and the U.S. Government showcase demonstration pods alongside FuGen Solutions. Join us for a series of presentations, panels & demonstrations of common Cloud/SaaS scenarios from diverse market leaders.
Register now for our free workshop using the code: 1310KANEXPO for the Expo only pass and select Kantara Initiative from the ‘Registration Package’ page. This pass only allows access to Kantara Initiative workshop on March 1. Read details about the Conference events March 1-5.
Title: Technology, Policy, and Compliance for Identity Services in 2010 & Beyond
What: Kantara Initiative’s RSA Security Pre-Conference Workshop
When: Monday, March 1, 2010, 8:00am-5:00pm, Room 301
Where: Moscone Center, San Francisco, CA, USA
2010 brings new opportunities for identity services in the enterprise & consumer markets. This workshop is designed to equip attendees with the vital information required to ensure success in employing the right identity management approach with the proper considerations. Recent developments in identity assurance, multi-protocol interoperability, liability models, usability, privacy-enablement and identity services certification will be spotlighted by key market leaders including Google, Oracle, CA, Aetna, NTT and Ping Identity.
Agenda:
| 8:00- 9:00 |
Visit demonstration pods featuring a variety of innovations & deployment scenarios |
| 9:00-9:40 |
Kantara Initiative – The Identity Ecosystem one year later: highlighting key industry and government initiatives in context and plain English. Trent Adams, Leadership Council Chair @ Kantara Initiative, Outreach Specialist, ISOC |
| 9:40-10:20 |
Identity Assurance and Open Trust Frameworks, What does it all mean? |
| 10:20-10:30 |
Break |
| 10:30-11:10 |
CA – Identity as Security Glue for the Cloud. Matthew Gardiner, Director of Product Marketing, CA & Chris Sharp, Director of Application Development, MEDecision |
| 11:10-11:50 |
NTT – An overview of recent developments in some key identity protocols (SAML, OpenID, OAuth, IMI etc), and a discussion of opportunities for combining these protocols in interesting ways. Paul Madsen, Identity Management Researcher, NTT |
| 11:50-1:10 |
Lunch Break with extra free time to visit demonstration pods |
| 1:10-1:50 |
Ping Identity – How the Cloud is Changing Federated Identity Requirements. Patrick Harding, CTO, Ping Identity |
| 1:50-2:30 |
Oracle Identity and security considerations in leveraging Cloud services – an enterprise perspective. Uppili Srinivasan, Senior Director Oracle Security and Identity |
| 2:30-2:40 |
Break |
| 2:40-3:20 |
Google – Business value of federated login for consumer websites, Enterprise SaaS vendors, and Enterprises. Eric Sachs, Product Manager Google Security & Chris Messina, Open Web Advocate. |
| 3:20-4:00 |
Kantara Initiative – Identity Services Roadmap: A panel of market leaders from Healthcare, eGovernment, and Financial Services discuss the future of Identity Services. Moderated by Matthew Gardiner, VP of Kantara Initiative & Director of Product Marketing, CA
Panelists: Mark Coderre, Head of Security Architecture at Aetna & Debbie Bucci, Integration Services Center Manager (NIH Login, Federaton, SOA), NIH – Center for Information Technology Division of Enterprise and Custom Applications |
| 4:00-5:00 |
Visit demonstration pods featuring a variety of innovations & deployment scenarios |
Subscribe in a RSS reader • Subscribe via Email
Announcing Kenji Takahashi as Kantara Initiative’s Japan WG Chair
We’re happy to announce the continued leadership of Kenji Takahashi as Kantara Initiative’s Japan WG (Working Group) Chair. Mr. Takahashi of NTT has worked with Kantara Initiative since it’s launch alongside Toshihiro Suzuki of Oracle Corporation as co-chair of the Japan WG. Kenji also leads the Japan Discussion Group for Kantara. Both Kenji and Toshihiro have played a significant part in extending the education and adoption in the Japanese market, most recently presenting the Kantara Initiative Symposium. Kenji also served in previous years as co-chair of the Liberty Alliance Japan Special Interest Group (SIG).
We congratulate Kenji in his continued role and look forward more great work coming from the Japan WG this year.
Subscribe in a RSS reader • Subscribe via Email
Announcing Bob Pinheiro as Kantara Initiative’s Consumer Identity WG Chair
We’re happy to announce Bob Pinheiro as Kantara Initiative’s Consumer Identity WG Chair. Bob has been active with Kantara Initiative since it’s inception and in previous years with Liberty Alliance chairing the Identity Theft Prevention Group.
Congratulations to Bob, we’re looking forward to all of the excellent work to come out of the Consumer Identity WG in 2010.
Subscribe in a RSS reader • Subscribe via Email
Announcing Government of Canada Consultation on Cyber Authentication
At the request of our friends to the north, we’re pleased to share this announcement from the Government of Canada. Here it is verbatim in both English and French. Note the reference to Kantara Initiative in the 3rd paragraph. We strongly endorse and recommend you participate in this consultation, if at all possible.
Please read the full announcement below. Also, for more information directly from the MERX site please visit: http://bit.ly/9GQ8Qq
_______________________________________________________________
Government of Canada Industry Consultation on Cyber Authentication Renewal Program
Industry Consultation: February 16, 2010
Optional One-on-one Sessions: February 16 – 18, 2010
National Capital Region
In collaboration with the Treasury Board of Canada Secretariat (TBS), Public Works and Government Services Canada (PWGSC) is inviting representatives of private-sector organizations to participate in consultations on the Cyber Authentication Renewal Program.
The Government of Canada (GC) is investigating solutions that would allow individuals the option of using their existing credentials in order to gain online access to government programs and services. This proposed approach would provide flexibility to both departments and agencies, and to individuals who access these services. It would allow departments and agencies to use credentials that are appropriate to the sensitivity of their service offerings, while allowing individuals to choose the credential they wish to use to access any online GC services.
The GC is considering basing its accreditation framework initially on the Kantara Initiative’s* Service Assessment Criterion and Assurance Assessment Scheme.
The GC is inviting industry organizations to participate in a consultation on February 16, 2010, to validate and refine its approach to electronic authentication, and to gather information on how it will solicit and accredit external credential service providers – using a federated model. The industry consultation will be followed by optional one-on-one sessions beginning the afternoon of February 16, 2010 and concluding by close of business February 18, 2010.
For further information, please send an email to ConsultationSPTI.ITSSConsultation@tpsgc-pwgsc.gc.ca, or visit the event posting on MERX.
*The Kantara Initiative (http://kantarainitiative.org) is a group of individuals, developers, organizations, governments, and technology providers that, in 2009, amalgamated several long standing foundations and associations from the identity community. The goal of the Kantara Initiative is to harmonize and coordinate the actions of this community to help ensure secure, identity-based, online interactions while preventing misuse of personal information.
——————————————————————————-
Consultations auprès de l’industrie sur le programme de renouvellement de l’authentification électronique du gouvernement du Canada
Consultations auprès de l’industrie : 16 février 2010
Séances individuelles facultatives : 16 au 18 février 2010
Région de la capitale nationale
Travaux publics et Services gouvernementaux Canada (TPSGC), en collaboration avec le Secrétariat du Conseil du Trésor (SCT), invite les représentants des organisations du secteur privé à participer aux consultations sur le programme de renouvellement de l’authentification électronique.
Le gouvernement du Canada est à la recherche de solutions qui donneraient aux utilisateurs la possibilité d’utiliser leur justificatif existant afin d’accéder en ligne à des services et à des programmes gouvernementaux. Cette approche proposée offrirait de la flexibilité aux ministères, aux organismes et aux utilisateurs. Elle permettrait aux ministères et aux organismes d’utiliser des justificatifs appropriés en fonction de la sensibilité des services offerts, tout en permettant aux utilisateurs de choisir le justificatif qu’ils veulent utiliser pour accéder à tous les services gouvernementaux en ligne.
Le gouvernement du Canada envisage tout d’abord de fonder son cadre d’accréditation sur les Service Assessment Criterion (critères d’évaluation de service) et l’Assurance Assessment Scheme (programme d’évaluation de l’assurance) de l’initiative Kantara*.
Le gouvernement du Canada invite les organisations de l’industrie à participer à des consultations le 16 février 2010 pour valider et préciser son approche à l’égard de l’authentification électronique et pour recueillir des renseignements sur la manière dont le gouvernement sollicitera et accréditera les fournisseurs externes de services de justificatifs en utilisant un modèle fédéré. Les consultations menées auprès de l’industrie seront suivies de séances individuelles facultatives qui commenceront le 16 février 2010 en après-midi et se termineront à la fermeture des bureaux le 18 février 2010.
Pour obtenir de plus amples renseignements, envoyez un courriel à l’adresse ConsultationSPTI.ITSSConsultation@tpsgc-pwgsc.gc.ca, ou visitez le site du MERX pour l’annonce d’évènements.
*L’initiative Kantara (http://kantarainitiative.org)est un regroupement de gens, de développeurs, d’organismes, de gouvernements et de fournisseurs de technologie qui, en 2009, a fusionné plusieurs fondations et associations de longue date de la communauté d’identité. L’objectif de l’initiative Kantara est d’harmoniser et de coordonner les actions de cette communauté pour faire en sorte que les interactions en ligne sont sécuritaires et basées sur l’identité en plus de prévenir l’utilisation malveillante des renseignements personnels.
———————————————-
Next Page »Subscribe via email
|
|
