Untangling Assurance Spaghetti
Various Insurance Frameworks; new framework in the middle;
They all address different aspects; Inspired by the particular interface; They all address different elements in different ways;
The presenter gives explanation of the file which is a scheme of various insurance frameworks:
IGTF 1 – describes a level of assurance; top to bottom each of those makes statements on a number of categories; identity validation
horizontal base - statement
3(ASPEN, BIRCH…) make the same statement DOGWOOD makes a different statement
You get the complexity/Wight of it; you can see the assurance is going to these 3
Q: What do you mean by PKI implementation?
A: cryptology rendering of the assurance, e.g. in SAML
- infrastructure implementation
- specifics of that IGTF
Comment: In SAML there would be an assurance qualifier, in PKI you bind those differently;
- Single factor, multi-factor is different than the identity factor;
They are all slightly different (pictures) – 2nd one
- REFEDS Assurance Framework - same principle, you are following a line down, you read the documents top to bottom; Identity proofing – single or multi factor identification; this got very complicated REFED linking to KANTARA.
- KANTARA – same principle, just getting more complicated, some are shaded – there are 3 but beware (showing difference); fulfil some obligation;
When you look at the ID proofing from the REFEDS, each line is a line in the REFEDS that says it’s either this one, or that one… At the end it must fulfil one of these 4;
They are underlying consumptions because it is written for a specific community; those assumptions aren’t in Kantara; it’s meant to be simple/useful for us as a research community; those frameworks don’t have assumptions; There are things in the Kantara that are fulfilled by assumptions underlie the reference –> lot of criteria in the public sector that are automatically fulfilled;
The problem is when you do that you lose the simple part about the reference
Presenter: The reason we came up with a specific set of levels both for REFEDS and IGTF reflect those assumptions; simple statement building up to 3 different ID level profiles
- It’s not that it was forgotten, but it couldn’t have happened by the process that was chosen to produce it; assessment of risk; responding to the identified risk; never about comparing to another framework or a universe of specifications;
- National Federation have done this kind of thing; 5 years later – how come we can’t map, turns out we all did the same process/exercise
- 5 different assurance profiles that we need to ensure that research and infrastructure talk to each other – Is it bad that those 5 are different from the ones that we see come out of this complex exercise, given that we operate within this community?; If we expose the whole complexity, within the target audience for our assurance, would it actually work?
- Not a realistic use case, because those situations come with the complaint migratory constraint build in them.
- liability: you have to put the specific bits
- Looking for a good justification for the existence of each of the profiles
- Most comprehensive framework there are 2 jump outs;
- Because they didn’t have the benefit of assumptions
- Kantara is changing its framework
Q: The value, the reason to spend, the effort to do so, would be because you can produce more normal language so that, there is a way to be more welcoming to new kinds of activities in federation? Why should we bother doing it?
A: There are two reasons - infrasection between communities, infrasection between health sector assurance and research and mitigation sector assurance, those are 2 intersecting models and they are causing an actual friction today; 2nd: peer review process which is being operated over Europe; insurance frameworks all developed from spit and glue; they all need to go and look at each other and then to…;
- People will start asking: Exactly how are you doing your identity proofing, UK?
- To what extent will it be rewritten? complaint risk list; Assessment from 15 years ago; not being able to keep up;
- Someone sitting down with the two check lists and comparing them
- Different sets of regulations; concrete federation that do both sides;
- What is going to happen then? How is going to come together? Where is it going to land? It has to be 3/3(?)
- If it happens, it’s not going to happen in the US
- Diagram shows where the gaps are;
Q: Can you build a tool that allows me to navigate this? If you can present this in a navigational way, it will be great.
A: It is somewhat interactive; Trust framework and an Assessment framework;
Comment: You want to use a risk assessment framework;
Q: Resources on how to do that? –> risk mitigation; you can drill into that to make it more specific;
- TFPAP assessment program - version of the same criteria but one that will allow them to recognize that Kantara’s program meets those criteria
- Had all of the control measures;
- 3-4 suggestions how it’s possible: if there’s any way to coordinate – to build on each other, expand on each other; money and time is not the problem but coordination and not enough people;
- IDEF – TFP process; familiar with the risks and how to deal with them; matrix as part of the TFP process;
- too hard for a university to embrace;
- but we carry on using it;
- Its complexity is contextual;