TFTM 2013-12-04 Meeting Attachments
|NOTE: This content is DRAFT FOR DISCUSSION and has not been ratified by the TFTM Committee|
Agenda & Action Items
13:00 - 13:30 EST - IDESG and TFTM Updates and Reminders
13:30 - 15:00 EST - Anil John presentation and discussion on FICAM TFS updates
Agenda and Dial-in Information here:
Text From The IDManagement.gov Blog Post Announcing The Updates
The FICAM Trust Framework Solutions (TFS) is the federated identity framework for the U.S. federal government. It includes guidance, processes and supporting infrastructure to enable secure and streamlined citizen and business facing online service delivery.
For the first time since the inception of the Program in 2009, we are releasing a comprehensive update to the Program to incorporate Agency implementation feedback, ongoing lessons learned regarding the operational needs of shared service initiatives such as the Federal Cloud Credential Exchange (FCCX), as well as updates made as a result of changes in the private sector marketplace of identity services.
The FICAM Trust Framework Solutions Overview (PDF - DRAFT) provides a holistic overview of the FICAM TFS Program
- Description of the components that make up the TFS Program
- The TFS role in supporting Government-wide policy and National Strategy implementations
- TFS and its implementation by Government Agencies
- TFS fast-track process for Financial Institutions required to implement a Customer Identification Program by Government regulators
- Relationship to the FICAM Testing Program for on-premise vendor solutions that implement FICAM protocol profiles
The components of the FICAM TFS Program are:
- The Trust Framework Provider Adoption Process for All Levels of Assurance (PDF - DRAFT) describes the process by which the TFS Program evaluates and adopts commercial Trust Frameworks for use by the U.S. federal government
- Overview of the Trust Framework Adoption Process
- Incorporation of the privacy trust criteria into the Trust Framework adoption process
- Updated trust criteria to incorporate NIST SP-800-63-2
- Update to Level 1 Trust Criteria to allow CSP self-attestation to TFPs
- TFS Program, Component Identity Services, and associated standardized terminology
- TFS Program's relationship to entities (CSPs etc.) that are assessed and evaluated by an adopted Trust Framework Provider
- The Authority To Offer Services (ATOS) for FICAM TFS Approved Identity Services (PDF - DRAFT) makes explicit the requirements that identity services need to satisfy in order to offer their services to the U.S. federal government
- While there has always been a two-step process to approve an identity service for use by the Government (Trust Framework Provider Assessment and Qualification and TFS Program Approval), the latter has always been a process with limited visibility outside of Government. This document provides visibility into and formalizes the process.
- Explicit testing and verification of service interfaces to assure conformance to approved protocols and profiles
- Requirement to implement tested interfaces by the solution provider when offering the service to Government
- Standards based attribute requirements to enable identity resolution by Government relying parties at LOA 2 and greater
- The Identity Scheme and Protocol Profile Adoption Process (PDF - DRAFT) describes the process by which protocol profiles are created, adopted and used by the government to ensure that the RP application and the CSP communicate in a secure, interoperable and reliable manner.
- Updated to allow the flexibility for Government to adopt protocol profiles created by industry, provided it meets Government needs for security, privacy and interoperability
- Standardized assurance level URIs for use in protocol profiles
- The Relying Party Guidance for Accepting Externally Issued Credentials (PDF) provides guidance to Agencies on leveraging federated identity technologies to accept externally issued credentials
- The E-Government Trust Services Certificate Authority (PDF) provides a certificate issuance capability that supports the federated identity use cases of Agencies that require endpoint and message level protections
- The E-Government Trust Services Metadata Services (EGTS Metadata Services) provides a trusted mechanism for the collection and distribution of metadata to enable identity federation capabilities
All of the above documents, except for the Relying Party Guidance and the EGTS CA Concept of Operations, are currently in DRAFT status while we seek feedback from our Public and Private sector stakeholders.
For those outside the U.S. federal government, there will be an opportunity to engage in a facilitated discussion and Q&A with the FICAM TFS Program Manager during the December 4, 2013 meeting of the IDESG Trust Framework and Trustmark (TFTM) Committee.