Notes for Oct 30 call

Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee

October 30, 2014.

1. Call to Order and Welcome.

2. Roll Call

Attending (please notify me if you attended the meeting but are not on the list below)

Abbie Barbir, Bank of America - y

Andrew Heath

Anil Saldhana, Red Hat

Bob Sunday

Brendan Peter, CA

Carl Mattocks, Bofa

Cathy Tilton, Daon - y

Charline Duccans, DHS

Duane DeCouteau

Calvin

Colin Wallis, New Zealand Government

Dale Rickards, Verizon Business

David Brossard, Axiomatics

Dazza Greenwood

Debbie Bucci, NIH

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Diana Proud-Madruga - y

Diego Matute, Centrify

Don Thibeau, Open Identity Exchange - y

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO

Gershon Janssen - y

Ilene Bridges

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam

James Clark – Oasis

Jeff Broburg, CA

Jim Macabe (Kaiser)

John Bradley

John "Mike" Davis, Veteran's Affairs

John Walsh, Sypris Electronics

Jonas Hogberg

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST - y

Lucy Lynch ISOC

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons - y

Massimiliano Masi, Tiani "Spirit" GmbH

Mike Harrop

Mohammad Jafari, ESC -

Peter Alterman, SAFE-BioPharma - y

Peter Jones -

Rainer Hoerbe -

Rebecca Nielsen, Booz Allen Hamilton

Rich Furr

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y

Shahrokh Shahidzadeh (Intel Corp)

Suzanne Gonzales-Webb, VA - y

Tony Rutkowski

Tony Nadlin

Thomas Hardjono, M.I.T.

William Barnhill, Booz Allen Hamilton

Adrianne James, VA

Patrick, Axiomatics

Steve Olshansky

90 percent of the voting members were present at the meeting. We did have quorum.

2. Agenda review and approval

We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el

The agenda was approved.

3. Approval of the Minutes

Abbie asked if there was any objection to approving the minutes.

Don made a motion to approve the minutes from September 16.

Cathy seconded.

There were no objections.

The minutes were approved.

Abbie reported that we did have an editor meeting. We have a TOC. Andrew would have presented it if he was on the call. We can do it next time as we have two guests from Safelayer: David Ruana and Helena Pujol. The presentation is uploaded to the TC document side and the PDF was uploaded to the chat room.

Abbie will add the WebEx link to the chat room.

4. Presentation by David Ruana from Safelayer Secure Communications on eIDAS trust elevation

David began. The slide deck is on achieving the vision. He will skip the use case and go through sections 1, 2 and 4.

Slide 3 – they have been providing eID technology for 15 years including adaptive AuthN, PKI, mobile PKI and digital signatures, etc.

Slide 5, introduction to the EU regulations endorsed 23rd of July. It will be a major step forward. Member states will need to recognize eID from other member states. It will also regulate activities of trust service providers

Slide 6 – it stands for Electronic identification, authentication and signature.

Slide 7 – road map for next steps. Trust service providers have 2 years to comply with this regulation so use case is for those who have already made the modifications. They have to wait for the other providers to be ready to do the cross certification with them

Slide 8 – vision is trust, security and convenience. They need to work hard on providing convenience for the citizens.

Slide 9 – the factors to consider are social IDs are being used by millions, members of the social networks, so we have to take them into account. The second key factor is mobile devices. The third factor is cloud service providers. eID has to fit in this picture. The regulation talks about trust /security first.

Slide 10 – trust /security first.

Slide 11 – classification of security mechanisms based on assurance level. When we need them to use a verified ID we can take them through a step-up. We make a slight differentiation between trust-el and step-up. Trust-el can be repeated as many times as required. LOA-4 is PKI stored in a smart card. Most citizens only need up to LOA-3.

Slide 12 – any operation requires consent of the user. Consent can be implemented with OAuth 2.0 or OpenID Connect.

Slide 13 – we have a picture of the architecture. This is to show you that we have designed an e-signature provider with the same architecture as the IDP. They are sharing the authentication service. They control PKI keys.

Slide 14 – is on convenience. What can we do to make life easier for the user.

Slide 15 – have apps for iOS and Android devices. It is so simple that the user just starts the app and it automatically connects to the certificate authority and installs the apps. Any time the citizen is browsing a website and he or she attempts to use this authentication mechanism it presents the notification and it automatically starts the app. We can use this mechanism as the primary mechanism for entering the site or as part of a trust elevation process.

Slide 16 – skipped as it is on e-signature.

Demonstration

David explained the demonstration is of a bank website. We will see how the citizen enters the portal using the app he explained. Now the citizen needs to identify himself. The screen on the left is the citizen’s iPhone. You see the notification has been received. The user clicks on the notification and enters a pin (usually 4 digits.) So now the next operation is to transfer money. The app starts for the second time. This time the user needs to approve the transfer. The browser refreshes the page automatically and the user can continue with the main interaction. This is an example of using the mobile app as the primary AuthN mechanism. Then he showed the mechanism for trust-el AuthN. The user starts by logging on to Facebook. Then the user goes to the banking website and selects login with Facebook. So the session is open, but when the user tries to make the transfer, and the user authenticates with the mechanism, they now will be allowed to complete the transfer. A cookie is stored on the device. Now the user logs out and logs in again. But the second time, the device is recognized. So the session starts out at a high level.

David concluded. Now Helena will continue with her presentation, the second slide deck: Survey of Trust Elevation.

Helena began. We can control how the SP lets their user’s in. We discussed how a login and a transfer are different. Facebook and verified identity are different. Safelayer supports many federated identity providers. We can assign trust levels to the IDP we are working with. Based on the trust we have, we can trigger trust-el steps and process. We do this with multi-factor AuthN and the platform also supports SSO. If there is already a process on with the IDP, it will take into account the requirements of the new SP. The integration standards are those convenient for cloud and mobile apps.

Slide 4 – same as David showed before. We can classify identities and trigger trust-el with authentication flows. The process can adopt to RP requirements and to the role of the user and other identity attributes of the user. For example, is the user in the marketing department or in finance? Some departments will require another mechanism. It is dynamic and adaptive. We adapt also to other contextual information or her location and some biometrics, such as keystroke. This is all configurable of course, depending on the context and the app. These additional factors are only triggered if we need to have more confidence in the identity.

Slide 6 – we classify the factors. We also implement client SSO and mechanisms from other vendors. Not all mechanisms are useful for the same thing. Some are helpful for primary authentication, but then when we need more trust we need a step-up mechanism. We differentiate between trust-el and step-up. Trust-el is achieved with parameters that can suggest if the user is using the usual location and the usual device and this gives us some clues to the authentication of that identity. Step-up is a mechanism that allows the organization to say a higher level has been achieved.

Shaheen asked so one is more passive and one is more active?

Helena replied trust-el is used when the IDP needs to sync requirements with levels, but if they need a new level we do this with those step-up processes to elevate the level of the session.

Slide 7 – the point is that we classify the factors. We follow the NIST levels. Within a corporate environment you could classify your own mechanisms or those of others.

Slide 8 – a screen shot of a configuration screen for RPs to indicate SSO preferences and requirements.

Slide 9 – summarizes combinations of requirements.

Slide 10 – we have a website with demos: http://demo.safelayer.com

Abbie remarked that slide 9 is of interest to the TC. Can you share how to do OAuth?

Helena replied we can specify a URL that maps to a specific levels and flows. They also support authorization scopes. We can order the flows to trigger the most secure or the most convenient process.

Abbie thanked them and asked for questions.

Shaheen said we someone from the TC should engage with them. It is very relevant.

Abbie continued especially the ACR values. This is part of the metadata work. What they are doing is an implementation of the way the step-up happens. But in a large bank each line of business will have its own apps so standardization becomes important. They are doing the AuthN as part of step-up which is good. The TC needs to feed a policy engine. It could be XACML or UMA, etc.

Helena said this is just an example of a platform and a way an org can use the product. You have to propose the metadata, etc. The product has to be configured. It is crucial that levels are standardized, and that it can be understood by other IDPs.

Abbie said he likes the accumulated assurance. In our TC, we have a matrix to say how you achieved an LOA (i.e. same device and location, so this is the known assurance at this state.) Our work will allow you to say trust is from multiple factors. He likes that she differentiated between known history and step-up. That is a useful distinction.

Peter commented that what he liked about this is it is a clear example of an implementation of the standard and approach. What we honed in on is it is important to have a policy engine driven by the third deliverable. And, we need a better title than the third deliverable.

Abbie said David and Helena can you work with us here? Whatever we develop, your solution should be implementable within the framework.

?? asked what is your role in the Europe standardization work?

David replied we are not formally participating in the definition of the regulations.

Abbie asked but are you trying to comply with the regulations?

David replied yes.

Abbie asked for a list of the requirements they are trying to meet so that we can incorporate it in our requirements.

Peter said he is in the process of mapping the ID 9-10-14 requirements against the global SAFE-BioPharma trust framework that is based on the 29915 threat vector mode. He will share it with the TC and Safelayer.

Abbie commented that we need confirmation that we are touching the right baselines here. After today, I know where we need to go with our next deliverable, the anchor of trust, etc. For those involved with FIDO, he confirmed she importance of the TC’ and IBOBS work. The trend is to have a trusted identify that relates to a device, but can go more fine grained: device and finger print. FIDO provides an addition that is an extra attribute to the AuthN flow. That is, I have seen this device through the attribute binding – need to step-up, to bind right away. That identified is bound to this identity. Once do that at a certain LOA, need another step-up to meet the policy requirements of the app. The step-up needs to work with different end points. This will be done differently from one device to another. We may have different protocols. This is where we need to go. This is wonderful work. We are in the forefront of the next generation authentication and we are doing the right thing.

Peter agreed.

Abbie said thank you, looking forward to it.

5. Adjourn

Abbie asked for a motion to adjourn.

Peter made the motion.

Mary seconded the motion.

The meeting was adjourned.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

abbie morphed into abbie-bofa

abbie-bofa 1: documents for today presentation are on the tc document folder

abbie-bofa 1: see https://www.oasis-open.org/apps/org/workgroup/trust-el/documents.php

abbie-bofa 1: Agenda

abbie-bofa 1: roll all

2, agenda bashing

3. editor update

4. presentation by David Ruana form safelayer on eIDas trust elevation

5. roll call

6. adjourn

abbie-bofa 1 uploaded file: Safelayer - Achieving the eIDAS Vision - ISSE 2014.pdf

abbie-bofa 1 uploaded file: Safelayer - Trust Elevation - OASIS TC.pdf

abbie-bofa 1: i also uploaded them to chat room

anonymous morphed into Safelayer

Safelayer morphed into David Ruana, Helena Pujol (Safelayer)

Kevin Mangold (NIST)3 morphed into Kevin Mangold (NIST)

anonymous morphed into Shaheen Abdul Jabbar (JPMC)

abbie-bofa 1: i did set up a webex

abbie-bofa 1: do not use the brideg from webex since we are on a bridfe already

abbie-bofa 1: webex is

abbie-bofa 1: 1. Go to https://attend.webex.com/attend/e.php?AT=MI&EventID=306680087&UID=0&RT=MiMxMQ%3D%3D

don thibeau: forgive the gratuitous plug- for the latest developments on new profiles for the OpenID Connect standards is at http://openid.net/

anonymous morphed into Suzanne Gonzales-Webb1

trust-el message