I introduced the concept of separation of Identity Proofing from Authentication using a formal Binding mechanism in getting to mHealth solutions - real People. I didn't know it was being formally defined in NSTIC. The idea is that I introduced leverages the concepts of separation of Identity Proofing from Authentication. Exactly the concept outlined in an NSTIC blog NSTIC Pilot Common Considerations 5: An Identity Ecosystem Functional Model for the Modern Market.There are five different scenarios depicted using this simple concept. The differences are in the methods of combining these functionality, some using an Intermediary, some just organizational arrangements. Each has a strength and an overhead. This is very encouraging work. Corporate identities can combine these as they are done almost at the same time, when you are hired and let go. Internet based identities really need to consider separation of these functional concepts.
The various models are being adopted by Internet providers and governments.
- U.S. government’s upcoming Federal Cloud Credential Exchange (FCCX). Architectures using such intermediary layers can also be used to render the operations between participants blind – in such a case, the CSPs and the RPs don’t know who is performing an authentication or transaction, respectively.
- the Canadian Cyber Authentication Renewal Project in conformance with the Canadian federal Privacy Act. The scenario where an intermediary can be used to provide an abstraction to a number of different authentication means, but each relying party still performs its own identity proofing.
For the details, please read the NSTIC blog NSTIC Pilot Common Considerations 5: An Identity Ecosystem Functional Model for the Modern Market.
For references see: My Topics page
User Identity and Authentication
- getting to mHealth solutions - real People
- getting to mHealth solutions - Users
- Internet User Authorization: why and where
- IHE efforts in RESTful security
- IHE-IUA - Internet User Authentication for HTTP profiles
- Identity Proofing and Authentication -- Patient vs Provider
- Level setting on Level of Assurance
- Advanced Access Controls to support sensitive health topics – a simple solution to sensitive health.
- Direct addresses- Trusted vs Trustable
- Identity - - Proofing
- The Emperor has no clothes - De-Identification and User Provisioning
- What User Authentication to use?
- IHE - Privacy and Security Profiles - Enterprise User Authentication
- IHE - Privacy and Security Profiles - Cross-Enterprise User Assertion
- Healthcare use of Identity Federation
- Federated ID is not a universal ID
- Separation of Layers: Security Error Codes
- Authentication and Level of Assurance
No comments:
Post a Comment