Trust and Internet Identity Meeting Europe
Feb 2020: Workshops and Unconference

Untangling Assurance Spaghetti

(David Groep)

Various Insurance Frameworks; new framework in the middle; They all address different aspects; Inspired by the particular interface; They all address different elements in different ways;

The presenter gives explanation of the file which is a scheme of various insurance frameworks:

IGTF 1 – describes a level of assurance; top to bottom each of those makes statements on a number of categories; identity validation
horizontal base - statement 3(ASPEN, BIRCH…) make the same statement DOGWOOD makes a different statement You get the complexity/Wight of it; you can see the assurance is going to these 3

Q: What do you mean by PKI implementation?

A: cryptology rendering of the assurance, e.g. in SAML

  • infrastructure implementation
  • specifics of that IGTF

Comment: In SAML there would be an assurance qualifier, in PKI you bind those differently;

  • Single factor, multi-factor is different than the identity factor;

They are all slightly different (pictures) – 2nd one

  • REFEDS Assurance Framework - same principle, you are following a line down, you read the documents top to bottom; Identity proofing – single or multi factor identification; this got very complicated REFED linking to KANTARA.
  • KANTARA – same principle, just getting more complicated, some are shaded – there are 3 but beware (showing difference); fulfil some obligation;

When you look at the ID proofing from the REFEDS, each line is a line in the REFEDS that says it’s either this one, or that one… At the end it must fulfil one of these 4;

They are underlying consumptions because it is written for a specific community; those assumptions aren’t in Kantara; it’s meant to be simple/useful for us as a research community; those frameworks don’t have assumptions; There are things in the Kantara that are fulfilled by assumptions underlie the reference –> lot of criteria in the public sector that are automatically fulfilled; The problem is when you do that you lose the simple part about the reference Presenter: The reason we came up with a specific set of levels both for REFEDS and IGTF reflect those assumptions; simple statement building up to 3 different ID level profiles

  • It’s not that it was forgotten, but it couldn’t have happened by the process that was chosen to produce it; assessment of risk; responding to the identified risk; never about comparing to another framework or a universe of specifications;
  • National Federation have done this kind of thing; 5 years later – how come we can’t map, turns out we all did the same process/exercise
  • 5 different assurance profiles that we need to ensure that research and infrastructure talk to each other – Is it bad that those 5 are different from the ones that we see come out of this complex exercise, given that we operate within this community?; If we expose the whole complexity, within the target audience for our assurance, would it actually work?
  • Not a realistic use case, because those situations come with the complaint migratory constraint build in them.
  • liability: you have to put the specific bits
  • Looking for a good justification for the existence of each of the profiles
  • Most comprehensive framework there are 2 jump outs;
  • Because they didn’t have the benefit of assumptions
  • Kantara is changing its framework

Q: The value, the reason to spend, the effort to do so, would be because you can produce more normal language so that, there is a way to be more welcoming to new kinds of activities in federation? Why should we bother doing it?

A: There are two reasons - infrasection between communities, infrasection between health sector assurance and research and mitigation sector assurance, those are 2 intersecting models and they are causing an actual friction today; 2nd: peer review process which is being operated over Europe; insurance frameworks all developed from spit and glue; they all need to go and look at each other and then to…;

  • People will start asking: Exactly how are you doing your identity proofing, UK?
  • To what extent will it be rewritten? complaint risk list; Assessment from 15 years ago; not being able to keep up;
  • Someone sitting down with the two check lists and comparing them
  • Different sets of regulations; concrete federation that do both sides;
  • What is going to happen then? How is going to come together? Where is it going to land? It has to be 3/3(?)
  • If it happens, it’s not going to happen in the US
  • Diagram shows where the gaps are;

Q: Can you build a tool that allows me to navigate this? If you can present this in a navigational way, it will be great.

A: It is somewhat interactive; Trust framework and an Assessment framework;

Comment: You want to use a risk assessment framework;

Q: Resources on how to do that? –> risk mitigation; you can drill into that to make it more specific;

  • TFPAP assessment program - version of the same criteria but one that will allow them to recognize that Kantara’s program meets those criteria
  • Had all of the control measures;
  • 3-4 suggestions how it’s possible: if there’s any way to coordinate – to build on each other, expand on each other; money and time is not the problem but coordination and not enough people;
  • IDEF – TFP process; familiar with the risks and how to deal with them; matrix as part of the TFP process;
  • too hard for a university to embrace;
  • but we carry on using it;
  • Its complexity is contextual;