Identity and Access Management
International Collaborative Identity Management Forum (I-CIDM)
The International Collaborative Identity Management Forum is a
community with focused activity around authentication, trusted mechanisms
and identity proofing and vetting. It is working towards a solution
to the problem of efficient identity authorization amongst participants
in extended enterprises.
Identity and access management is a far more encompassing concept,
and AFEI in conjunction with other participating organizations will
expand its efforts in this area under an Information Assurance Forum,
which will include CIDM.
Introduction
Homeland
Security Presidential Directive/HSPD 12
Next Meeting of the Forum is November 10, 2004 at
the Holiday Inn, Rosslyn
(One block North of Rosslyn Metro Stop) The program includes Federal/DoD
Policy and program updates and reports from Forum working groups.
The International Collaborative Identity Management
Forum is an open, working body composed of government, industry
association and academic representatives that are concerned with
multi-enterprise identity management, digital signatures, and the
associated strategies for control of access to information.
Top of page
Who
Participating Organizations include:
OSD - Networks and Information Integration (NII)
DoD Common Access Card Program
DoD PKI PMO
Federal Identity Credentialing Committee (FICC)
NACHA - the Electronics Payments Association (link)
National Defense Industrial Association (NDIA)
United Kingdom Council for Electronic Business (UKCeB)
Society for British Aircraft Manufacturers (SBAC)
Defence Manufacturers Association (DMA)
Top of page
Mission
The mission of the I-CIDM Forum is to provide an open International
platform for governments and industry, to facilitate action on industry-wide
identity and access management issues, to assist industry in understanding
and assessing the implications and impacts of identity and access
management, and to provide the broadest legal and ethical forum
for the exchange of information and ideas.
Top of page
BACKGROUND
The Collaborative Identity Management Forum (CIDM)
began in April 2004. It was established by the Association for Enterprise
Integration (AFEI), OSD NII, and the United Kingdom Council for
Electronic Business (UKCeB) Transatlantic Secure Collaboration Program
(TSCP). The first of the CIDM
Forum was held on 25 May, 2003.
The CIDM Forum originated from a US Government request for a pan-industry
international representative body that could provide a consensus
view of the industries' needs for identity management. The Forum
is a channel for raising suggestions and concerns arising from evolving
policies and initiatives requiring digital signatures and certificates.
TransAtlantic Secure Collaboration Programme
Reports
Top of page
The Defense Motivation
The US DOD has issued policy statements requiring that certain kinds
of electronic transactions must be signed with a DOD-approved digital
certificate to authenticate the sender and/or receiver of information
at a satisfactory level of assurance. In response to
these policies and to help enable secure collaboration, a community
of international governments' organizations and companies have agreed
that a means must be found to enable companies' trust mechanisms
to interoperate with each other and with governments. To ensure
that there is broad industry consensus, DoD requested AFEI and AIA,
in conjunction with other trade associations such as SBAC and DMA,
to invite aerospace and defense companies and other governments
to participate in a forum to clarify the current situation and the
way ahead regarding identity management both within and across collaborating
organizations – Collaborative Identity Management (CIDM).
Top of page
The Federal Connection
In the course of organizing the first Forum meeting it became
clear that the Forum must include the agencies of the Federal Government
that were already at work on PKI and digital certificates. These
include The Federal PKI Steering Committee (more), The Federal Bridge
Certificate Authority, The Federal Identity Credentialing Committee,
and the E-Authentication Program (More
about these).
NIST is working PKI standards and has a key role to play in the
development of a federal identity standard, as required by HSPD
12.
Top of page
The International Dimension
The impetus for internationalization came at the outset. TSCP
had made a clear and compelling case for identity management based
on the complex international structure and relationships of the
Joint Strike Fighter Program. However, the internationalization
dimension goes far beyond a single program. Security today depends
on effective coalition operations in net-centric environments. A
way ahead must be found that allows coalition forces to interoperate
in a secure way and to know who is on the network at every moment.
Identity management becomes a crucial enabler of effective operations.
Top of page
The Industry Incentive
Security is a key concern from the Board Room to the Network Operations
Center. Identity and access management is becoming more complex
as digital identities take on an increasingly important role in
specifying how users interact with computer networks.
Organizations need to manage users efficiently and accurately while
granting them access to network resources. However, organizations
rarely store and use identity information in only one place. Multiple
departments, countries and regions, business divisions, and software
choices along with mergers and acquisitions result in the proliferation
of directory services and application-specific identity stores —
increasing costs and causing complicated security issues. Moreover,
the need to electronically transact business with suppliers, customers,
regulators, and other government agencies compounds this complexity
exponentially.
Improving access to network resources and managing the identity
life-cycle can provide significant dividends for organizations.
Typical benefits include:
• Reducing total cost of ownership (TCO) through efficiency and
consolidation.
• Security improvements that reduce the risk of internal and external
attacks.
• Greater access to information by partners, employees, and customers
— driving increased productivity, satisfaction, and revenue.
• Regulatory compliance through the implementation of comprehensive
security, audit, and access policies.
• Greater business agility during events such as mergers and acquisitions
Top of page
COLLABORATIVE IDENTITY MANAGEMENT
The purpose of the Collaborative Identity Management (CIDM) activity
of the Forum is to enable end users of applications in different
organizations that have different PKI Certificate Authorities (CA's)
to be able to establish a path of trust across bridges at a medium
level of assurance with a hardware token and at such other levels
as required.
Top of page
Working Groups
The initial work of the forum has been to address CIDM,
with a goal of being able to demonstrate a working exchange of credentials
from dissimilar PK Infrastructures through two bridges. To accomplish
this several working groups have been formed.
Technical Working Group - responsible for identifying
and addressing all technical issues involving authentication and
authorization between end users and their applications.
Bridge-to-Bridge Working Group - is working on
developing Bridge-to-Bridge policies and issues for cross-certification.
Identity Proofing and Vetting Working Group -
is responsible for the rules and mechanisms for establishing identity.
This group meets for the first time in London on 12 Oct.
The overall CIDM goal is for an International CIDM bridge-to-bridge
environment to be demonstrated before the end 2005.
Top of page
|
