Diff for Authentication frameworks
Thu, 11/15/2007 - 22:38 by Stephen.Wilson | Mon, 04/15/2013 - 18:49 by jmarquez | ||
---|---|---|---|
next diff > | |||
Changes to Body | |||
Line 7 | Line 7 | ||
PKI.
| PKI.
| ||
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
The frameworks mentioned below differ from vanilla
| The frameworks mentioned below differ from vanilla
| ||
commercial Certificate Authorities insofar as they seek to provide
| commercial Certificate Authorities insofar as they seek to provide
| ||
comprehensive support for transactions and for the implementation of
| comprehensive support for transactions and for the implementation of
| ||
transaction systems, usually in the specific context of a jurisdiction or
| transaction systems, usually in the specific context of a jurisdiction or
| ||
- | industry sector.
| + | industry sector.
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<strong>Identity Management and Authentication Policy Frameworks </strong>
| <strong>Identity Management and Authentication Policy Frameworks </strong>
| ||
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
- | The US Government's main framework for selecting authentication technologies to match transaction requirements is its <a rel="nofollow" href="http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf" target="_blank">Electronic Authentication Guideline: Recommendations of NIST, Version 1.0.2</a>
| + | The US Government's main framework for selecting authentication technologies to match transaction requirements is its <a rel="nofollow" href="http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf" target="_blank">Electronic Authentication Guideline: Recommendations of NIST, Version 1.0.2</a>
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<a href="http://piv.nist.gov/" target="_blank">The US Personal Identity Verification</a> (PIV) is more than a policy framework - it is a comprehensive new identity card system and
| <a href="http://piv.nist.gov/" target="_blank">The US Personal Identity Verification</a> (PIV) is more than a policy framework - it is a comprehensive new identity card system and
| ||
suite of standards for federal government employees and contractors, driven by
| suite of standards for federal government employees and contractors, driven by
| ||
- | Homeland Security Presidential Directive HSPD-12. The peak standard is <a href="http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf" target="_blank">FIPS 201</a>. See also <a href="http://csrc.nist.gov/groups/SNS/piv/" target="_blank">About PIV</a> and <a href="http://csrc.nist.gov/drivers/documents/Presidential-Directive-Hspd-12.html" target="_blank">HSPD-12</a>.
| + | Homeland Security Presidential Directive HSPD-12. The peak standard is <a href="http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf" target="_blank">FIPS 201</a>. See also <a href="http://csrc.nist.gov/groups/SNS/piv/" target="_blank">About PIV</a> and <a href="http://csrc.nist.gov/drivers/documents/Presidential-Directive-Hspd-12.html" target="_blank">HSPD-12</a>.
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
- | <a href="http://www.agimo.gov.au/infrastructure/authentication/agaf_b" target="_blank">Australian Government Authentication Framework (AGAF)</a>
| + | <a href="http://www.agimo.gov.au/infrastructure/authentication/agaf_b" target="_blank">Australian Government Authentication Framework (AGAF)</a>
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
- | <a href="http://www.agimo.gov.au/infrastructure/authentication/agaf_i" target="_blank">Australian Government AUthentication Framework for Individuals (AGAF-I)</a>
| + | <a href="http://www.agimo.gov.au/infrastructure/authentication/agaf_i" target="_blank">Australian Government AUthentication Framework for Individuals (AGAF-I)</a>
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
- | <a href="http://www.e.govt.nz/services/authentication">New Zealand Authentication Programme</a>
| + | <a href="http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Resource-material-Publications-Identity-Assurance-Framework">New Zealand Authentication Programme</a>
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<strong>"Live" authentication services -- Government</strong>
| <strong>"Live" authentication services -- Government</strong>
| ||
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
- | <a href="http://www.cio.gov/fbca/" target="_blank"><span style="font-size: 10pt">US Federal Bridge CA</span></a>
| + | <a href="http://www.cio.gov/fbca/" target="_blank"><span style="font-size: 10pt">US Federal Bridge CA</span></a>
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<a href="http://www.sk.ee/pages.php/0203" target="_blank">Estonia </a>runs a comprehensive national PKI based around its smart identity card, and
| <a href="http://www.sk.ee/pages.php/0203" target="_blank">Estonia </a>runs a comprehensive national PKI based around its smart identity card, and
| ||
supporting many worlds best practice G2C applications including document
| supporting many worlds best practice G2C applications including document
| ||
- | lodgement and e-voting.
| + | lodgement and e-voting.
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<a href="https://stage-pki.belgium.be/" target="_blank">Belgium</a>
| <a href="https://stage-pki.belgium.be/" target="_blank">Belgium</a>
| ||
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<strong>"Live" authentication services -- Private
| <strong>"Live" authentication services -- Private
| ||
- | Sector</strong>
| + | Sector</strong>
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<a href="http://www.identrust.com/" target="_blank">Identrust </a>(formerly "Identrus") is a PKI program and shared infrastructure
| <a href="http://www.identrust.com/" target="_blank">Identrust </a>(formerly "Identrus") is a PKI program and shared infrastructure
| ||
service for the global banking sector. The level of "full service"
| service for the global banking sector. The level of "full service"
| ||
PKI offerings from Identrust is continuously evolving; they offer more than a
| PKI offerings from Identrust is continuously evolving; they offer more than a
| ||
- | policy framework.
| + | policy framework.
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<a href="http://www.paa.net/" target="_blank">Pan Asia Alliance</a> is a consortium of Certification Authorities operating according
| <a href="http://www.paa.net/" target="_blank">Pan Asia Alliance</a> is a consortium of Certification Authorities operating according
| ||
to a common set of policies and procedures that specifically support online
| to a common set of policies and procedures that specifically support online
| ||
- | documentation for cross border trade between member jurisdictions.
| + | documentation for cross border trade between member jurisdictions.
|
</p>
| </p>
| ||
- | <p class="MsoPlainText">
| + | <p>
|
<a href="http://www.cablelabs.com/certqual/security/" target="_blank">CableLabs </a>is a peak body for the Cable TV industry, which
| <a href="http://www.cablelabs.com/certqual/security/" target="_blank">CableLabs </a>is a peak body for the Cable TV industry, which
| ||
- | operates a PKI for embedded device certificates.
| + | operates a PKI for embedded device certificates.
|
</p>
| </p>
| ||
Authentication frameworks
Several comprehensive authentication infrastructures have been established around the world, in both the government and private sector, of varying degrees of comprehensiveness. Some are policy frameworks which seek to provide guidance to e-business implementers, while other infrastructures provide live services to help with authentication. Most of the latter today use PKI.
The frameworks mentioned below differ from vanilla commercial Certificate Authorities insofar as they seek to provide comprehensive support for transactions and for the implementation of transaction systems, usually in the specific context of a jurisdiction or industry sector.
Identity Management and Authentication Policy Frameworks
The US Government's main framework for selecting authentication technologies to match transaction requirements is its Electronic Authentication Guideline: Recommendations of NIST, Version 1.0.2
The US Personal Identity Verification (PIV) is more than a policy framework - it is a comprehensive new identity card system and suite of standards for federal government employees and contractors, driven by Homeland Security Presidential Directive HSPD-12. The peak standard is FIPS 201. See also About PIV and HSPD-12.
Australian Government Authentication Framework (AGAF)
Australian Government AUthentication Framework for Individuals (AGAF-I)
New Zealand Authentication Programme
"Live" authentication services -- Government
Estonia runs a comprehensive national PKI based around its smart identity card, and supporting many worlds best practice G2C applications including document lodgement and e-voting.
"Live" authentication services -- Private Sector
Identrust (formerly "Identrus") is a PKI program and shared infrastructure service for the global banking sector. The level of "full service" PKI offerings from Identrust is continuously evolving; they offer more than a policy framework.
Pan Asia Alliance is a consortium of Certification Authorities operating according to a common set of policies and procedures that specifically support online documentation for cross border trade between member jurisdictions.
CableLabs is a peak body for the Cable TV industry, which operates a PKI for embedded device certificates.