Versions Compared

Old Version 1

changes.mady.by.user Unknown User (nikolas.reineke)

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (nikolas.reineke)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Announcements

  • Thank you for your participation!! As of January 9th, 2013, the esMD AoR Digital Credentials White Paper has been finalized. The document below as well as the text embedded within the Digital Credentials White Paper Wiki reflect updates that were proposed and agreed upon during the formal Consensus Process. Please contact the Workgroup Lead or Support Lead if you have any remaining questions or concerns.

Table of Contents

Works Approved Through Consensus

DateArtifact NameArtifact Links
1/9/2013esMD AoR L1 SWG Report - Digital Credentials Management

Works in Progress

Artifact NameDescription/PurposeStatusCurrent Status/
Last Updated		ReviewersTarget Date for Completion
Digital Credentials Draft White PaperExpansion upon AoR L1 UC and input for AoR L1 HarmonizationDraft11/9/2012 December 1, 2012

Meeting Materials

Meeting DateMeeting MaterialsPresentation MaterialsMinutesView Meeting Recordings
December 5, 2012Meeting MaterialsMeeting Presentation (.pptx)  
November 28, 2012Meeting MaterialsMeeting Presentation (.pptx) (intro slides) View on Vimeo
November 21, 2012MEETING CANCELLED
November 14, 2012Meeting MaterialsMeeting Presentation (.pptx) (intro slides)Meeting Minutes (.docx)View on Vimeo
November 7, 2012Meeting MaterialsMeeting Presentation (.pptx) (intro slides)Meeting Minutes (.docx)View on Vimeo
October 31, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 24, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 17, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 10, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
October 3, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
September 26, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo
September 19, 2012Meeting MaterialsMeeting Presentation (.pptx)Meeting Minutes (.docx)View on Vimeo

Reference Materials

Standards

Document LinkDescriptionVersion/Date
NIST SP 800-63-1 (PDF)NIST Electronic Authentication Guideline RecommendationsDec 2011
NIST SP 800-57 Part 1 (PDF)NIST Recommendations for Key Management - Part 1: GeneralRevision 3
July 2012
FBCA X.509 Certificate Policy (PDF)X.509 Certificate Policy for the Federal Bridge Certification AuthorityVersion 2.25
Dec 9, 2011
ITU-T Recommendation X.509Information technology – Open systems interconnection – The Directory: Public-key and attribute certificate frameworksNov 2008
OMB M-04-04 (PDF)E-Authentication Guidance for Federal AgenciesDec 16, 2003
FIPS PUB 140-2 (PDF)Security Requirements for Cryptographic ModulesMay 25, 2001
FIPS PUB 199 (PDF)Standards for Security Categorization of Federal Information and Information SystemsFeb 2, 2004
IETF RFC 5055Server-Based Certificate Validation Protocol (SCVP)Dec 2007
IETF RFC 5280Internet X.509 PKI Certificate and CRL ProfileMay 2008
IETF RFC 6712Internet X.509 PKI - HTTP Transfer or Certificate Management ProtocolProposed Standard
Dec 2012
FICAM Roadmap / Implementation Guide (PDF)Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation GuidanceVersion 2.0
Dec 2, 2011
FPKIPA Applicant Requirements (DOC)Federal Public Key Infrastructure Certification Applicant RequirementsVersion 1.0.6
May 1, 2012

 

Industry Implementations

Document LinkDescriptionVersion/Date
SAFE-BioPharma Expert Panel Report (PDF)Interoperable Digital Identity Management in the Electronic Exchange of Health InformationDec 17, 2007

 

White Papers/Industry Reports

Document LinkDescriptionVersion/Date
INCIT Study Report (PDF)Study Report on Biometrics in E-Authentication, InterNational Committee for Information Technology StandardsMar 30, 2007

 

Federal Requirements

Document LinkDescriptionVersion/Date
RMH Vol. III Standard 3-1 AuthenticationCMS Risk Management Handbook Volume III, Standard 3.1:
CMS Authentication Standards		Version 1.2
Jul 31, 2012


See all Author of Record SWG reference materials on the esMD Reference Materials page.

Workgroup Details

 

Objective:

Define required process for issuing and managing digital credentials for esMD.

Makeup:

 

Requirements:

  • NIST SP 800-63-1 Level 3 Authentication (December 2011)
  • Federal Bridge Certification Authority (FBCA)
  • Digital Certificates must be X.509v3+ based
  • Must be from CA cross-certified with FB
  • Must provide for non-repudiation as part of the credentials and artifacts

 

In Scope:

  • Digital credential life cycle
  • Relevant standards
  • Policy issues regarding digital credentials

 

Out of Scope:

  • Identity Proofing
  • Digital Signatures

 

Deliverable: Summary White Paper

  • Assumptions
  • Statement of Problem
  • Recommended Solution(s)
    • Review of Standards (e.g., NIST, FBCA, FICAM)
    • CA qualifications and list
    • Issuance process
    • Credential types and forms
    • Credential uses (Identity, Signing, Proxy, Encryption, Data Integrity)
  • Specific use credentials (e.g., Direct, DEA)
  • Maintenance requirements
  • Revocation process
  • Trust anchor validation
  • Non-repudiation assurance
  • Identify gaps in current policy impacting Digital Credentials
  • References