Starting Off Phase I - Identity vs. Digital Identity ► Identity Who you are as an individual Does not change nor expire ► Digital Identity Digital representation of your identity Represented by identifiers, credentials, and attributes Can expire, depending on context 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Starting Off Phase I - Identity vs. Digital Identity
► Identity
Who you are as an individual
Does not change nor expire
► Digital Identity
Digital representation of your identity
Represented by identifiers, credentials, and attributes
Can expire, depending on context
1
Important Considerations of a Digital Identity
► Context
Must be useful, relevant, trustworthy
Must uniquely identify a subject within a given context
In our case, within a specific Agency
► Consistent
Must be able to be referenced uniformly across applications
Where unique identifiers are not supported, mappings must be established
► High Assurance
Trust that a Digital Identity represents an Identity
Requires Identity Proofing, Vetting, and Adjudication
2
Building a Digital Identity – Step 1
► Create an Identifier
UUID – Universally Unique Identifier
Unique for all in-scope personnel
► Open Question – 1:1 Mapping?
Should an Identity within the Agency map to one, and only one Digital Identity?
When to assign UUID?
Collisions/Duplications?
Merging/reconciliation process?
Benefits of 1:1 Mapping
Increased security & assurance
Simplified maintenance
3
Building a Digital Identity – Step 2
► Establish Authoritative Attribute Sources
On-Boarding Systems
Background Investigations
Others?
► Important Considerations:
Should only be one source per attribute
Are policies in place defining which source is “authoritative”?
4
Building a Digital Identity – Step 3
► Build Credentials
PKI Certificate(s)
PIV Card
FAC – Facility Access Card
FLAC – Facility & Logical Access Card
► Open Question – Include UUID?
Would map back to Digital Identity
Requires modifications of current processes
If done, would help streamline credentialing process
► These credentials would become Authoritative Attributes in a Digital Identity
5
Building a Digital Identity – Step 4
► Application/System Specific Attributes
Only referenced within a specific context
User ID
Role
Legacy/proprietary application support
► Next: What does an ICAM Target Architecture look like?
Authoritative Identity Service (AIS)
6
ICAM Target Architecture – Putting Digital Identities to Work
7
ICAM Target Architecture – Digital Identity Records
8
Adjudication Results
Human Resources Attributes
Personal Identity Verification (PIV) Credential Attributes