by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2013
GCN JANUARY 2013 • GCN.COM 19 said Pat Reilly, Resilient's executive vice president for business development. "We are working with ID providers," such as the American Medical Association and local school systems, to verify attributes of users. The relying party will set and enforce policies for access requirements, and a trust broker using those policies will verify attributes with multiple identity providers. Encryption and other schemes will hide the personally identifiable information used by the trust broker as well as the context of the access being requested, providing privacy for the end users. The two pilots will be: • Patient-Centric Coordination of Care, which will provide multi-factor authen- tication of patients, physicians and staff for two information health exchange organizations, the San Diego Beacon eHealth Community in California and Gorge Health Connect in Oregon. • Zero-Knowledge Identity and Privacy Protection Service, which will provide authentication for students, parents and teachers in compliance with the Family Education Rights and Privacy Act and the Children's Online Privacy Protection Act. The Trust Network already is in use by customers using it with trusted partners, Reilly said. "This is a significant leap for us. This truly brings it into the wild." The pilots are expected to be in operation by summer and be wrapped up in October. Participating in the healthcare pilot are the AMA, Aetna, the American Col- lege of Cardiology, ActiveHealth Man- agement, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Commu- nity, Gorge Health Connect, the Kantara Initiative and the National eHealth Col- laborative. Participating in the educational pilot are the National Laboratory for Educa- tion Transformation, LexisNexis, Neus- tar, Knowledge Factor, Authentify Inc., Riverside Unified School District, Santa Cruz County Office of Education and the Kantara Initiative. This consortium of education and research institutions known as Internet2 will work with five member universities to help develop and deploy a set of tools to enable attribute-centric authentication."Our work is a little different" from other NSTIC pilot programs, said Ken Klingenstein, Inter- net2's senior director of middleware and security. It is not establishing the viability of a business model or scheme, but of an infrastructure for preserving privacy dur- ing authentication. Attributes are characteristics associ- ated with people that can be verified to allow access to online resources. These can include things such as age or age range (Over 18? Under 13?), location or residence, eligibility for services, or medi- cal conditions. Often only one or a few of these attributes need to be authenticated, and do not need to be coupled with identi- fying information to allow access. The components for the pilot are: • Privacy Manager: User friendly software to allow users to control what attributes are released for authentication. • Anonymous Credentials: Attributes are encrypted so that not even the identity provider used to verify them has access to them. "This is a mixed bag," because it can be used to mask information that might be needed, Klingenstein said. • Citizen-centric Schema: Groupings of attributes commonly used for interaction with government at all levels, bundled to simplify the use of only necessary informa- tion. • Application Categorization: A system for verifying that an application request- ing authentication is verifying only those attributes that it needs. The goal is to have commercial services that could provide a seal of approval to online applications that are known to behave appropriately. Participating in the Internet2 pilot are Carnegie Mellon University, Brown University, the University of Texas, the Massachusetts Institute of Technology and the University of Utah. • Highest hurdles to trusted ID adoption Privacy. Organizations providing and authenticating online credentials must be able to exchange information with parties relying on those credentials while maintaining the user s privacy. Exposure of personal information must be limited. Usability. Any widely adopted scheme must be easy both for end users and relying parties to manage. Maintaining secure passwords for multiple accounts already is a headache; multi-factor authentication can be even more cumbersome. "In the commercial space, it s a hard sell," Grant said. Interoperability. This is tied to cost as well as scalability. It can be di cult to justify the expense of single-use credentials. Standards-based, interoperable schemes can increase value by making them accepted for multiple purposes. Liability. Who is responsible when something goes wrong? Industry wants a level of regulatory certainty so that financial risk can be identified, mitigated and accepted, and this will require laws and regulations. --- William Jackson 5 Project Goal: Attributes for authentication Project Manager: University Corpo- ration for Advanced Internet Devel- opment (Internet2) Grant: $1,840,263