Sponsored Links
-->

Sunday, June 3, 2018

Centrify Agent for Windows 2017.3 - Self-Service Password Reset ...
src: i.ytimg.com

A Credential Service Provider (CSP) is a trusted entity that issues security tokens or electronic credentials to subscribers. A CSP forms part of an authentication system, most typically identified as a separate entity in a Federated authentication system. A CSP may be an independent third party, or may issue credentials for its own use. The term CSP is used frequently in the context of the US government's eGov and e-authentication initiatives. An example of a CSP would be an online site whose primary purpose may be, for example, internet banking - but whose users may be subsequently authenticated to other sites, applications or services without further action on their part.


Video Credential service provider



History

In any authentication system, some entity is required to authenticate the user on behalf of the target application or service. For many years there was poor understanding of the impact of security and the multiplicity of services and applications that would ultimately require authentication. The result of this is that not only are users burdened with many credentials that they must remember or carry around with them, but also applications and services must perform some level of registration and then some level of authentication of those users. As a result, Credential Service Providers were created. A CSP separates those functions from the application or service and typically provides trust to that application or service over a network (such as the Internet).


Maps Credential service provider



CSP Process

The CSP establishes a mechanism to uniquely identify each subscriber and the associated tokens and credentials issued to that subscriber. The CSP registers or gives the subscriber a token to be used in an authentication protocol and issues credentials as needed to bind that token to the identity, or to bind the identity to some other useful verified attribute. The subscriber may be given electronic credentials to go with the token at the time of registration, or credentials may be generated later as needed. Subscribers have a duty to maintain control of their tokens and comply with the responsibilities to the CSP. The CSP maintains registration records for each subscriber to allow recovery of registration records.

In an e-authentication model, a claimant in an authentication protocol is a subscriber to some CSP. At some point, an applicant registers with a Registration Authority (RA), which verifies the identity of the applicant, typically through the presentation of paper credentials and by records in databases. This process is called identity proofing. The RA, in turn, vouches for the identity of the applicant (and possibly other verified attributes) to a CSP. The applicant then becomes a subscriber of the CSP. The CSP establishes a mechanism to uniquely identify each subscriber and the associated tokens and credentials issued to that subscriber. There is always a relationship between the RA and CSP.


Steps to configure SAML 2 on Weblogic Server 10.3.0 | It's all ...
src: blogbypuneeth.files.wordpress.com


Importance

CSPs can establishes confidence of a user identity through an electronic authentication process. As a result, some regulatory agencies can ask individuals to proof their identities through a CSP. Today, regulatory agencies require physicians to be authenticated electronically before physicians can issue any prescription for controlled dangerous substances (CDS). Physicians have to seek for federally approved CSPs in order to receive a two-factor authentication credential or digital certificates. The CPSs conduct identity proofing that meets National Institute of Standards and Technology Special Publication 800-63-1 Assurance Level 3.


HOWTO setup @Veeam Cloud Connect Backup | Doctor Dave
src: doctordaveblog.files.wordpress.com


CSP and the US Government

The federal government is currently the CSP for e-government transactions. However, the government plans to focus all their attention in the applications and leave the credential management business to other industries.

In 2004, the US government proposed an E-authentication initiative. The goals of the initiative include:

  • Build and enable mutual trust needed to support widespread use of electronic interactions between the public and the US Government.
  • Minimize the burden on the public when obtaining trusted electronic services from the government.
  • Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business risks.

As a result of this initiative, campuses may start offering to student, faculty and staff access to certain federal applications. However, before this happens, the government will impose the following requirements:


Credly Closes $4.6 Million - NewsCenter.io
src: i2.wp.com


FedFed Membership requirements for levels 1 & 2

  • Credential Assessment
  • Signing Business and Operating Rules
  • Technical Interoperability at SAML 1.0

The new service world of managing physical and mobile credentials
src: blog.nxp.com


FedFed Membership requirements for levels 3 & 4

  • Cross-certification with Federal PKI

Adding Azure PAYG Cloud Service Credentials | Jamcracker Inc.
src: docs.jamcracker.com


Service Provider Requirements to Join Federal Federation Directly

Those services provides wishing to join the Federal Federation Directly will have to agree with:

  • eAuthentication Business and Operating rules in
    • Risk Analysis
    • Service levels
    • Security levels?
    • Compliance with FIPS and NIST SPs
    • Reporting requirements
  • Procedural, audit and documentation requirements.

Service Provider Presentation - ppt video online download
src: slideplayer.com


Providers

Below is a short list of some CSPs with a short description of the services they provide.

Equifax

Equifax provides credentialing solutions certified that meet Federal security and privacy requirements. Equifax offers beyond basic name and address identification credential. Equifax provides methods of discerning an electronic identity in order to ensure that only trusted users have access to sensitive data and secure networks.

MediQuin

MediQuin is a credential service provider located in Irvine, California. MediQuin provides Medical Credentialing, provider applications, enrollment forms, verification services, and other medical related credential services.

Med Advantage

Med Advantage provide numerous verification services.

  • Board Certification - Verify Current certificate level
  • Criminal Background - Verify State and/or Federal Criminal History
  • DEA/CDS Registration - Verify by NTIS and/or by certificate
  • Education - Verify Medical Education & Post graduate Education
  • FSMB - Query The Federation of State Medical Boards
  • License- Verify State license(s)
  • Malpractice Claims - Verify from the carrier
  • Malpractice Insurance - Verify from the Carrier or Certificate
  • NPDB - Query The National Practitioner Databank
  • HIPDB - Query The Healthcare Integrity and Protection Databank
  • Privileges - Verify Hospital admitting Privileges and Delineation of Privileges
  • References - Verify Professional references
  • Sanctions - Query Medicare/Medicaid and State License
  • Work History - Extract Work History from the Curriculum Vitae

Identity Summit 2015: Connect gov and Identity Management Systems ...
src: i.ytimg.com


Costs

Below is a table that shows the approximate cost for a Credential Service Provider in different Categories.


ShareCredentials - Document Exchange Network
src: www.sharecredentials.com


The Kantara Initiative

The Initiative Identity Assurance Accreditation and Approval Program is a Kantara program that tries to use CPS in order to provide to private sectors with better reliable digital credentials.


J Jensen, STFC Chief Soapbox Officer 23 May ppt download
src: slideplayer.com


Windows

Windows uses CSP to implement authentication protocols. With Windows Vista, a new authentication package called Credential Security Service Provider (CredSSP) was introduced. CredSSP uses the client-side CSP to enable applications delegate user's credentials to the target server.


6/19 | Kantara Workshop: The Kantara Consent Receipt | CIS 2017 ...
src: i.ytimg.com


References

Source of article : Wikipedia