FCCX Update – Federal Cloud Credential Exchange

From IIW

Session Topic: FCCX Update - Federal Cloud Credential Exchange

Wednesday 3G

Conveners: Joni Brennan + Jim

Notes-taker(s): Joni Brennan

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Overview of FCCX History, Vision, and Structure:

James Shiere provided an overview of the Federal Cloud Credential Exchange structure and high level goals. The structure was put in place to enable easier on boarding of US Federal Agencies (RPs) to connect with Approved Credential Service Providers aka CSPs (IdPs). The project is an activity that is driven by NSTIC NPO, ICAM and USPS. USPS is the contract manager who put out the RFP and awarded contract to SecureKey to implement the FCCX.


Assurance Program to Join FCCX:

Joni Brennan provided an overview of the Assurance Approval that CSPs who would wish to prove eligibility to FCCX. Once a CSP has been approved by a TFP (Kantara Initiative for example) that CSP is eligible to be consider for addition to GSA procurement list. GSA ICAM has final authority to make judgment regarding the approriateness of an IdP to connect to FCCX. One Example of this type of situation: an off-shore gambling site may be able to meet the criteria and requirements as laid out by ICAM and organizations like Kantara Initiative. However that type of organization may be deemed inappropriate for connection to FCCX based on context of their services.


Current Progress:

FCCX is on track to launch in January of 2014. Previously TFP approved CSPs are very likely the first candidates who will be considered for connection. Kantara Initiative has approved 3 high assurance providers and one low assurance provider. The list grows.


Comments:

"It would be great if the health care industry could make use of something like FCCX." While it is possible that FCCX may extend or that new iterations of FCCX like services may be created there is currently no clear answer regarding possibility to extend FCCX for health care industry scenarios. It's something to consider and discuss further.


Joni Brennan may be contacted for further information and interest - joni@ieee-isto.org