Difference between revisions of "Accreditation Service"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== A list of the enterprises and standards providers of Accreditation of trusted Enterprises or Web Sites. ==Context== On the trust page d...")
 
(Providers)
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
A list of the enterprises and standards providers of [[Accreditation]] of trusted [[Enterprises]] or [[Web Site]]s.
+
A list of the enterprises and standards providers of [[Accreditation]] of trusted [[Enterprise]]s or [[Web Site]]s.
  
 
==Context==
 
==Context==
Line 9: Line 9:
 
*Category is --tbd--. The rest are closed in the sense that users have limited control over the release of their information. Some provide OpenID as an option when an alternate is shown.
 
*Category is --tbd--. The rest are closed in the sense that users have limited control over the release of their information. Some provide OpenID as an option when an alternate is shown.
 
*Some sites are not [[Accreditation|Accreditors]], but try to create trust by other means.
 
*Some sites are not [[Accreditation|Accreditors]], but try to create trust by other means.
 
  
 
{|border="1" padding="2" width="799px"
 
{|border="1" padding="2" width="799px"
 
| Company || Location || Cat||  Recent News  
 
| Company || Location || Cat||  Recent News  
 
|-
 
|-
|AT&T || || Cloud|| First Responders
+
|Direct Trust||US||Health|| association of 121 health IT orgs to support secure, inter-operable Health info exchange.
|-
 
|[https://www.airsidemobile.com/ Airside] || Canada || Cloud || mobile passport for entering US from Canada
 
|-
 
|Alert Enterprise || || ||
 
|-
 
|Auth0 || Bellevue, WA ||Google ||Certified OpenID [https://www.geekwire.com/2018/auth0-raises-55m-fuel-identity-management-companys-international-expansion/ Auth0 raises $55M to fuel the identity management company’s international expansion] 2018-05-15
 
|-
 
|Authen2cate|| || ||IDEF registered
 
|-
 
|Amazon||Seattle||Closed||Mostly for ecommerce sites
 
|-
 
|CA Technologies || ||Closed and OpenID || SiteMinder (SSO and API gateway is Certified OpenID) part of Broadcom
 
|-
 
|Consentua || || || KI demo
 
|-
 
|Dell (RSA) || ||[https://en.wikipedia.org/wiki/RSA_SecurID SecurID] || Patented original time-based [[One-Time Password Authenticator]], only they could provide [[Authentication]] server or code while on patent
 
|-
 
|Digicert|| Utah ||CA ||IDEF registered
 
|-
 
|DigiMe || || ||  KI [[Consent Receipt]] demo
 
|-
 
|ENTRUST|| || ||used by First tech CU and others
 
|-
 
|Facebook|| ||  OpenID||
 
|-
 
|Forge Rock || ||OpenID || Certified OpenID
 
|-
 
|Google|| ||OpenID||Certified OpenID FIDO WebAuthN https://myaccount.google.com/
 
|-
 
|[https://www.globalid.net/ Global ID] || SF || DIDs || [https://www.americanbanker.com/news/neither-mad-max-nor-orwell-id-startup-walks-a-fine-line VC funded]
 
|-
 
|Gluu|| || || Certified OpenID
 
|-
 
|IBM || ||Premise || IBM Cognos Series 7
 
|-
 
|[http://identityserver.io/ Identity Server 4]||DE||OpenID or OAuth||Certified OpenID [https://github.com/identityserver also available as OSS]
 
|-
 
|ID.me|| || Affinity||IDEF registered
 
|-
 
|IDEMAI.COM|| || ||merger of Oberthur Technologies (OT) and Safran Identity & Security (Morpho) Augmented Identity is about using the biometric characteristics of each person as a unique signature of individual identity
 
|-
 
|[https://www.iwelcome.com/ iWelcome] || Europe||  || focus on [[User Consent]] and [[Privacy]]
 
|-
 
|Janrain|| || ||Certified OpenID but only for RP = purchased by Akamai 2019-01
 
|-
 
|Mastercard || || || [https://medium.com/@oxfordsbs/digital-identity-the-system-restore-of-trust-803120d7d67 Digital Identity: The System Restore of Trust]
 
|-
 
|Microfocus(NetIQ) || || ||
 
|-
 
|Microsoft AD || || Cloud and Premise||Certified OpenID [https://msdn.microsoft.com/en-us/library/bb897402.aspx Also ADFS federation service]
 
|-
 
|Microsoft Passport ||MSFT or Office||Closed or OpenID||Started with Hotmail now covers most MSFT products - Confusing naming in part because of two separate authorities created with release of Office360
 
|-
 
|MojeID||CZ||OpenID||Certified OpenID Will accept clients from anywhere in world
 
|-
 
|MorphoTrust eID|| || ||IDEF registered - now part of IDEMIA
 
|-
 
|Okta || || || [https://www.cnbc.com/2017/06/07/okta-shares-rise-as-sales-top-estimates-in-first-report-since-ipo.html Okta shares rise as sales top estimates in first report since IPO 2017-07-07]
 
|-
 
|Omada || || ||
 
|-
 
|One Identity || || ||
 
|-
 
|One Logon ||SV ||Premise Cloud || https://www.onelogin.com/status
 
|-
 
|Open Consent ||NY + UK || Sal + Mark || KI demo
 
|-
 
|Oracle || ||Premise Cloud || Certified OpenID for federation services
 
|-
 
|Ping Identity || SV || Premise OpenID ||Certified OpenID for federation services
 
 
|-
 
|-
|Privo|| || ||IDEF registered
+
| [https://www.hon.ch/en/ Health Online]||WHO||Health|| seems to be focused on the quality of the information rather than privacy and security
 
|-
 
|-
|Radiant Logic|| ||Premise ||also federated ID & CRM
+
|IDEF || US|| Commerce||Founded by NIST now part of Kantara
 
|-
 
|-
|[https://www.raidiam.com/ Raidiam]||UK|| ||
+
|EPCS for Prescribers||US||Health|| terms for creating an X.509 cert for prescribers
 
|-
 
|-
|[https://safenet.gemalto.com/ Safenet] || France|| MFA, cloud || Part of Gemalto and now Thales, in lots of security markets, including smart cards, absorbed Rainbow and Aladdin ID tokens
+
|NVLAP||US ||Crypto Devices|| [https://www.nist.gov/nvlap National Voluntary Laboratory Accreditation Program] NIST - originally just crypto devices from FIPS 140 and now common criteria
 
|-
 
|-
|SailPoint || || ||  
+
|Privo|| US|| U13 ||Child safe - Mark Anthony - Denise Tayloe
 
|-
 
|-
|Salesforce || || ||Certified OpenID, perhaps only for federation
+
|TRUSTED NETWORK || US ||Health|| [https://www.ep3foundation.org/trustednetworkaccreditation EP3 Foundation]
|-
 
|Savint || || ||
 
|-
 
|[https://specopssoft.com/resources/ Spec-Ops] || || || Password management
 
|-
 
|spring.io|| ||cloud ||java same? https://www.baeldung.com/spring-security-authentication-provider
 
|-
 
|[https://vip.symantec.com/ Symantec VIP]|| ||various||IDEF registered - used by Fidelity, Ebay, PayPal and others
 
|-
 
|Tozny, LLC|| || ||IDEF registered
 
|-
 
|Trunomi|| || || KI demo
 
|-
 
|Twitter|| ||OpenID||
 
|-
 
|[https://www.ubisecure.com/ UbiSecure] ||Europe || oauth or SAML|| KI demo - authorization
 
|-
 
|VASCO DataSecurity|| || ||IDEF registered as MYDIGIPASS
 
|-
 
|[https://veres.io/contact/ Veres] || || Verif Claims || From [https://digitalbazaar.com Digital Bazaar] Creates, resolves, validates [https://www.w3.org/TR/verifiable-claims-data-model/ verifiable claims]
 
|-
 
|Verizon || ||VZConnect || Certified OpenID, perhaps only for federation
 
|-
 
|Yahoo Verizon || || OpenID || Provider based on email account
 
 
|}
 
|}
  
Line 133: Line 38:
 
| [https://www.betteridentity.org/ Better ID Coalition] || || || Large US financial companies issued a [https://static1.squarespace.com/static/5a7b7a8490bade8a77c07789/t/5b4fe83b1ae6cfa99e58a05d/1531963453495/Better_Identity_Coalition+Blueprint+-+July+2018.pdf Report]
 
| [https://www.betteridentity.org/ Better ID Coalition] || || || Large US financial companies issued a [https://static1.squarespace.com/static/5a7b7a8490bade8a77c07789/t/5b4fe83b1ae6cfa99e58a05d/1531963453495/Better_Identity_Coalition+Blueprint+-+July+2018.pdf Report]
 
|-
 
|-
|[https://centerforcybersecuritypolicy.org/initiatives/ Center for Cybersecurity Policy] || || ||
+
|CAHIMS CPHIMS|| Health|| IT personnel||HIMMS - CAHIMS directed to IT professionals, CPHIMS management
 +
|-
 +
|CHTS||Health||IT personnel||AHIMA - American Health Information Management Ass.
 +
|-
 +
|[https://medicalinteroperability.org/ Center for Medical Interoperability]||Health|| Information||plug-and-play interoperability in healthcare, meaning the technologies clinicians use to take care of people can seamlessly exchange information
 +
|-
 +
|[https://centerforcybersecuritypolicy.org/initiatives/ Center for Cybersecurity Policy] ||Security ||Infrastructure ||
 +
|-
 +
|Certified EHR Tech||Health||Clerk?||CMS.gov - seems to just be standards
 +
|-
 +
|Certified healthcare constructor||Health||Clerk?|| American Hospital Assoc.
 
|-
 
|-
 
|Distributed ID  || || || One hundred point of identity
 
|Distributed ID  || || || One hundred point of identity
 +
|-
 +
|Electronic Health Record||Health|| Clerk?|| AMCA - may be for profit?
 
|-
 
|-
 
|[https://fidoalliance.org/ FIDO Alliance]|| || [https://fidoalliance.org/download/ UAF U2F]|| Fast ID Online 1.2 specs dtd 2017
 
|[https://fidoalliance.org/ FIDO Alliance]|| || [https://fidoalliance.org/download/ UAF U2F]|| Fast ID Online 1.2 specs dtd 2017
Line 141: Line 58:
 
|[https://kantarainitiative.org/ Kantata Initiative] ||Federations || UMA|| also Consent Receipt and IDEF
 
|[https://kantarainitiative.org/ Kantata Initiative] ||Federations || UMA|| also Consent Receipt and IDEF
 
|-
 
|-
|OAuth|| AuthZ|| ||Release under IETF
+
|HCISPP||Health||IT personnel|| focus on medical records, compliance officer and security or risk management
 +
|-
 +
|HL7||Health||unclear|| knows about FHIR?
 
|-
 
|-
 
|[https://openid.net OpenID Foundation] ||AuthN+AuthZ ||OpenID Connect || OpenID Foundation
 
|[https://openid.net OpenID Foundation] ||AuthN+AuthZ ||OpenID Connect || OpenID Foundation
 
|-
 
|-
|[[SAML 2.0]]||AuthN ||SAML2||OASIS-open.org original single sign on standard
+
|RHIA RHIT||Health||IT personnel|| AHIMA
 +
|-
 +
|[[SAML 2.0]]||AuthN ||SAML2||OASIS-open.org original [[Single Sign-On]] standard
 
|-
 
|-
 
|[http://www.tscp.org/about-tscp/ TSCP]|| || ||Transglobal Secure Collaboration Participation is a collaborative forum of worldwide stakeholders in the defense industry to address security issues
 
|[http://www.tscp.org/about-tscp/ TSCP]|| || ||Transglobal Secure Collaboration Participation is a collaborative forum of worldwide stakeholders in the defense industry to address security issues
 
|-
 
|-
 
|W3C Credential Community Group ||Decentralized||eg Public Ledger || [https://w3c-ccg.github.io/did-spec/ DID], [https://www.w3.org/TR/verifiable-claims-data-model/ verifiable claims] sponsored by blockchain providers
 
|W3C Credential Community Group ||Decentralized||eg Public Ledger || [https://w3c-ccg.github.io/did-spec/ DID], [https://www.w3.org/TR/verifiable-claims-data-model/ verifiable claims] sponsored by blockchain providers
|-
 
|Web AuthN ||IAP or RP ||aka FID02 ||released under W3C
 
|-
 
|Univ. of MD|| ||Closed ||IDEF registered, supports Internet2 SAML federation
 
 
|}
 
|}
  
 
==References==
 
==References==
 
+
* See the wiki page [[Federation Trust Registry]] for ideas on how to present the results of an [[Accreditation Service]].
  
 
[[Category:Profile]]
 
[[Category:Profile]]
 
[[Category:Trust]]
 
[[Category:Trust]]

Latest revision as of 14:32, 4 November 2021

Full Title or Meme

A list of the enterprises and standards providers of Accreditation of trusted Enterprises or Web Sites.

Context

On the trust page different roles are defined for Entities.

Providers

The following table is the known trust mark providers and some of their characteristics. Updates and corroboration are encouraged.

  • Category is --tbd--. The rest are closed in the sense that users have limited control over the release of their information. Some provide OpenID as an option when an alternate is shown.
  • Some sites are not Accreditors, but try to create trust by other means.
Company Location Cat Recent News
Direct Trust US Health association of 121 health IT orgs to support secure, inter-operable Health info exchange.
Health Online WHO Health seems to be focused on the quality of the information rather than privacy and security
IDEF US Commerce Founded by NIST now part of Kantara
EPCS for Prescribers US Health terms for creating an X.509 cert for prescribers
NVLAP US Crypto Devices National Voluntary Laboratory Accreditation Program NIST - originally just crypto devices from FIPS 140 and now common criteria
Privo US U13 Child safe - Mark Anthony - Denise Tayloe
TRUSTED NETWORK US Health EP3 Foundation

Non-profits

Note that some of these organizations are just associations of large Enterprises.

Name Type Category Notes
AAMVA Attribute driver's license just verifies information at state Identity providers
Better ID Coalition Large US financial companies issued a Report
CAHIMS CPHIMS Health IT personnel HIMMS - CAHIMS directed to IT professionals, CPHIMS management
CHTS Health IT personnel AHIMA - American Health Information Management Ass.
Center for Medical Interoperability Health Information plug-and-play interoperability in healthcare, meaning the technologies clinicians use to take care of people can seamlessly exchange information
Center for Cybersecurity Policy Security Infrastructure
Certified EHR Tech Health Clerk? CMS.gov - seems to just be standards
Certified healthcare constructor Health Clerk? American Hospital Assoc.
Distributed ID One hundred point of identity
Electronic Health Record Health Clerk? AMCA - may be for profit?
FIDO Alliance UAF U2F Fast ID Online 1.2 specs dtd 2017
Kantata Initiative Federations UMA also Consent Receipt and IDEF
HCISPP Health IT personnel focus on medical records, compliance officer and security or risk management
HL7 Health unclear knows about FHIR?
OpenID Foundation AuthN+AuthZ OpenID Connect OpenID Foundation
RHIA RHIT Health IT personnel AHIMA
SAML 2.0 AuthN SAML2 OASIS-open.org original Single Sign-On standard
TSCP Transglobal Secure Collaboration Participation is a collaborative forum of worldwide stakeholders in the defense industry to address security issues
W3C Credential Community Group Decentralized eg Public Ledger DID, verifiable claims sponsored by blockchain providers

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Accreditation_Service&oldid=12770"