TSCP: Test trusted credentials for financial services
Awarded in 2013
20 November, 2015
category: Corporate, Digital ID, Government, Smart Cards
The Transglobal Secure Collaboration Participation Inc. (TSCP) was awarded $1.26 million in 2013 to deploy trusted credentials for conducting secure transactions among small and medium-sized businesses and financial service companies, such as Fidelity Investments and Chicago Mercantile Exchange. TSCP was charged with developing an open source, technology-neutral Trust Framework Development Guidance document to help guide cross-sector interoperability of online credentials.
TSCP is a non-profit technical trade association that relies on a government-industry partnership to accomplish managed trust through a federated Trust Framework. The association consists of defense industry stakeholders who want to address security issues, like finding ways to securely share documents and trust each other’s issued credentials.
“TSCP has graduated from our second year NSTIC funding, and we are offering an operational Trust Framework to our members,” says Keith Ward, president and CEO at TSCP.
Objectives
- Increase use of secure credentials for commercial Internet transactions
- Expand a community Trust Framework to encompass other communities within the Identity Ecosystem
- Enable operational federation through a commonly developed and accepted multi-lateral agreement model
- Unify PKI and non-PKI Trust Framework
Outcomes
- Piloted PIV-I credentials with Fidelity’s Net Benefits application to prove the technical capability of using strong corporate credentials to access 401k accounts
- Built out the TSCP Trust Framework for levels of assurance two through four
- Created the Trust Framework Development Guide
- Pinpointed the challenges of large financial organizations adopting federated identity solutions
Lessons learned
Using a trust framework from one market in another can make deployment a little easier, says Ward. “Using an existing trust framework proven in one sector as the basis for a trust framework for another sector accelerates the development process,” he explains. “Using TSCP’s Trust Framework as a base combined with our experience, we could explain and bootstrap individuals up to a common level of understanding.”
Education for executives is requisite for federated ID systems. “Do not underestimate the need for significant Identity Access Management education for the decision makers. Many organizations are not organized to focus on identity management,” Ward says. “As a result, there is typically no cohesive set of internal policies and standards. Performing real-time technology demonstrations and a pilot is key to opening meaningful dialogue with relying party decision and policy makers.”