Deprecation of TIBO/TIB Support

NIEF has officially deprecated support for the Trusted Identity Broker Organization (TIBO) membership role. A TIBO was a type of NIEF membership through which an agency could operate a Trusted Identity Broker (TIB) software service and thereby act as an identity broker for one or more other, non-NIEF-member agencies, enabling users from those agencies to gain access to resources offered by NIEF Service Provider Organizations (SPOs).

We previously supported the TIBO concept because it appeared to offer an appealing solution to “inter-federation” scenarios, in which users from one identity federation could reuse their identities across federation borders, within a different identity federation. But we discovered that the TIBO/TIB identity brokering model carries unacceptable consequences in terms of legal liability for NIEF and its member agencies. In lieu of the TIBO/TIB model, NIEF now supports a trustmark-based approach that enables many aspects of “inter-federation” connectivity without these legal limitations.

Announcing Availability of Apiary to NIEF Members

GTRI is proud to announce the availability of Apiary as a new service provider on NIEF.

Apiary is an automated framework for malware analysis and threat intelligence that combines “crowd-sourced” data collection with a centralized set of sophisticated analysis tools for the benefit of all its users. Members of the Apiary vetted community can anonymously upload malware, or suspected malware, and benefit from Apiary’s ongoing in-depth malware correlation and behavior analysis algorithms. The results of Apiary’s analysis are delivered automatically within a secure information sharing environment. The Apiary and its community are an ideal resource for analysts and investigators who deal with cyber crime, as well as all companies and agencies that are trying to protect their organization’s IT assets from malware.

Apiary was developed by GTRI’s Cyber Technology and Information Security Laboratory (CTISL), and is now available to all users within NIEF. It is available via the NIEF Portal or directly via SAML Single Sign-On with your NIEF Identity Provider (IDP) at https://nief.apiary.gtri.gatech.edu/.

To gain access to Apiary, your IDP must provide your first name, last name, email address, and employer name for UI customization and account provisioning purposes, but this data is not shared with any other users of Apiary, and therefore preserves the anonymity of both your employer and you as an individual as you use Apiary’s tools and features. Apiary is currently planning to offer additional capabilities and features at a cost, but the core functionality of the Apiary tool is available to NIEF users at no charge.

NIEF Identity Provider Organizations (IDPOs) may need to update their local trust configuration to add Apiary as a new trusted Service Provider (SP). (Those IDPOs that have deployed the Shibboleth IDP software need not take any action, as Shibboleth automatically refreshes its trust configuration based on updates to the NIEF Trust Fabric.) For those who need to update their configuration manually, the NIEF Trust Fabric is available here.

https://nief.org/trust-fabric/nief-trust-fabric.xml

Within the NIEF Trust Fabric, the Apiary entry can be found by searching for the entity ID “https://nief.apiary.gtri.gatech.edu/shibboleth”.

If you have any questions about Apiary and NIEF, or if you encounter any problems while trying to configure your IDP for access to Apiary, please contact us at help@gfipm.net.

Announcing the NIEF QuickStart Program

Together with the Georgia Tech Research Institute (GTRI) and the National Association of State Chief Information Officers (NASCIO), NIEF is pleased to announce the NIEF QuickStart program.

Under this program, GTRI and NASCIO will select a small group of government agencies from among the U.S. State, Local, Tribal, and Territorial (SLTT) government community, and GTRI will assist selected agencies by facilitating and shepherding them through NIEF’s formal on-boarding process. It is expected that the selected on-boarding projects will be completed in approximately twelve (12) months.

Agencies interested in submitting a readiness assessment to be considered for participation in the NIEF QuickStart Program can go to http://www.surveymonkey.com/s/R8Z7CBN and submit an assessment profile online.

For more information, including NASCIO and GTRI contacts who can answer your questions, please download and review the NIEF QuickStart Program Summary.