British Business Federation Authority

FAQs

  • What is Federated Trust? Federated trust is where two or more organisations each have their own identity management systems that issue credentials to employees. To be able to collaborate and do business together, they need to be able to trust each other's credentials for authentication and authorisation. They do this by agreeing to abide by a Common Policy and participate in a collaborative governance regime that defines the Common Policy and supporting policies, procedures and mechanisms. They also agree to the audit and enforcement policies. Once approved, each organisation is able to federate with all others in the federation. It's just like a club where members agree to abide by the rules so they can benefit from the club.
  • What kinds of federation are there? It depends on the Level of Assurance of the authentication that is required - the higher the trust required, the higher the Level of Assurance.  To authenticate employees in regulated industries demands non-repudiation that will stand up in a court of law, which is Level 3 or 4.  PKI Federation is the most widely used technology and provides for end-to-end strong authentication, based on Path Discovery & Validation (PDVal).  Other, less legally robust, options include a policy-based model, where policies exist to deal with violations, and brokers.  A broker is an intermediary that acts to validate a request for access to another party's data; brokers are not normally used where non-repudiation is a vital requirement as they cannot support PDVal.
  • What are the drivers for Federated Trust?  There are many drivers and they vary by industry sector. The main ones are:
    • Regulatory Compliance. Companies have to comply with legislation, regulations and contractual policies or risk penalties for violation, which can cost hundreds of millions of pounds, and result in imprisonment and debarment. Trust demands compliance.
    • Complexity. Several industries have complex supply chains, where the prime contractor needs to ensure trust down the supply chain for reasons of regulatory compliance and to protect intellectual property of all participants. Each subcontractor wants to be trusted if they wish to remain competitive.
    • Standards. The number of international programmes that have contracts demand federated trust standards is slowly increasing, particularly for US aerospace and defence contracts. This requirement is expected to become more prevalent.
  • What are the key behaviours participants expect of BBFA?
    • For the BBFA to be trustworthy and to support trustworthiness in its member companies, service providers and individuals.
    • For the Steering Group to set agreed collaborative requirements
    • To ensure policies, procedures and mechanisms exist to enable federated trust
    • To evolve policies aligned with enabling technologies to support business change
    • To measure, accredit and enforce the implementation of such policies
    • To promote, socialise, communicate and deliver federated trust
    • To encourage the implementation of new business services that build on federated trust and secure collaboration.

Latest News:

News 2013.

  • 28/29 May.  EU host Transition & Implementation meeting for Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA)
  • 15 May. BBFA presents "Embedding Cyber Security across the Value Chain" to the TMForum Summit in Nice
  • 8 May. IBM host industry ad hoc on a potential British Standard for Identity Proofing & Verification. Decision to act is deferred 3 months.
  • 7 May. BBFA participates in closed Chatham Ho on space & Cyberspace.
  • 2 May. BBFA on panel at SANS Summit. 
  • 25 Apr. US DHS and BBFA discuss STIX and TAXII for CCSA
  • 24-6 Apr.  US and UK(BBFA) present ISO 29003 WD1 to ISO SC27 WG5 national bodies.
  • 18 Apr. BBFA-NZ Gov discussions on CCSA
  • 20 Mar.  BBFA-Intellect mutual update
  • 19 Mar. MNE7 Transition Meeting announced 28/29 May @Brussels 
  • 12 Mar.  Multinational CCSA Proof of Concept planning (Collaborative Cyber Situational Awareness)
  • 8 Mar. Cabinet Office host UK IPV WG Start Up meeting
  • 25 Apr.  ISO SC27 WG5 and ETSI meeting in France, including ISO 29003 and 29115 
  • 15 Apr. Informal BBFA discussions with NZ Gov
  • 8 Mar. Cabinet Office & industry meeting on UK IPV standard development
  • 5 Mar. MNE7-EU discussions @Brussels
  • 19-21 Feb.  MNE7 Cyber Transition Workshop to create a new multinational organisation to implement Collaborative Cyber Situational Awareness (CCSA)
  • 12 Feb.  BBFA Policy Management Authority progresses federation policies for the UK PKI Bridge
  • 12 Feb.  UK NAO announce NAO Report: UK Cyber Security Strategy Landscape Review
  • 7 Feb. EU announce the EU Cyber Security Strategy, a Directive and supporting documents.
  • 5 Feb. BBFA presents at ISSA Europe, focusing on cybersecurity, alongside ENISA, DG CONNECT, EUROPOL and others.

News Archive 2012.

News Archive 2010.

User Login