Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

Slides:



Advertisements
Similar presentations
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Advertisements

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update
Ongoing Efforts to Build The US Federal PKI Bridge
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
Shibboleth Update a.k.a. “shibble-ware”
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.
Bridge-to-Bridge Working Group (BBWG) Debb Blanchard, Cybertrust EDUCAUSE Federal and Higher Education PKI Coordination Meeting June 16, 2005 The Fairmont.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
The InCommon Federation The U.S. Access and Identity Management Federation
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.
(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Government-University Identity Management Opportunities Peter Alterman, Ph.D. Chair, U.S. Federal PKI Policy Authority and Assistant CIO/E-Authentication,
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
E-Authentication briefing for 11th Fed/Ed PKI Meeting Thursday June 16th, 2005.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Federal Identity Management Overview and Current Status Dr. Peter Alterman, Chair Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Cross-sector and user-centric AAI
Privacy, Security, and Identity Management Update
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
Presentation transcript:

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority

Wilmington, NC November HSPD-12 Mandates all Federal Agencies issue ID credentials using FIPS-201 identity proofing procedures beginning 10/05 Mandates all Federal Agencies begin issuing SmartCards with medium assurance digital certs by 10/06 Authorization remains a local prerogative

Wilmington, NC November E-Authentication Initiatives –Assessment Framework for Credentials: evaluating the level of assurance (LOA) of identity of credential service providers –Membership in Liberty Alliance –Frequent meetings with Microsoft –Interfederation Interoperability Project with Cybertrust and Internet2/Shibboleth team

Wilmington, NC November E-Authentication: CAF Credential Assessment Framework consists of the following: –A structured methodology and procedures for evaluating the LOA of a CSP’s credentials –An assessment team that goes out and evaluates CSPs –A process for conflict resolution –Posting CSPs and their credential LOAs to a trust list (unfortunate term) on the website

Wilmington, NC November E-Authentication: Interfed Interop inCommon Higher Education Identity Federation –Using Shibboleth middleware technical protocols –Policy-light E-Authentication US Identity Federation –Using a variety of technical protocols –Policy intensive

Wilmington, NC November What Are Electronic Identity Federations? Associations of electronic identity credential providers and credential consumers (electronic service providers) who: –Agree to trust each others’ credentials; –Agree to hold credential providers authoritative for the validity of their credentials; –Agree to use common communications protocols and procedures to enable interoperability –Agree to common business rules

Wilmington, NC November Purpose of Electronic Identity Federations To enable trusted electronic business transactions between end users and service providers where the service provider does not have to issue and manage identity credentials, including attributes. It’s all a matter of scaling.. No, it’s also a matter of control

Wilmington, NC November Characteristics of Identity Federations Credential providers Service providers Standards and protocols for technical interoperability among credential providers, services providers, end users and infrastructure utilities A governance mechanism to assert common business rules, ensure credentials can be used and trusted by all members of the federation and a central control point for entry and exit of members

Wilmington, NC November Accomplishments to Date Demonstration of proof of concept for technical interoperability of identity credentials and utilities: E-Authentication SAML 1.0 and Shibboleth 1.2 Production-level interoperability built into Shibboleth 1.3 (in beta) Extensive groundwork done on identifying policy and procedure mapping/treaty requirements Credential Assessment of 3 Universities, fourth scheduled

Wilmington, NC November Work in Progress Development of common SAML 2.0 schemes Development of common USPerson profile and profile management infrastructure Development of production-quality scheme translator Ongoing work to enable cross-federation trust and interoperability NSF FastLane to accept 3 universities’ Shibboleth-based identity and attribute credentials on or before December, 2005 (slippage)

Wilmington, NC November Unresolved Issues Mapping null attributes Ensuring privacy of attribute information in a variety of instances Portal integration Scaling issues for listing credential providers Issues of transitivity across federations Multiple authoritative sources/conflicting authoritative sources Vocabulary and “data dictionary” issues Liability and indemnification issues

Wilmington, NC November Federal PKI Architecture Agency and other government PKIs required to cross-certify with the Federal Bridge CA As of 12/05 no new agency PKIs; agencies procure PKI services from vendors participating in the Shared Service Provider (SSP) program Architecture issues TLS/SSL certs to credential service providers who CAF, to provide mutual authentication Federal Bridge CA serves as “point of insertion” for external PKIs and other bridges.

Wilmington, NC November Simplified Diagram of Federal PKI Federal Bridge CA C4 CA E-Gov CAs (3) Common Policy CA Cross- Certified gov PKIs Cross- Certified External PKIs eAuth CSPs Shared Service Provider PKIs (Common Policy OID And root Cert)

Wilmington, NC November LOA Mapping: E-Auth to Fed PKI E-Auth Level 1 E-Auth Level 2 E-Auth Level 3 E-Auth Level 4 FPKI Rudimentary, C4 FPKI Medium/HW & Medium/HW-cbp FPKI Basic FPKI Medium & Medium-cbp FPKI High (government only)

Wilmington, NC November Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.