Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

Lousy Introduction into SWITCHaai

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

GT 4 Security Goals & Plans Sam Meder

NRL Security Architecture: A Web Services-Based Solution

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Federal Student Aid Technical Architecture Initiatives Sandy England

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

Private Cloud: Application Transformation Business Priorities Presentation.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Energy Ecosystem Overview David Miller Chief Security Officer.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.

1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Shibboleth: An Introduction

Security Management Press Conference, April 14 th 2003 Russ Artzt, Executive Vice President, Computer Associates International, Inc. Joe Grillo, President.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.

INDIGO – DataCloud Security and Authorization in WP5 INFN RIA

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Dr. Ir. Yeffry Handoko Putra

Access Policy - Federation March 23, 2016

Identity and Access Management

Secure Connected Infrastructure

GEOSS Federated Single Sign-On

Information, Communication & Technology Strategy

Cross-sector and user-centric AAI

Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.

Federation Systems, ADFS, & Shibboleth 2.0

Identity Federations - Overview

Data and Applications Security Developments and Directions

InCommon Steward Program: Community Review

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

South African Identity Federation

ESA Single Sign On (SSO) and Federated Identity Management

Sustainability and Operational models

Thank you for joining. This presentation will begin shortly.

NAAS 2.0 Features and Enhancements

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

HIMSS National Conference New Orleans Convention Center

Objective of the workshop

Introduction of ISO/IEC Identity Proofing

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

The E-Authentication Initiative

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006

Federated Identity Management Pilot

Benefits of Federated Identity Management More information (relevant information, critical information) becomes available to more users Enabled single sign-on (authenticate once – authorize many) Faster response time in critical situations Enhanced user experience Personalization (based on attributes, streamline information dissemination) Policy Control (separation of authentication and authorization) Auditing Improved alliances across government entities Streamline vetting Cost avoidance Cost Reduction Reduced Time to Net Improved interoperability Dynamic provisioning and de-provisioning Faster response time Greater security

Expected Results of the Pilot Provide value to users (e.g. access to applications that they did not have) Establish a model for joint interoperability with federal, state and regional efforts to improve information sharing to combat crime and terrorism in the context of a tangible project involving multiple organizations (DOJ, DHS, RISS, FBI) Confirm the applicability of Federated Identity management as a tool for enhancing information sharing Confirm the viability of the trusted broker architecture Evaluate the quality of user experience and use this feedback to tune the next phase and implementation Better understand challenges in implementation (organizational, contractual, technical and legal) Narrow technical and strategic options for full scale implementation and estimate implementation costs Identify aspects of the pilot suitable to be leveraged to other domains Provide a platform where best practices in identity management can be shared and tested

One user accessing one application Steps in provisioning access: Vetting (who are you?) Permissioning (what can you access?) Credentialing (how do I know it’s you? – passwords, smart cards, etc.) Access requires authentication of credentials User Application

One user accessing many applications Steps in provisioning access: Vetting Permissioning Credentialing RESULT: Each application must perform all steps above User must keep track of N sets of credentials 1 × N 2 N

Many users accessing many applications 1 Steps in provisioning access: Vetting Permissioning Credentialing RESULTS: Multifactor credentials & vetting become too expensive Vetting & credentialing not done well. Vetting too far from user to be kept up to date effectively High barrier to access 1 Expensive!! × M × N 2 2 N M

Federated Identity Management Access Provisioning Provisioning identity (vetting and credentialing) with the organization (×M) Provisioning accounts (permissioning) with applications (×M×N) RESULTS Huge savings in vetting and credentialing M<<M×N Vetting is better – closer to the user since own organization does vetting Credentialing is better – can afford multifactor Lower barriers to access – more access Each users only needs one credential (Single sign-on) Faster account provisioning Faster and easier account de-provisioning 1 1 2 2 Trusted Broker N K K Organizations M Users N Applications

Trusted Broker Mechanism Identity Providers Certified, trusted identity providers verify users’ credentials and assert identity to the broker (SAML, PKI, WS-F) Trusted Broker Asserts identity to the applications (SAML) Protocol translation if required (different versions of technology) Applications Accept assertions of identity from the trusted broker Make access decisions (authorization) 1 Identity Provider 1 Assert Identity Identity Provider 2 2 Trusted Broker Assert Identity Identity Provider N K K Organizations M Users N Applications

Alignment of LEISP Vision for Identity Management with e-auth GSA e-Auth has been briefed GSA e-auth leadership is supportive of LEISP vision Conceptually aligned (but LEISP focus is LE & CT) Broker based architecture is more flexible Not everyone needs to use identical technology Physical connectivity requirements are simplified Additional flexibility in user access controls Additional capabilities for provisioning/de-provisioning Re-authentication and global logout capabilities Other sub-federations (e.g. health) may eventually forge inter-federation trust and interoperability