Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.

Slides:



Advertisements
Similar presentations
June 27, 2005 Preparing your Implementation Plan.
Advertisements

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
The U.S. Federal PKI and the Federal Bridge Certification Authority
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.
Bridge-to-Bridge Working Group (BBWG) Debb Blanchard, Cybertrust EDUCAUSE Federal and Higher Education PKI Coordination Meeting June 16, 2005 The Fairmont.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
How Recent Government Initiatives Will Impact IT on Your Campus, October 10, 2000 Preconference Seminar 13P - How Recent Government Initiatives Will Impact.
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
PIV 1 Ketan Mehta May 5, 2005.
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Government-University Identity Management Opportunities Peter Alterman, Ph.D. Chair, U.S. Federal PKI Policy Authority and Assistant CIO/E-Authentication,
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
U.S. Department of Agriculture eGovernment Program eAuthentication Draft Business Case Executive Summary January 2003.
Electronic Safety and Soundness in Colombia Financial Sector Policy Global Dialogue Series #19 Milton Quiroga
COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
Federal Preparedness Credentialing & Typing. H.R. 1 - Requirement Title IV of the “Implementing Recommendations of the 9/11 Commission Act of 2007” directs.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Higher Education’s Role in the Identity Ecosystem
Privacy, Security, and Identity Management Update
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
E-Authentication: What Technologies Are Effective?
HIMSS National Conference New Orleans Convention Center
Presentation transcript:

Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority

Wilmington, NC November Background The Drive for e-Government –Automation of the government workplace and opening of Internet to commercial entities –National Performance Review, Government Paperwork Elimination Act of 1998, eSign Act, Electronic Commerce Act, the Quicksilver Initiatives and e-Gov –Mirrors the emergence of e-Commerce The Drive for Digital Security –Viruses, Trojan horses, spoofing, spamming, DoS attacks, phishing, hostile international exploits, takedown of DOD websites (oh, my!), HSPD-12

Wilmington, NC November Identity Requirements for e-Gov Need: To Know who you’re doing business (or government) with over the Internet Assumptions: –No national ID card, number or account –Privacy maintenance to the extent possible with positive identity authentication –Levels of identity assurance commensurate with risk Implications: –Federated identity providers –Policy reasserts itself over technology as the controlling factor in IT communications

Wilmington, NC November The Bureaucracy Responds Quicksilver initiative spawns list of 24 e-Gov applications and 2 infrastructure support programs (enterprise architecture and e- authentication) No additional funds Targets citizen to government applications E-Gov apps farmed out to Agencies Infrastructure support programs held by Office of Management and Budget with it’s faithful servant Igor.. the General Services Administration

Wilmington, NC November Current Status of E-Authentication Program Management Office Substantial accomplishments in policy and procedures A “full operational architecture” supporting four levels of identity assurance –Levels 1 and 2 assertion-based, Levels 3 and 4 crypto based Search for government applications leads to requirement for each Agency to offer up one online application for e-authentication enablement in 2005 and one more in 2006 Aggressive recruitment of credential services providers in private sector Acknowledgement that the government is setting up an identity federation – and outreach to interoperate with other identity federations

Wilmington, NC November And Then There’s The Enemy Out There Precursor Initiatives included –FIPS 199, NIST SP , NIST SP , Common Policy Framework, FICC work, OMB M and 05-05, etc. Homeland Security Presidential Directive #12: –Spawns FIPS-201, SPs , -76, -78 – Mandates (for Federal employees and contractors) creation of a positive ID proofing and interoperable PKI-on-a-shingle –To control physical and logical access to resources (buildings, networks, applications)

Wilmington, NC November Raising the Stakes: Everything’s Gone Global International Collaborative Identity Management Forum (US-NATO Joint Strike Fighter) Transatlantic Secure Collaboration Project (“reinventing the wheel, one spoke at a time”) Global PKI Bridge Mesh Forming – Grids and Defense establishments’ PKIs do secure electronic collaborative work (like fighting wars) Who Owns Chrysler? Who Owns Volvo? Who Owns Mazda? Who owns that green jacket over there?

Wilmington, NC November Summary Before Going On Governments at all levels want to do electronic transactions with their customers (citizens) securely over the internet. This requires governments to know with whom they are doing business at levels of assurance justified by structured risk assessments and mitigated by proven procedures and technologies Without issuing identity credentials, governments rely on the thousands of credential services providers currently out there.

Wilmington, NC November Some Animals Are More Equal Than Others Identity for security purposes is a straightforward requirement for knowing the sack o’ cells logging on to that secure data network. Authorization follows. Or doesn’t: still a local decision (the good news). Identity for e-commerce and the civil side of e- government requires much more. Enter attributes: roles, memberships in categories, even portable authorizations.

Wilmington, NC November We’re All Animals Feds and contractors – a gimme. Any corporate entity, including institutions of higher education, doing business with the government will have to adopt FIPS-201 identity proofing sooner or later. Any entity that issues electronic identity credentials (hello – network logons) may experience pressure from their customers to use those credentials for other purposes, like accessing a government online application.

Wilmington, NC November Questions? Disputes?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.