Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Slides:

Advertisements

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Advertisements

Business Plan and Outstanding Issues for Illinois Justice Network Portal IIJIS Technical Committee Meeting January 16, 2004.

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

1 1 GFIPM Enabling Federated Identity and Single Sign-on John Ruegg LA County Information Systems Advisory Body June 11, 2014.

Tom Clarke, NCSC IAB Teleconference/Webinar August 14, 2008.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

© Copyright 2011, Alembic Foundation. All Rights Reserved. Open Architectures for Health Open Source Conference February 11, 2011

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

United States Department of Justice U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.

Cloud Computing Cloud Security– an overview Keke Chen.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Requirements for Epidemic Information Management Farrukh Najmi XML Standards Architect Sun Microsystems

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

TechRISS RISS. RISSTech Global Justice Information Sharing Initiative Global Advisory Committee RISS / RISSNET Trusted Credential Project Washington,

Wisconsin Digital Summit Monona Terrace November 15, 2004 Justice and Public Safety Interoperability: Wisconsin’s Justice Information Sharing (WIJIS) Initiative.

James Cabral, David Webber, Farrukh Najmi, July 2012.

The InCommon Federation The U.S. Access and Identity Management Federation

Identity Management Report By Jean Carreon and Marlon Gonzales.

Leveraging the Present Flexible for the Future Florida’s Regional Information Sharing NGA Best Practices INFORMATION SHARING & HOMELAND SECURITY.

GFIPM Metadata Status Update GFIPM Delivery Team Meeting November 2011.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

1 April 10, 2008 OneDOJ Update to Global Vance Hitch Chief Information Officer.

SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program.

Tom Clarke VP, Research & Technology National Center for State Courts.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

National Information Exchange Model (NIEM) Executive Introduction March 6th, 2007 Donna Roy Director, DHS Enterprise Data Management Office Chair, NIEM.

Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.

Information Sharing Challenges, Trends and Opportunities

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

...From Collaboration to Integration... Page: 1 November 2, 2006 Welcome and Introduction James Dyche Systems Manager 5 Technology Park Harrisburg, PA.

Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.

HIT Policy Committee Privacy & Security Tiger Team Update Deven McGraw, Co-Chair Center for Democracy & Technology Paul Egerman, Co-Chair June 25, 2010.

Florida’s Criminal Intelligence & Information Sharing Strategy Mark Zadra Chief of Investigations Office of Statewide Intelligence Florida Department of.

GRA Implementations using Open Source Technologies Mark Perbix and Yogesh Chawla SEARCH.

United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,

0 Connectathon 2009 Registration Bob Yencha Webinar | August 28, 2008 enabling healthcare interoperability.

Navigating the Standards Landscape Andrew Owen SEARCH.

United States Department of Justice Global Security Working Group Update Global Advisory Committee November 2, 2006 Washington, D.C.

Shibboleth: An Introduction

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

National Information Exchange Model (NIEM) Executive Introduction November 29, 2006 Thomas O’Reilly NIEM Program Management Office.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

U.S. Department of Justice Law Enforcement Information Sharing Program (LEISP) Spring 06 - Global Advisory Committee (GAC) Meeting Vance Hitch, Chief Information.

Is Federation Putting you at Risk? Presenter: Dan Dagnall – Chief Operating Officer, Fischer International Identity, LLC.

Interconnecting Autonomous Medical Domains Gritzalis, S.Gritzalis, S. ; Belsis, P. ; Katsikas, S.K. ; Univ. of the Aegean, Samos Belsis, P.Katsikas, S.K.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

U.S. Federal e-Authentication Initiative

Role Based Access Control Update

Presentation transcript:

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice

What is Federated Identity Management? You trust another organization to Identify their users and Authenticate them before they can connect to your System. A Trusted Identity Provider (IDP) Your System relies on the Identity Information provided from the IDP to make access and authorization decisions. (relying Service Provider (SP) IDP’s and SP’s have mutual technical and policy obligations to meet for participation in the Federation.

FBI CJIS Systems - A Federated Identity Management Model FBI trusts your organization to Identify your users and Authenticate them before they can connect to the CJIS Systems. The Trusted Identity Provider (IDP) is {CJIS Control Terminal Officer CTO} FBI {CJIS Systems} relies on the Identity Information provided from your {CTO} IDP to make access and authorization decisions. (relying Service Provider (SP) IDP’s and SP’s have mutual technical and policy obligations in the Federation. {CJIS Policy}

Justice XML Inside NIEM Inside

Benefits of Federated Identity Management Local Organization provides Identity Management System (IDP) using local authentication methods Many Commercial products have adopted Federated Identity open standards which GFIPM is utilizing Identity information is communicated over the network via a standard GFIPM justice identity credential

Benefits of Federated Identity Management Eliminate multiple userid/passwords and security tokens Only grant access to your system for users who authenticate first to a trusted Identity Provider (IDP) GFIPM enabled systems always get current identity information via the GFIPM justice identity credential – no requirement to manually register/maintain users Changes in user status (job role, retire, etc) only needs to be updated once at the local IDP system

7 Internet One DOJ Fusion Center A HSIN RISS GFIPM Federation (Single Sign-on SSO)

8 Audit trail Environmental conditions Written policy Obligations Actions: release, modify, access, delete, … Response message Content metadata Electronic policy statements (dynamic, federated) PEP PDP Request message GFIPM credentials PEP: Policy Enforcement Point PDP: Policy Decision Point Security & Privacy Policy Enforcement

Early Adopters of GFIPM Live in Production RISSnet – Intelligence Pennsylvania JNET- criminal justice information CisaNet – Southwestern States Intelligence Under Development LA County – local Criminal History San Diego County – ARJIS criminal justice information Southern Shield – 14 States Fusion Centers Connect Project – 8 States portals and federated query services OneDOJ – Access to Federal Information Resources OneDHS – Access to DHS resources

Benefit of Open Standards Adoption RSA Conference, April 6, 2008 – 7 Vendors Products Interoperability Demonstration "We're pleased to work with OASIS on addressing the very sensitive issues related to the access of patient information," said John (Mike) Davis, standards architect with the VHA Office of Information in the Department of Veterans Affairs, and a member of the HITSP Security, Privacy and Infrastructure Technical Committee. "XACML helps ensure that patients, physicians, hospitals, public health agencies and other authorized users share critical information appropriately and securely."