E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Slides:

Advertisements

Similar presentations

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Public Key Infrastructure (PKI) Hosting Services.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.

E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

E  Authentication Federation The enabler of Electronic Government! presented to AIPC by Stephen A. Timchak June 12, 2005 The E-Authentication Federation.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

Complying With The Federal Information Security Act (FISMA)

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee

E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.

The InCommon Federation The U.S. Access and Identity Management Federation

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.

E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.

U.S. Department of Agriculture eGovernment Program eAuthentication Draft Business Case Executive Summary January 2003.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

State of e-Authentication in Higher Education August 20, 2004.

E-Authentication in Higher Education April 23, 2007.

E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

The E-Authentication Federation

Privacy, Security, and Identity Management Update

U.S. Federal e-Authentication Initiative

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

The E-Authentication Initiative

HIMSS National Conference New Orleans Convention Center

The E-Authentication Initiative

4th Annual Conference on Technology and Standards Washington

Presentation transcript:

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006

2 The Goal of E-Government Empower and enable citizens and businesses to manage their relationships with government on their terms in a secure online environment The Role of the E-Authentication Program Provide standards, framework and services necessary for the Federal Government to accept all levels of secure identity verification, simplifying business, public & government access to online services in a cost-effective manner The Context for E-Authentication

3 E-Authentication Mission  Enable millions of safe, secure, trusted online transactions between Government and the citizens and businesses that it serves  Reduce online identity management / credentialing burden for government agency application owners and system administrators  Provide citizens and businesses with a choice of credentials – such as PINs/User IDs/passwords/digital certificates – when accessing public- facing online government services

4 Key Policy Considerations  For Government-wide deployment: No National ID No National unique identifier No central registry of personal information, attributes, or authorization privileges Different authentication assurance levels are needed for different types of transactions Authentication – not authorization  For E-Authentication technical approach: No single proprietary solution Deploy multiple COTS products – user’s choice Products must interoperate Controls must protect privacy of personal information

5 E-Authentication Strategy  The best way to accomplish E- Authentication’s mission while satisfying the requisite policy considerations: Build the E-Authentication Federation, wherein government agencies can rely on electronic identity credentials issued and managed by other organizations within and outside the federal government

6 The Decision to Adopt a Federated Approach  Identity management is one of the major enterprise IT challenges  Government’s move to the Web raised the need to ID- proof millions of customers  Industry best practices moving toward enterprise identity management solution (portal) and federated identity  Use of federated identity is growing According to Burton Group, more than 300 businesses deploying SAML-based federations

7 The Concept of E-Authentication Step 3Step 2 Step 1 Step 1: At access point (agency Web site or credential service provider) user selects agency application and credential provider Step 2: User is redirected to selected credential service provider If user already possesses credential, user authenticates If not, user acquires credential and then authenticates Step 3: Credential service hands off authenticated user to the agency application selected User performs transaction

8 The Value of the E-Authentication Federation  Citizens and businesses Convenience and ease of use in accessing government services Secure access with privacy protection Safeguarding the public trust  Government Saving agencies time and money in developing, implementing and administering identity management Leveraging an existing authentication infrastructure (the Federation) Fewer credentials to manage Reducing the risk of implementing and maintaining an identity validation capability Accelerating the time to market for e- government services

9 The Building Blocks of the E-Authentication Federation Business & Operating Rules Operational Infrastructure Agency Applications/ Credential Service Providers PolicyTechnology/Architecture Completed FY 2004 Completed FY ‘05 Growing in FY06 and beyond

10 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub Authentication Technical Guidance) 1. Establish E-Authentication risk and assurance levels for Governmentwide use (OMB M Federal Policy Notice 12/16/03) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 2. Establish standard methodology for E-Authentication risk assessment (ERA) 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use (Federation Member CSPs) 6. Establish common business rules for use of trusted 3rd-party credentials (Legal Document Suite) Policy Infrastructure:

11 Federation Policy: Identity Assurance Levels NIST SP Electronic Authentication technical guidance matches technology to each assurance level OMB E-Authentication Guidance establishes four assurance levels Level 4Level 3Level 2Level 1 Little or no confidence in asserted identity (e.g. self identified user/password) Some confidence in asserted identity (e.g. PIN/Password) High confidence in asserted identity (e.g. digital cert) Very high confidence in the asserted identity (e.g. Smart Card) E-RA tool assists agencies in defining authentication requirements & mapping them to the appropriate assurance level Providing consistent application of E-Authentication across gov’t

12 Federation Membership Business & Operating Rules  Technology standards integrated with common business rules  Developing business agreements that govern membership in the E-Authentication Federation Binding the trust that drives interoperability

13 Status of Federation Membership (5/1/06) Relying Parties  SSA (Direct Deposit)  GSA (eOffer)  Dept. of Labor (MSHA)  OPM (USA Learning)  OPM (USA Jobs)  NASA (MyNASA)  Dept. of Transportation (SAFER)  Dept. of Commerce (Export.gov)  NSF (Fastlane)  Dept. of Energy (VIPERS)  Dept. of Interior/Nat’l Park Service (Research Permit & Reporting System)  HUD (FHA Connection)

14 Status of Federation Membership (5/1/06) Credential Service Providers  Fidelity Investments*  WellsSecure* (Wells Fargo PKI)  ORC  USDA eAuthentication  OPM Employee Express * Denotes designated financial agent (DFA) of the US Department of Treasury/Financial Management Service Add’l Targeted Verticals  Financial Institutions  State/local governments  Higher Education

15 For More Information… Georgia K. Marsh Deputy Program Executive Websites