Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

Slides:



Advertisements
Similar presentations
1 U.S. General Services Administration E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management.
Advertisements

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
Institutional Transformation of Government in the Network Society Jane E. Fountain Director, National Center for Digital Government Harvard University.
1 The E-Authentication Initiative E-Authentication: A Federated Approach to Identity Management December 2004.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.
E  Authentication Federation The enabler of Electronic Government! presented to AIPC by Stephen A. Timchak June 12, 2005 The E-Authentication Federation.
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
U.S. Federal Enterprise Architecture World Bank Seminar November 22, 2006 Dick Burk Chief Architect and Manager, Federal Enterprise Architecture Program,
Status of E-Government. E-Government: the use of digital technologies to transform government operations in order to improve effectiveness, efficiency,
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
Transforming the Business of Government Through Shared Services JOHN SINDELAR Deputy Associate Administrator United States General Services Administration.
EAuthentication Components of USDA’s Enterprise Architecture February 2004.
1 The Government-wide Implementation of Homeland Security Presidential Directive 12 (HSPD-12) David Temoshok Director, Identity Policy and Management GSA.
“FEA: Beyond Reference Models” September 07, 2006 Dick Burk Chief Architect and Manager, Federal Enterprise Architecture Program Management Office – OMB.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Jane E. Fountain Director, National Center for Digital Government (supported by the National Science Foundation) Associate Professor,
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
Identity and Access Management
The E-Authentication Federation
Transforming the Business of Government Through Shared Services JOHN SINDELAR Deputy Associate Administrator United States General Services Administration.
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
Federal Requirements for Credential Assessments
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
The E-Authentication Initiative
E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management GSA Office of Governmentwide.
Presentation transcript:

Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication Initiative August 20, 2004

2 The E-Authentication Initiative President’s Management Agenda 1 st Priority: Make Government citizen-centered. 5 Key Government-wide Initiatives: Strategic Management of Human Capital Competitive Sourcing Improved Financial performance Expanded Electronic Government Budget and Performance Integration

3 The E-Authentication Initiative Government to Govt.Internal Effectiveness and Efficiency 1. e-Vital (business case) 2. Grants.gov 3. Disaster Assistance and Crisis Response 4. Geospatial Information One Stop 5. Wireless Networks 1. e-Training 2. Recruitment One Stop 3. Enterprise HR Integration 4. e-Travel 5. e-Clearance 6. e-Payroll 7. Integrated Acquisition 8. e-Records Management PMC E-Gov Agenda OPM GSA OPM GSA NARA Lead SSA HHS FEMA DOI FEMA Lead GSA Treasury DoEd DOI Labor Government to Business 1. Federal Asset Sales 2. Online Rulemaking Management 3. Simplified and Unified Tax and Wage Reporting 4. Consolidated Health Informatics (business case) 5. Business Gateway 6. Int’l Trade Process Streamlining Lead GSA EPA Treasury HHS SBA DOC Cross-cutting Infrastructure: eAuthentication GSA Government to Citizen 1. USA Service 2. EZ Tax Filing 3. Online Access for Loans 4. Recreation One Stop 5. Eligibility Assistance Online

4 The E-Authentication Initiative The Starting Place for e-Authentication: Key Policy Points For Governmentwide deployment:  No National ID.  No National unique identifier.  No central registry of personal information, attributes, or authorization privileges.  Different authentication assurance levels are needed for different types of transactions. And for e-Authentication technical approach:  No single proprietary solution  Deploy multiple COTS products -- users choice  Products must interoperate together  Controls must protect privacy of personal information.

5 The E-Authentication Initiative Definitions  Identity Authentication—process of establishing confidence in claimed identity of users electronically presented to an information system.  Authorization—identifying a person’s user permissions to determine what he/she is allowed to do.  Attribute —a distinct characteristic of a user. Attributes describe a property associated with the user (e.g., age, height, eye color, religion, occupation, organizational role).

6 The E-Authentication Initiative The E-Authentication Service Concept Credential Service Provider Agency Application Access Point Application User Step 3Step 2 Step 1 Step 1: At access point (portal, agency Web site or credential service provider) user selects agency application and credential provider Step 2: User is redirected to selected credential service provider If user already possesses credential, user authenticates If not, user acquires credential and then authenticates Step 3: Credential service hands off authenticated user to the agency application she selected at the access point

7 The E-Authentication Initiative Governments Federal States/Local International Higher Education Universities Higher Education PKI Bridge Healthcare American Medical Association Patient Safetty Institute Travel Industry Airlines Hotels Car Rental Trusted Traveler Programs Central Issue with Federated Identity – Who do you Trust? E-Commerce Industry ISPs Internet Accounts Credit Bureaus eBay Trust Network Financial Services Industry Home Banking Credit/Debit Cards Absent a National ID and unique National Identifier, the e-Authentication initiative will establish trusted credentials/providers at determined assurance levels.

8 The E-Authentication Initiative The Need for Federated Identity Trust and Business Models  Technical issues for sharing identities are being solved, but slowly  Trust is critical issue for deployment of federated identity Federated ID networks have strong need for trust assurance standards How robust are the identity verification procedures? How strong is this shared identity? How secure is the infrastructure?  Common business rules are needed for federated identity to scale N 2 bi-lateral trust relationships is not a scalable business process Common business rules are needed to define: Trust assurance and credential strength Roles, responsibilities, of IDPs and relying parties Liabilities associated with use of 3 rd party credentials Business relationship costs Privacy requirements for handling Personally Identifiable Information (PII)  Federal e-Authentication Initiative will provide trust framework to integrate (policy, technology, business relationships) across disparate and independent identity systems

9 The E-Authentication Initiative Factor Token Very High Medium Standard Low Employee Screening for a High Risk Job Obtaining Govt. Benefits Applying for a Loan Online Access to Protected Website Surfing the Internet Click-wrap Knowledge Pin/Password -Based PKI/ Digital Signature Multi- Increased $ Cost Increased Need for Identity Assurance Multiple Authentication Assurance Levels to meet multiple risk levels

10 The E-Authentication Initiative Authentication Assurance Levels M-04-04:E-Authentication Guidance for Federal Agencies establishes 4 authentication assurance levels NIST SP Electronic Authentication NIST technical guidance to match technology implementation to a level Level 4Level 3Level 2Level 1 Little or no confidence in asserted identity (e.g. self identified user/password) Some confidence in asserted identity (e.g. PIN/Password) High confidence in asserted identity (e.g. digital cert) Very high confidence in the asserted identity (e.g. Smart Card)

11 The E-Authentication Initiative e-Authentication Trust Model for Federated Identity 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub Authentication Technical Guidance) 1. Establish e-Authentication risk and assurance levels for Governmentwide use (OMB M Federal Policy Notice 12/16/03) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 2. Establish standard methodology for e-Authentication risk assessment (ERA) 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use 6. Establish common business rules for use of trusted 3rd-party credentials

12 The E-Authentication Initiative e-Authentication Trust and Interoperability The e-Authentication Initiative acts as Trust Broker to provide Trust Assurance services for Fed Agencies Manages relations among Agency Applications (relying parties) and Credential Service Providers (issuers) Administers Authentication policy Framework Establishes and administers common business rules for the relationships among the parties Administers common interface specs Performs credential assessments Authorizes CSPs on trust list according to standardized assurance levels Provides C & A and regular audit & ensures compliance Trust Broker IDP AA IDP AA Common Policies & Business Rules Common Interface Specs Policy, Technical, & Business Interoperability

13 The E-Authentication Initiative ©p©p CS AA x Step #1: User goes to Portal to select the AA and CS Portal AA x Step #2: The user is redirected to the selected CS with an AA identifier. The portal also cookies the user with their selected CS. Step #3: The CS authenticates the user and hands them off to the selected AA with their identity information. The CS also cookies the user as Authenticated. ©c©c Base Case AAs ECPs Users AuthZ Step #3: For Assurance levels 1 and 2, CSP will need to provide users’ common name + assurance level (at a minimum) to the AA. PII is protected in transmission through SOAP/SSL. e-Authentication Technical Interfaces – Base Case Step #1: No PII is presented to the portal, no transaction data is recorded, no system of records is maintained. Step #2: For Federal CSPs, no new PII is created. Users simply sign on using previously established processes with CSP (PIN, Password). PIN, Passwords are expressed only to CSP, not to e-Auth Portal or AA. Data/Information Flows

14 The E-Authentication Initiative The Challenge - Interoperability Across Similar Products Trust Broker IDP RP IDP IDP/RP Policy, Technical, & Business Interoperability Multiple SAML 1.0 Products Technical interoperability can be assured only through testing that all products deployed in the Federation can interoperate Common Interface Spec Common Policies & Business Rules Product 1 Product 4 Product 3 Product 6 Product 5 Product 7 Product 2

15 The E-Authentication Initiative Bigger Challenge - Interoperability Across Protocols Trust Broker IDP RP IDP IDP/RP IDP IDP/RP Protocol Translator Multiple SAML 1.0, 1.1, Liberty Products Interoperability testing becomes much more complex when multiple products and protocols are deployed across entities participating in the Federation(s) Multiple Interface Specs Common Policies & Business Rules SAML 1.0 Product SAML 1.1 Product SAML 1.0 Product SAML 1.1 Product SAML 1.1 Product LA SAML Product LA SAML Product

16 The E-Authentication Initiative Federal Interoperability Lab  Tests interoperability of products for participation in e-Authentication architecture. Conformance testing to Fed e-Authentication Interface Specification Interoperability testing among all approved products  Currently 5 SAML 1.0 products on Approved Product List. See URL:  Federal e-Authentication Program will adopt additional schemes SAML 1.1, Saml 2.0 Liberty Alliance Shibboleth  Protocol Translator is required for technical architecture  Multiple protocol interoperability testing will be very complex  Federal Government will operate Interoperability lab until protocol/product convergence or industry test lab is in place  Approved products list is publicly available.

17 The E-Authentication Initiative The Need for the Electronic Authentication Partnership State/Local Governments Industry Policy Authentication Assurance levels Credential Profiles Accreditation Business Rules Privacy Principles Technology Adopted schemes Common specs User Interfaces APIs Interoperable COTS products Authz support Federal Government Commercial Trust Assurance Services Policy, Technical, & Business Interoperability Common Business and Operating Rules IDP RP Interoperability for:

18 The E-Authentication Initiative For More Information Phone David Temoshok Websites

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.