1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Slides:



Advertisements
Similar presentations
Single Sign-On and Federated Authentication at NIH and Beyond
Advertisements

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Ongoing Efforts to Build The US Federal PKI Bridge
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Public Key Infrastructure (PKI) Hosting Services.
1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
The U.S. Federal PKI and the Federal Bridge Certification Authority
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.
The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.
HSPD-12 and FIPS-201 Overview v Learning Objectives At the end of this course, you will be able to: Describe Homeland Security Presidential Directive.
1 The Government-wide Implementation of Homeland Security Presidential Directive 12 (HSPD-12) David Temoshok Director, Identity Policy and Management GSA.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill
Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
U.S. Department of Agriculture eGovernment Program eAuthentication Draft Business Case Executive Summary January 2003.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
The E-Authentication Initiative
Appropriate Access InCommon Identity Assurance Profiles
A Quick Tour of the FIPS 201 Revision
Presentation transcript:

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy EDUCAUSE June 15, 2006

2 Federal Identity Management Initiatives Industry and EAI ID Federation/Authentication Alignment The Federal Government is seeking to align with industry in the following ways in order to meet the mandates for government- wide e-Authentication services:  Common trust framework for reciprocal trust  Common business & operating rules for business interoperability  Common technical infrastructure (i.e., architecture, protocols, data models, testing) for technical interoperability  Common business models for ID federation adoption/interoperability.

3 Federal Identity Management Initiatives Levels 1 & 2 CSPs Levels 3 & 4 CSPs FBCA X-Certification Levels 1 & 2 Online Apps & Services Levels 3 & 4 Online Apps & Services SDT A VERY Simplified View of the Federal EAI Architecture EAI SAML Trust List EAI SAML Trust List Banks Financial Inst. Universities Agency Apps Commercial CSPs CAF FBCA PKI Trust List FBCA PKI Trust List Digital Certificates SAML Assertions Federal Agency PKIs Other Gov PKIs Commercial PKIs PKI Bridges (HSPD-12) One-Time Passwords Multi-Factor Authentication PIN, Passwords User ID

4 Federal Identity Management Initiatives EAI/EAP Common Trust Framework 1. Establish & define authentication risk and assurance levels EAI: OMB M Established and defined 4 authentication assurance levels as Governmentwide policy EAP: Adopted OMB M authentication assurance levels 2. Establish technical standards & requirements for e-Authentication systems at each assurance level EAI: NIST Special Pub Authentication Technical Guidance – Established authentication technical standards at 4 established assurance levels EAP: Adopted NIST SP standards 3. Establish methodology for evaluating authentication systems at each assurance level EAI: Credential Assessment Framework – Standard methodology for assessing authentication systems of credential service providers EAP: Service Assessment Criteria – Standard methodology for assessing authentication systems of credential service providers 5. Perform assessments and maintain trust list of trusted CSPs EAP: Trusted CSP List EAI: Trusted CSP List (pending) 6. Establish common business rules for approved CSPs EAI: EAI Federation Business Rules and Service Agreements EAP: EAP Business Rules and Agreements

5 Federal Identity Management Initiatives EAI/EAP Alignment EAI EAP Common Assurance Levels Common Authentication Standards Reciprocal CSP Trust Certifications Common Designated Assessors Common Business Rules Common Architecture Common Protocols Common Data Models Joint Pilots And Projects CSP Assessments CSP Trust Lists 2008 Common Business Model EAI Projects EAP Projects

6 Federal Identity Management Initiatives Components of EAP Trust Framework in FiXs Pilot 1. Establish & define authentication risk and assurance levels EAP/FiXs: Adopted OMB M authentication assurance levels 2. Establish technical standards & requirements for e-Authentication systems at each assurance level EAP: Adopted NIST SP standards FiXs: Adopted NIST FIPS 201 standards 3. Establish methodology for evaluating authentication systems at each assurance level EAP: Service Assessment Criteria – Standard methodology for assessing authentication systems of credential service providers FiXs: Certification standards and security requirements 5. Perform assessments and maintain trust list of trusted CSPs EAP/FiXs: Trusted CSP Lists 6. Establish common business rules for approved CSPs EAP: EAP Business Rules and Agreements FiXs: FiXs Business and Operating Rules

7 Federal Identity Management Initiatives Core FiXs Pilot Objectives - EAP EAP ComponentFiXs Pilot ObjectiveTest Outcomes Business RulesDevelop FiXs Operating Rules for electronic authentication that satisfy terms and conditions of EAP Business Rules.  Adoption of EAP Business Rules by FiXs Federation through FiXs Operating Rules  Signed Agreements to follow Operating Rules by FiXs pilot participants Service Assessment Criteria Develop FiXs CSP (“Issuer”) Certification Procedures and Security Requirements that satisfy EAP SAC requirements.  Determination that FiXs Certification Procedures and Security Requirements satisfy EAP SAC requirements at assurance level 4.  Determination that FiXs Certification Procedures and Security Requirements satisfy EAI CAF requirements at assurance level 4. CSP Trust ListMake FiXs CSP (“Issuer”) certifications that satisfy EAP SAC requirements.  Determination that FiXs CSP “Issuer” certifications satisfy EAP SAC requirements at assurance level 4.  Establish EAP CSP Trust List to include certified FiXs Issuers  Determination that FiXs CSP “Issuer” certifications satisfy EAI CAF requirements at assurance level 4.  Inter-Federation acceptance of FiXS Issuer certifications by EAP and EAI.

8 Federal Identity Management Initiatives Pilot ComponentFiXs Pilot ObjectiveTest Outcomes Interoperable Technical Architecture Develop FiXs Technical Architecture that will interoperate with DoD and EAI technical architectures for e- Authentication.  Demonstrated interoperability of all aspects of e-Authentication transactions with FiXs pilot participants.  Demonstrated interoperability of all aspects of e-Authentication transactions with DoD and EAI.  Model technical architecture available for EAP use/adoption. Technical Interface Specifications Develop FiXs Technical Interface Specifications that permit interoperability in electronic authentication transactions and transaction data exchange with DoD and EAI.  Common FiXs technical specifications for FiXs global roll-out.  Demonstrated interoperability of all aspects of e-Authentication transactions and transaction data exchanges with DoD and EAI.  Model technical interface specifications available for EAP use/adoption. Operating Rules Develop FiXs Operating Rules that define the operational and transaction requirements for FiXs e-Authentication transactions.  Common FiXs operating Rules for FiXs global roll-out.  Signed Agreements to follow Operating Rules by FiXs pilot participants.  Model ID Federation Operating Rules available for EAP use/adoption. Registration, Enrollment and ID Verification procedures. Develop FiXs registration, enrollment and ID verification requirements/procedures that meet FIPS 201/HSPD-12 standards and requirements.  Registration, enrollment, ID verification, and cross-credentialing requirements & procedures for non-Federal identity verification that can be accepted as meeting FIPS 201/HSPD-12 standards.. FiXs Pilot Objectives - Expanded

9 Federal Identity Management Initiatives Cross-Federation Trust Certifications  FiXs trust certifications will be made at assurance level 4+, as FiXs will be certifying against FIPS 201/HSPD-12 standards/requirements.  EAP may determine to accept FiXs certifications as meeting EAP SAC level 4 authentication assurance  Federal EAI may determine to accept FiXs and/or EAP certifications as meeting EAI CAF level 4 authentication assurance FiXs Trust Certifications EAP Trust Certifications EAI Trust Certifications

10 Federal Identity Management Initiatives Federal Interoperability Lab  Tests interoperability of products for participation in e- Authentication architecture. Conformance testing to Fed e-Authentication Interface Specification Interoperability testing among all approved products  Currently 11 SAML 1.0 products on Approved Product List. See URL:  Multiple protocol interoperability testing will be very complex  4 Products approved for PKI certificate path discovery & validation  GSA intends to continue to test architecture components for interoperability and capability to meet governmentwide use requirements

11 Federal Identity Management Initiatives And then there’s HSPD-12 … Homeland Security Presidential Directive 12 (HSPD-12): “Policy for a Common Identification Standard for Federal Employees and Contractors” Dated: August 27, 2004

12 Federal Identity Management Initiatives IDM Policy and Acquisition Landscape Key governmentwide initiatives have established program, policy, and technical requirements for authentication and identity management. GSA Is establishing “approved products/services” for each authentication service line based on compliance with established requirements. Consolidate multiple offerings of Identity Management products & services from GSA acquisition schedules and GWACs onto IT Schedule 70, SIN , Authentication Products and Services Authentication service lines on SIN include: ACES PKI Shared Service Providers (HSPD-12) PIV Service Components (HSPD-12) PIV Integrators (HSPD-12) Approved FIPS-201 Products and Services (HSPD-12) E-Authentication Architecture Components. All require active program management to ensure compliance with program requirements and keep pace with marketplace changes.

13 Federal Identity Management Initiatives OMB Guidance – Key Points OMB Guidance for HSPD-12 - M-05-24: To ensure government-wide interoperability, agencies must acquire only products and services that are on the approved products list Agencies must include language implementing the FIPS 201 Standard in applicable new contracts GSA is designated the “executive agent for Government-wide acquisitions of information technology" for the products and services required by HSPD-12 GSA will make approved products and services available through blanket purchase agreements under IT Schedule 70 GSA will ensure all approved BPA suppliers provide products and services that meet all applicable federal standards and requirements

14 Federal Identity Management Initiatives GSA’s Role Establish interoperability and common performance testing to meet NIST standards Compliance for GSA contractors (e.g., cleaning, maintenance, etc.) Award SIN listings as approved products and services become available Establish Approved Products Lists for product categories requiring FIPS 201 compliance Provide full-range of qualified products and services to meet Agency implementation needs

15 Federal Identity Management Initiatives HSPD-12 Service Components Enrollment Service Provider Systems Infrastructure Provider Production Service Provider Finalization Service Provider Agency PACS Enrollment Data IDMS CMS Card Printing Inventory, Distribution Card Data Cards issued and Activated Enrollment/registration Stations & managed service Services inside dotted rings may be provided as shared infrastructure. FPKI SSP FPKI SSP & FBCA Cross-certified PKI Agency LACS Card Management Services

16 Federal Identity Management Initiatives For More Information ● Visit our Websites: ● Or contact: David Temoshok Director, Identity Policy and Management