Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Slides:

Advertisements

Similar presentations

NRL Security Architecture: A Web Services-Based Solution

Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.

E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.

The InCommon Federation The U.S. Access and Identity Management Federation

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

GRA Implementations using Open Source Technologies Mark Perbix and Yogesh Chawla SEARCH.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

Shibboleth: An Introduction

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.

E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.

The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

ATIS Identity Management Standards Development DOCUMENT #:GSC13-PLEN-37 FOR:Presentation SOURCE:ATIS AGENDA ITEM:Plenary; IdM and Identification Systems;

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

SAML Interoperability Lab RSA Conference Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo.

1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

The FederID project The First Identity Management and Federation Free Software.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

Access Policy - Federation March 23, 2016

Data and Applications Security Developments and Directions

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

U.S. Federal e-Authentication Initiative

NAAS 2.0 Features and Enhancements

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

HIMSS National Conference New Orleans Convention Center

Appropriate Access InCommon Identity Assurance Profiles

The E-Authentication Initiative

Presentation transcript:

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication Initiative FED/ED XII PKI Meeting December 14, 2005

2 Federation Infrastructure Interoperable Technology (Communications) Determine intra-Federation communication architecture Administer common interface specifications, use cases, profiles Conduct interoperability testing ( as needed) according to the specifications Provide a common portal service (I.e., discovery and interaction services) Trust Establish common trust model Administer common identity management/authentication policies for Federation members Business Relationships Establish and administer common business rules Manage relations among relying parties and CSPs Manage compliance/dispute resolution

3 Government Adoption of Federated IDM  Necessary in order to meet President’s E-Gov mandates GSA is directed to provide common authentication infrastructure for all Federal E-Gov business applications and E-access control.  In 2004 GSA established the EAI Federation EAI Federation allows identity federation between multiple industry and government entities and the Federal Government GSA administers the EAI Federation EAI members include CSPs, AAs, and end users Trust framework supports multiple levels of authentication assurance Technical architecture supports multiple authentication technologies, protocols, and IDM software products and components  In 2004 GSA partnered with industry to establish the Electronic Authentication Partnership Incorporated non-profit public/private sector forum to advance and accelerate IDM federation Focuses on interoperability and trust EAP Trust Framework issued 12/04

4 Building the E-Authentication Federation Business & Operating Rules Operational Infrastructure Agency Applications/ Identity Credential Issuers Policy Technical Standards Completed FY 2004 Scheduled for completion Q4 FY ‘05 Scheduled for Federation membership Q1 FY ’06 and beyond

5 The Need for Federated Identity Trust and Business Models  Technical issues for sharing identities are being solved, but slowly  Trust is critical issue for deployment of federated identity Federated ID networks have strong need for trust assurance standards How robust are the identity verification procedures? How strong is this shared identity? How secure is the infrastructure?  Common business rules are needed for federated identity to scale N 2 bi-lateral trust relationships is not a scalable business process Common business rules are needed to define: Trust assurance and credential strength Roles, responsibilities, of IDPs and relying parties Liabilities associated with use of 3 rd party credentials Business relationship costs Privacy requirements for handling Personally Identifiable Information (PII)  Federal e-Authentication Initiative will provide trust framework to integrate (policy, technology, business relationships) across disparate and independent identity systems

6

7 Key Architecture Design Considerations  No central registry of personal information, attributes, or authorization privileges – decentralized approach means federation.  Different authentication assurance levels are needed for different types of transactions.  Architecture must support multiple authentication technologies.  Architecture must support multiple protocols.  Federal Government will not mandate a single proprietary solution, therefore, Architecture must support multiple COTS products.  Federal Government will adopt prevailing industry standards that best meet the Government’s needs.  All architecture components must interoperate with ALL other components.  Controls must protect privacy of personal information.

8 ©p©p CS AA x Step #1: User goes to Portal to select the AA and CS Portal AA x Step #2: The user is redirected to the selected CS with an AA identifier. The portal also cookies the user with their selected CS. Step #3: The CS authenticates the user and hands them off to the selected AA with their identity information. The CS also cookies the user as Authenticated. ©c©c Base Case AAs ECPs Users AuthZ Step #3: For Assurance levels 1 and 2, CSP will need to provide users’ common name + assurance level (at a minimum) to the AA. PII is protected in transmission through SOAP/SSL. e-Authentication Technical Interfaces – Base Case Step #1: No PII is presented to the portal, no transaction data is recorded, no system of records is maintained. Step #2: For Federal CSPs, no new PII is created. Users simply sign on using previously established processes with CSP (PIN, Password). PIN, Passwords are expressed only to CSP, not to e-Auth Portal or AA. Data/Information Flows Policy Enforcement Point

9 e-Authentication Architecture – Protocol Translator

10 Standards Convergence  SAML 1.X - Framework for exchanging security information about a principal: authentication, attributes, authorization information  Liberty ID-FF 1.X – Extend SAML 1.0, 1.1 for federation, SSO, web services Shibboleth Specification Liberty Specifications OASIS SAML 1.0, 1.1 OASIS Standard SAML 2.0

11 Federal Interoperability Lab  Tests interoperability of products for participation in e- Authentication architecture. Conformance testing to Fed e-Authentication Interface Specification Interoperability testing among all approved products  Currently 11 SAML 1.0 products on Approved Product List. See URL:  Multiple protocol interoperability testing will be very complex  4/07/05 RFI for Certificate Path Discovery/Validation Service  GSA intends to continue to test architecture components for interoperability and capability to meet governmentwide use requirements

12 For More Information ● Visit our Websites: ● Or contact: David Temoshok Director, Identity Policy and Management