E-Authentication October 2003. Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Slides:



Advertisements
Similar presentations
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Advertisements

Inter-Institutional Registration UNC Cause December 4, 2007.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Lecture 23 Internet Authentication Applications
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Core Web Service Security Patterns
Using Digital Credentials On The World-Wide Web M. Winslett.
ALT-C2010 7/09/ :50 Giving you back control of your data: An e-Qualification system for e-Portfolios Learning Societies Laboratory, School of Electronic.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
NCI-CBIIT Security in the System/Services Development Life Cycle Presenter: Braulio J. Cabral CBIIT Enterprise Security Coordinator.
1 Web Services and E-Authentication Adele Marsh, AES Charlie Miller, RIHEAA Session 35.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Karyn Higa-Smith, DHS S&T Program Manager, Identity & Privacy Anil John, JHU/APL Technical Lead, DHS S&T IdM Testbed September 29, 2009 OASIS Identity.
SAML 2.0: Federation Models, Use-Cases and Standards Roadmap
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Web - based business and XML security. Dagmar Brechlerova.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
DOC Web Policies & Best Practices Jennifer Hammond NOAA Research WebShop 2002 August 7, 2002.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
J. Access Control to Video Resources TF-VVC.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
Shibboleth Middleware Project Tivoli - Update Mark Simpson - IBM/Tivoli October 4, 2001 Internet 2 Fall Member’s Meeting.
1 E-Authentication and Web Services Charlie Miller, RIHEAA.
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Shibboleth for Middle Schools James Burger -
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Authentication Presenter Meteor Advisory Team Member Version 1.1.
Web Services Security Standards Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Records Management with MOSS, K2, & PsiGen Deepa Patadia
Training for developers of X-Road interfaces
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Adding Distributed Trust Management to Shibboleth
Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop
Tim Bornholtz Director of Technology Services
X-Road as a Platform to Exchange MyData
Appropriate Access InCommon Identity Assurance Profiles
“Real World” METEOR Implementation Issues
InfiNET Solutions 5/21/
Electronic Payment Security Technologies
Presentation transcript:

e-Authentication October 2003

Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure compliance with the Gramm-Leach- Bliley Act (GLBA), federal guidelines, and applicable state privacy laws. Assure data owners that only appropriately authenticated end users have access to data. Ensure compliance to internal security and privacy guidelines.

Requirements User was required to provide an ID and a shared secret. Assignment and delivery of shared secret must be secure. Assignment of shared secret is based on validated information. Reasonable assurances that the storage of the IDs shared secrets are secure.

Policies Member must ensure appropriate authentication for each end user Member must provide authentication policy to AES Member must provide AES with 30 day advance notice of changes to authentication policy Member must agree to appropriate use of data Additional requirements to be defined by legal representatives (may include auditing/logging requirements)

Process End user authenticates at member site Member creates authentication assertion Member signs authentication assertion with digital certificate Control is passed to AES AES sends attribute request Member returns attribute assertion AES verifies assertion using the member’s public key stored in the registry. End user is provided access to appropriate AES product

Standards Leveraged OASIS SAML XML security standard Internet2 Shibboleth Digital Certificates Secure transactions using SSL SOAP

Registry Requirements Each participant will be required to register, sign a participation agreement, and submit policies and procedures surrounding their authentication process. Central registry will store: –a unique ID for each organization –the public key for each organization –additional elements to be defined

Additional Assertion Attributes Role of end user Social Security Number Authentication Process ID Level of Authentication Opaque ID Application ID Additional attributes to be determined

Contact Information Matthew Sessa Mark Malinoski

e-Authentication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.