Presentation is loading. Please wait.

Presentation is loading. Please wait.

Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.

Published byDiane Wilkinson Modified over 6 years ago

Similar presentations

Presentation on theme: "Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006."— Presentation transcript:

1 Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot
February 27, 2006

2 Federated Identity Management Pilot

3 Benefits of Federated Identity Management
More information (relevant information, critical information) becomes available to more users Enabled single sign-on (authenticate once – authorize many) Faster response time in critical situations Enhanced user experience Personalization (based on attributes, streamline information dissemination) Policy Control (separation of authentication and authorization) Auditing Improved alliances across government entities Streamline vetting Cost avoidance Cost Reduction Reduced Time to Net Improved interoperability Dynamic provisioning and de-provisioning Faster response time Greater security

4 Expected Results of the Pilot
Provide value to users (e.g. access to applications that they did not have) Establish a model for joint interoperability with federal, state and regional efforts to improve information sharing to combat crime and terrorism in the context of a tangible project involving multiple organizations (DOJ, DHS, RISS, FBI) Confirm the applicability of Federated Identity management as a tool for enhancing information sharing Confirm the viability of the trusted broker architecture Evaluate the quality of user experience and use this feedback to tune the next phase and implementation Better understand challenges in implementation (organizational, contractual, technical and legal) Narrow technical and strategic options for full scale implementation and estimate implementation costs Identify aspects of the pilot suitable to be leveraged to other domains Provide a platform where best practices in identity management can be shared and tested

5 One user accessing one application
Steps in provisioning access: Vetting (who are you?) Permissioning (what can you access?) Credentialing (how do I know it’s you? – passwords, smart cards, etc.) Access requires authentication of credentials User Application

6 One user accessing many applications
Steps in provisioning access: Vetting Permissioning Credentialing RESULT: Each application must perform all steps above User must keep track of N sets of credentials 1 × N 2 N

7 Many users accessing many applications
1 Steps in provisioning access: Vetting Permissioning Credentialing RESULTS: Multifactor credentials & vetting become too expensive Vetting & credentialing not done well. Vetting too far from user to be kept up to date effectively High barrier to access 1 Expensive!! × M × N 2 2 N M

8 Federated Identity Management
Access Provisioning Provisioning identity (vetting and credentialing) with the organization (×M) Provisioning accounts (permissioning) with applications (×M×N) RESULTS Huge savings in vetting and credentialing M<<M×N Vetting is better – closer to the user since own organization does vetting Credentialing is better – can afford multifactor Lower barriers to access – more access Each users only needs one credential (Single sign-on) Faster account provisioning Faster and easier account de-provisioning 1 1 2 2 Trusted Broker N K K Organizations M Users N Applications

9 Trusted Broker Mechanism
Identity Providers Certified, trusted identity providers verify users’ credentials and assert identity to the broker (SAML, PKI, WS-F) Trusted Broker Asserts identity to the applications (SAML) Protocol translation if required (different versions of technology) Applications Accept assertions of identity from the trusted broker Make access decisions (authorization) 1 Identity Provider 1 Assert Identity Identity Provider 2 2 Trusted Broker Assert Identity Identity Provider N K K Organizations M Users N Applications

10 Alignment of LEISP Vision for Identity Management with e-auth
GSA e-Auth has been briefed GSA e-auth leadership is supportive of LEISP vision Conceptually aligned (but LEISP focus is LE & CT) Broker based architecture is more flexible Not everyone needs to use identical technology Physical connectivity requirements are simplified Additional flexibility in user access controls Additional capabilities for provisioning/de-provisioning Re-authentication and global logout capabilities Other sub-federations (e.g. health) may eventually forge inter-federation trust and interoperability

Download ppt "Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006."

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P11250192)

A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Similar presentations

Ads by Google