Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Approach Chris Louden Enspier

Similar presentations


Presentation on theme: "Technical Approach Chris Louden Enspier"— Presentation transcript:

1 Technical Approach Chris Louden Enspier
The E-Authentication Initiative Technical Approach Chris Louden Enspier “Getting to Green with E-Authentication” February 3, 2004 Technical Session

2 Technical Approach Lower Assurance Approach Higher Assurance Approach
E-Authentication Technical Approach Lower Assurance Approach Overview Management SAML as an adopted Scheme Higher Assurance Approach Certificate Validation Relationship to Bridge Architecture Where we are today Today Near Term 2

3

4

5

6

7

8

9 SAML as an Adopted Scheme
E-Authentication SAML as an Adopted Scheme SAML 1.0 Artifact Profile Proven interoperability 9

10

11

12

13 Lower Assurance Approach
E-Authentication Lower Assurance Approach SAML Assertion Contents Name User ID CS ID AA Responsabilities Authorization / Entitlements Mapping asserted identity to known identity May map multiple credentials to a known identity CS Responsabilities Identity Management Credential Assessment Framework (CAF) requirements 13

14 Higher Assurance Levels
E-Authentication Higher Assurance Levels Certificate Based Authentication “All sensitive data transfers shall be cryptographically authenticated using keys bound to the authentication process” NIST SP800-63 Does not require shared secrets Certificate Path Discovery and Validation Certificates at lower assurance AAs 14

15

16

17 Higher Assurance Approach
E-Authentication Higher Assurance Approach Certificate Validation is not enough Certificate Path Discovery and Validation 17

18 One Minute PKI Public & Private Key Pair Digital Signatures
E-Authentication One Minute PKI Public & Private Key Pair Mathematically bound numbers Encrypt with one, Decrypt with the other Digital Signatures Hashes encrypted with a private key Validate source and integrity Certificate Authorities (CAs) and Certificates Certificates bind a public key to an identity CAs issue certificates based on their policies Certificates are digitally signed by CAs Trust Anchors A CAs self-signed certificate 18

19 E-Authentication Typical PKI 19

20 E-Authentication Hierarchical PKI 20

21 E-Authentication Mesh PKI 21

22 E-Authentication Mesh PKI 22

23 E-Authentication Authentication or Message 23

24 E-Authentication Certificate Path Discovery and Validation 24

25 Higher Assurance Approach
E-Authentication Higher Assurance Approach Certificate Usability at lower assurance AAs Avoid multiple interfaces at AAs Avoid PKI complexities at lower assurance AAs 25

26

27 High Assurance Approach
E-Authentication High Assurance Approach Relation to Federal PKI Architecture 27

28

29

30

31

32

33 Where we are today Proof of Concept Interoperability Lab
E-Authentication Where we are today Proof of Concept SAML 1.0 Artifact Profile Interoperability Lab Architecture Working Group Pilots 33

34 References eAuthentication Documents NIST Documents
NIST Documents 34

35 Coming Soon FOC Forms Web Services Composite Apps New Schemes
E-Authentication Coming Soon FOC Forms Web Services Composite Apps New Schemes 35


Download ppt "Technical Approach Chris Louden Enspier"

Similar presentations


Ads by Google