Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mary Montoya, CIO Bogi Malecki, Project Manager

Similar presentations


Presentation on theme: "Mary Montoya, CIO Bogi Malecki, Project Manager"— Presentation transcript:

1 New Mexico Environment Department The E-Enterprise Integrated Identity Solution Project (ISOL)
Mary Montoya, CIO Bogi Malecki, Project Manager Tom McMichael, Systems Analyst Mark Morell, Systems Integrator & Technical Writer Sam Jenkins, Solutions Architect 12/14/2015 Project Certification Committee Presentation

2 Environment Department Mission
The mission of the New Mexico Environment Department is to protect and restore the environment, and to foster a healthy and prosperous New Mexico for present and future generations. 12/14/2015 Project Certification Committee Presentation

3 Project Purpose Discover & Analyze. Evaluate identity and access management of NM, TN and WY Single Sign-On systems and EPA’s Identity Bridge system and determine the impact of implementing a proposed federated identity solution. 12/14/2015 Project Certification Committee Presentation

4 Main Goal Identify how best to authenticate users with one site and allow secure access to all other sites without re-authenticating: 12/14/2015 Project Certification Committee Presentation

5 Ultimate Aim Reduce burden and cost of maintaining multiple identities and systems for transacting business and sharing environmental data across entities. 12/14/2015 Project Certification Committee Presentation

6 Planned Approaches Use Third Party Identities
Enable Single Sign-On using Secure Token Services Integrate OpenID / OpenID Connect Identity Provider Interface 12/14/2015 Project Certification Committee Presentation

7 1. Use 3rd Party Identities
1. A user tries to access a protected resource at the web site (relying party). 2. The user is offered a choice of identity providers and redirected to the selected identity provider. 3. The user authenticates by providing login information at the identity provider’s login page. 4. After successful authentication, the user is redirected to the relying party web site along with a signed security token and other information (claims). 5. The relying party validates the security token and allows access if the token is valid (it was signed by the trusted issuer). 12/14/2015 Project Certification Committee Presentation

8 3rd Party Log-in Example
Redirect to the Enterprise Security Bridge with Facebook IdP specified User authenticates at Facebook Enterprise Security Bridge redirects to the E-Enterprise Portal E-Enterprise Portal uses Web Services Federation to validate 12/14/2015 Project Certification Committee Presentation

9 2. Enable Single-Sign On A user attempts to login at an identity provider by presenting user ID and credential. The identity provider validates the user’s claim. It requests the STS to issue a security token if the identity is valid. The STS verifies the identity provider’s credential and signs the security token if the identity provider is trusted. The user ID and other identity information will be encrypted into the token. The identity provider returns the security token to signal a successful login. The user then asks for services at another application (the Relying Party) with the security token as the evidence of an authenticated user (I have logged in already, here is my ticket). The suspicious relying party verifies the claim by validating the security token at the STS. The STS checks the token and returns the user’s ID, along with other attributes, if successful. The relying party performs requested operation and returns results to the user. 12/14/2015 Project Certification Committee Presentation

10 3. Integrate OpenID 1. User accesses the OpenID Connect application (relying party) 2. The user is redirected to the "authorization endpoint" of CFS (Cloud Federation Service) to authenticate 3. If the user authenticates, she is prompted to authorize the application to access certain profile information 4. The user browser is sent back to the client application (indicated by the Callback URL in the configuration) with the authentication/authorization result. 5. The application can contact CFS at the UserInfo endpoint. The application has a maximum of 2 minutes to contact CFS for the user's information. After 2 minutes, the access token is no longer valid and steps 2-4 shown in the diagram must be done again. Note here that even if steps 2-4 will be executed again, the user will not see any of this because they will already have been authenticated by CFS (and not prompted again) and already authorized the application to access their information (so they won't have to consent again - as long as they have not manually revoked access to this application in the meantime). 6. The UserInfo endpoint (CFS) returns consented profile information to the client application. 12/14/2015 Project Certification Committee Presentation

11 OpenID Log-in Page Example
12/14/2015 Project Certification Committee Presentation

12 General Information The project was conceived and initiated by NMED Office of Information Technology The proposal was sent to EPA November, 2014 NMED was awarded funding September, 2015 The funding period is 10/1/2015 – 9/30/2017 The funding budget is $472,737 12/14/2015 Project Certification Committee Presentation

13 High Level Project Overview
Objective Budget Due Date Finalize Scope; Execute Contracts & MOAs; Purchase licenses; Assign team tasks & deadlines $36,856 12/11/2015 Perform Federated Identity Management discovery and a solutions assessment with EPA $25,617 8/26/2016 discovery and a solutions assessment of NM $85,248 10/28/2016 discovery and a solutions assessment of TN $118,182 11/25/2016 discovery and a solutions assessment of WY $117,364 12/23/2016 Analyze results, compile and submit findings & recommendations $63,720 4/1/2017 Closeout $25,750 5/31/2017 Total $472,737 The different cell colors indicate different project phases. 12/14/2015 Project Certification Committee Presentation

14 Stakeholders and Governance
EPA - Office of Environmental Information (OEI) Exchange Network Leadership Council (ENLC) Exchange Network Technology Board (NTB) NMED Office of Information Technology - Office of the CIO Tennessee Department of Environment and Conservation Wyoming Department of Environmental Quality NM Department of Information Technology – Project Certification Committee 12/14/2015 Project Certification Committee Presentation

15 Project Management Plan
Present to PCC at Initiation & Planning phase Submit Quality Assurance Plan to EPA Submit semi-annual progress reports to EPA Present bi-monthly status reports to ENLC Present monthly reports to PCC Hold monthly meetings with partner states to track progress and findings Weekly project team meetings to check task status, identify roadblocks & assess schedule impact Present to PCC at Implementation phase Present to PCC at Closeout project phase Submit final report to EPA 12/14/2015 Project Certification Committee Presentation

16 Risks & Issues Possible risks include:
Insufficient participation from partner states/EPA Inconsistent statutory requirements across jurisdictions EPA imposed technologies and/or requirements that are inconsistent with the project goals 12/14/2015 Project Certification Committee Presentation

17 Questions 12/14/2015 Project Certification Committee Presentation


Download ppt "Mary Montoya, CIO Bogi Malecki, Project Manager"

Similar presentations


Ads by Google