Presentation is loading. Please wait.

Presentation is loading. Please wait.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Published byBruno Roderick Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication."— Presentation transcript:

1 The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication Initiative

2 2 E-Gov Program Management Office HSPD-12  Mandates all Federal Agencies issue ID credentials using FIPS-201 identity proofing procedures beginning 10/05  Mandates all Federal Agencies begin issuing SmartCards with medium assurance digital certs by 10/06  Authorization remains a local prerogative

3 3 The E-Authentication Initiative E-Gov Program Management Office Purpose and Function of the E- Authentication Program  To provide a single source of identity authentication services for Federal Agency Applications  To develop and promulgate policies and procedures to sustain a common identity federation for the Federal Government in support of e-Gov and HSPD- 12  To partner with Credential Service Providers and other Identity Federations to enable the broadest access to e-Gov services.

4 4 The E-Authentication Initiative E-Gov Program Management Office Summary of E-Authentication Approach  Four Levels of Assurance of Identity (LOA) from Policy LOA 1 and 2 are assertion-based: Userid/password, SAML, Shibboleth, etc. LOA 3 and 4 are cryptographically-based: PKI, etc.  LOA required based on standard Risk Assessment  Agency Applications (AAs) autonomous for authorization decisions  AAs rely on credentials issued by external Credential Service Providers who submit to an assessment based on a Credential Assessment Framework  Principle of reusable credentials

5 5 The E-Authentication Initiative E-Gov Program Management Office E-Authentication Initiatives  Assessment Framework for Credential evaluating the level of assurance (LOA) of identity of credential service providers  Membership in Liberty Alliance  Frequent meetings with Microsoft  Interfederation Interoperability Project with Cybertrust and Internet2/Shibboleth team (more slides later on)  Credential Assessment Framework

6 6 The E-Authentication Initiative E-Gov Program Management Office Credential Assessment Framework  A structured methodology and procedures for evaluating the LOA of a CSPs credentials  An assessment team that goes out and evaluates CSPs  A process for conflict resolution  Posting CSPs and their credential LOAs to a trust list (unfortunate term) on the website

7 7 The E-Authentication Initiative E-Gov Program Management Office FBCA Certification Authority Two way Cross-certified (FBCA High & FBCA Medium) Agencies (Legacy Agency CA policy) States Foreign Entities Citizen & Commerce Class Common (C4) Certificate Policy -certified Wells FargoAOLPEPCO Private Sector FPKI Common Policy Framework (FCPF) Certificate Policy C4 Policy Certification Authority (Included in browser list ofCAs) FCPF Policy Certification Authority (Trust anchor for Common FPKI Policy hierarchical PKI subscribers) E-Governance Certification Authority (Mutual authentication of SAML/SSL Certificates only) Qualified Shared Service Provider USDA/NCF Verisign DST Two way Cross-certified One way Cross - certified Federal PKI Assurance Level 1 Assurance Level 2 E-Governance Certificate Policy Other BridgeCAs ACES New Agency Optionally Two Way Cross - certified Two Way Cross Federal PKI The Federal PKI & The E-Authentication Federated Approach T w o w a y C r o s s - c e r t i f i e d XKMS OCSP CAM SOAP Others ©p©p Step #1: User goes to Portal to select the AA and ECP Portal Step #3: The user authenticates to the AA directly using SSL or TLS. Figure : FPKI Validation Service AA CA 1 Community 1 CA 4 CA 4bCA 4a CA 2 Community 2 Bridge CA 3 Community 3 FPKI Step #4: The AA uses the validation service to validate the certificate Step #2: The user is passed directly to the AA eAuth Trust List FBCA Certificate Policy

8 8 The E-Authentication Initiative E-Gov Program Management Office Interfederation Interoperability  Assertion-level trust transactions require federation- to-federation policy and technology interoperability initiatives Under way with inCommon (Internet2)  Crypto-level trust transactions mediated by Federal Bridge Under way with Higher Education Bridge, Pharmaceutical Industry Bridge, Aerospace Bridge

9 9 The E-Authentication Initiative E-Gov Program Management Office What Happens When Two Federations Want to Interoperate?  Enable technical interoperability between members of different federations  Develop mutually agreed-upon mappings for trusting identity credentials and elements of credentials  Develop mutually agreed-upon mappings for business rules  Develop peer-based conflict resolution mechanisms

10 10 The E-Authentication Initiative E-Gov Program Management Office Report: Status of Interfederation Interoperability Work Group  inCommon Higher Education Identity Federation Using Shibboleth middleware technical protocols Policy-light  E-Authentication US Identity Federation Using a variety of technical protocols Policy intensive

11 11 The E-Authentication Initiative E-Gov Program Management Office Accomplishments to Date  Demonstration of proof of concept for technical interoperability of identity credentials and utilities: E-Authentication SAML 1.0 and Shibboleth 1.2  Production-level interoperability built into Shibboleth 1.3 (in beta)  Extensive groundwork done on identifying policy and procedure mapping/treaty requirements  Credential Assessment of 4 Universities

12 12 The E-Authentication Initiative E-Gov Program Management Office Work in Progress  Development of common SAML 2.0 schemes  Development of common USPerson profile and profile management infrastructure  Development of production-quality scheme translator  Ongoing work to enable cross-federation trust and interoperability  NSF FastLane to accept 4 universities’ Shibboleth-based identity and attribute credentials

13 13 The E-Authentication Initiative E-Gov Program Management Office Unresolved Issues  Mapping null attributes  Ensuring privacy of attribute information in a variety of instances  Portal integration  Scaling issues for listing credential providers  Issues of transitivity across federations  Multiple authoritative sources/conflicting authoritative sources  Vocabulary and “data dictionary” issues  Liability and indemnification issues

14 14 The E-Authentication Initiative E-Gov Program Management Office More Information  peter.alterman@nih.gov peter.alterman@nih.gov  http://csrc.nist.gov http://csrc.nist.gov  http://www.cio.gov/fbca http://www.cio.gov/fbca  http://www.cio.gov/eauthentication http://www.cio.gov/eauthentication  http://www.cio.gov/fpkipa http://www.cio.gov/fpkipa

Download ppt "The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication."

Similar presentations

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Similar presentations

Ads by Google