Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Published bySharon Hicks Modified over 9 years ago

Similar presentations

Presentation on theme: "Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam."— Presentation transcript:

1 Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam

2  Target State Vision  Access and Identity Management System Identity Management Access Management  FAA Access to CPS Online  Active Confirmation  Two Factor Authentication Contents 2

3 Target State Vision – Business View 3

4 Target State Vision – Technical View 4

5 5 Access and Identity Management System (AIMS)

6 6 Access and Identity Management System (AIMS) AIMS provides a single integrated access and identity management framework that can be used by all business applications and infrastructure components for partner and employee/ contractor users

7 7 What is AIMS? AIMS provides a single, integrated authentication and authorization framework that can be used by all of Federal Student Aid business applications and infrastructure components, including Enterprise Portal and ESB AIMS enables consistent Authentication, Authorization, and Accountability –Authentication: Who are you? –Authorization: What are you allowed to do? –Accountability: What did you do? AIMS will enable a single unique source of Identity Management throughout Federal Student Aid –One user profile per person for all SA protected applications

8 8 AIMS Concept of Operations Manage Security Environment Access Policies (Roles) Provisioning Policies User Policies Logging & Archive Policies Create System Identities Process Governance Manage Identity Community Enroll to Apply Enroll as Administrator Enroll as User of Systems Enroll to Transmit Batches Provide Self-Service Tasks Monitor Security Environment Security Audit Trails Security Exceptions User Audits Policy Compliance Policy Improvements Manage Access To Systems & Resources Access On-Line Services Access Batch Services Enterprise Applications (NSLDS, Portal, IPM, etc) System Security Officers Auditors Security Management All Users Partner Systems Gateway

9 9 AIMS Authentication 1.User enters URL in Web browser to access Portal resource 2.WebSEAL determines that user is requesting protected resource and prompts user with login page 3.User submits completed login page to WebSEAL; 4.WebSEAL connects with Policy Server to validate the identify of the user in the User Registry 5.WebSEAL uses validated identity; creates a session ID for the user; and obtains a credential for the user

10 10 AIMS Authorization 6.The Session ID and credential are stored in the WebSEAL session / credential cache 7.WebSEAL provides TAM authorization services with the user credentials where they are compared to ACLs and POPs 8.Upon authorization, WebSEAL forwards user request to Portal 9.Service Portlet is invoked, passes user credentials, and interacts with back-office 10.WebSEAL send response to user, where results are presented

11 11 FAA Access to CPS Online

12 12 FAA Access to CPS Online Login Enhance current state of access to limit use of Personal Identifying Information (PII)  First Time Registration  CPS Online Login

13 13 Old FAA Access to CPS Online Login Old: Enter SSN, first 2 letters of last name, DOB, and PIN on the FAA Access to CPS Online login page to access the application

14 14 Enrollment for FAA Access to CPS Entry of Personal information in SAIG, for verification

15 Enter credential information in AIMS.

16 Confirmation of data entry

17 Acknowledgement of successful registration

18 18 FAA Access to CPS Online Login Enter User ID and password on the FAA Access to CPS Online Login page to access the application http://faaacess.ed.gov

19 19 Password Policies  Password Policy Expires every 90 days Complex alpha-numeric passwords Answer Challenge Questions to reset password  Password Lockout 3 unsuccessful login attempts Can still use “Forgot Password” application Login disabled for 30 minutes

20 20 Active Confirmation

21 21 What is Active Confirmation? Active confirmation is the process of a Designated Point Administrator (DPA) reviewing users' access privileges on a establish time schedule and confirming these users' privileges. This will help ensure an updated and secure environment for system accessibility. The Federal Student Aid DPAs will be required to review their list of users who access Federal Student Aid systems and confirm that each individual continues to be a valid user. This will be done on a periodic basis.

22 22 “Active Confirmation” Process The DPA Roster Provides a list of employees that currently possess TG numbers Requires validation or deletion of TG Numbers assigned to your organization in the SAIG Enrollment Web site The FAA Roster Provides a list of employees at your organization who are currently enrolled for access to FAA Access to CPS Online services Requires validation or deletion of FAA Users assigned to your organization in the SAIG Enrollment Web site

23 23 Two-Factor Authentication

24 24 T-FA Implementation Objectives Federal Student Aid is implementing Two- Factor Authentication (T-FA) for privileged users to access Federal Student Aid systems from the internet to enhance the security of its information systems

25 25 What is Two-Factor Authentication? Two-Factor Authentication (T-FA) uses two pieces of information and processes (two different methods) to authenticate a person's identity for security purposes. Authentication factors are generally classified into three categories:  Something the user has ID card, security token, software token, phone, or cell phone  Something the user knows password, pass phrase, or personal identification number  Something the user is fingerprint or retinal pattern, voice recognition, or another biometric identifier Two-Factor Authentication requires the use of solutions from two of the three categories of factors.

26 26 T-FA Technologies Some of the common technologies used as the second factor authentication in concert with UserID and Password include:  Hardware Tokens - generate a constantly changing one-time password to enable authentication.  Software Tokens on PCs - enable authentication with computer as second factor authenticator.  Software Tokens on Mobile Devices - allow authentication from smart phones and PDAs.  Smart Cards - enable authentication as well as of physical access.  USB Tokens - enable authentication without the need to key in a token code (can be plugged into a standard USB port).  Biometric Devices - enable authentication according to the physical characteristics of a user (fingerprint and retina scans).

27 27

28 28 Ganesh Reddy Phone: (202) 377-3557 Email:Ganesh.Reddy@ed.gov

Download ppt "Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam."

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Implementing an Enterprise Security System for Internet Authentication and Authorization Ken Patterson, CISSP Information Security Officer Harvard Pilgrim.

Implementing an Enterprise Security System for Internet Authentication and Authorization Ken Patterson, CISSP Information Security Officer Harvard Pilgrim.
Federal Student Aid Technical Architecture Initiatives James McMahon Ganesh Reddy U.S. Department of Education Session T-03.

Federal Student Aid Technical Architecture Initiatives James McMahon Ganesh Reddy U.S. Department of Education Session T-03.
Security-Authentication

Security-Authentication
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Session 26-1. 2 Session 26 SAIG (Title IV WAN) Connectivity.

Session Session 26 SAIG (Title IV WAN) Connectivity.
© 2005-07 NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Similar presentations

Ads by Google