Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.

Published byOliver Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice."— Presentation transcript:

1 Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice

2 What is Federated Identity Management? You trust another organization to Identify their users and Authenticate them before they can connect to your System. A Trusted Identity Provider (IDP) Your System relies on the Identity Information provided from the IDP to make access and authorization decisions. (relying Service Provider (SP) IDP’s and SP’s have mutual technical and policy obligations to meet for participation in the Federation.

3 FBI CJIS Systems - A Federated Identity Management Model FBI trusts your organization to Identify your users and Authenticate them before they can connect to the CJIS Systems. The Trusted Identity Provider (IDP) is {CJIS Control Terminal Officer CTO} FBI {CJIS Systems} relies on the Identity Information provided from your {CTO} IDP to make access and authorization decisions. (relying Service Provider (SP) IDP’s and SP’s have mutual technical and policy obligations in the Federation. {CJIS Policy}

4 Justice XML Inside NIEM Inside

5 Benefits of Federated Identity Management Local Organization provides Identity Management System (IDP) using local authentication methods Many Commercial products have adopted Federated Identity open standards which GFIPM is utilizing Identity information is communicated over the network via a standard GFIPM justice identity credential

6 Benefits of Federated Identity Management Eliminate multiple userid/passwords and security tokens Only grant access to your system for users who authenticate first to a trusted Identity Provider (IDP) GFIPM enabled systems always get current identity information via the GFIPM justice identity credential – no requirement to manually register/maintain users Changes in user status (job role, retire, etc) only needs to be updated once at the local IDP system

7 7 Internet One DOJ Fusion Center A HSIN RISS GFIPM Federation (Single Sign-on SSO)

8 8 Audit trail Environmental conditions Written policy Obligations Actions: release, modify, access, delete, … Response message Content metadata Electronic policy statements (dynamic, federated) PEP PDP Request message GFIPM credentials PEP: Policy Enforcement Point PDP: Policy Decision Point Security & Privacy Policy Enforcement

9 Early Adopters of GFIPM Live in Production RISSnet – Intelligence Pennsylvania JNET- criminal justice information CisaNet – Southwestern States Intelligence Under Development LA County – local Criminal History San Diego County – ARJIS criminal justice information Southern Shield – 14 States Fusion Centers Connect Project – 8 States portals and federated query services OneDOJ – Access to Federal Information Resources OneDHS – Access to DHS resources

10 Benefit of Open Standards Adoption RSA Conference, April 6, 2008 – 7 Vendors Products Interoperability Demonstration "We're pleased to work with OASIS on addressing the very sensitive issues related to the access of patient information," said John (Mike) Davis, standards architect with the VHA Office of Information in the Department of Veterans Affairs, and a member of the HITSP Security, Privacy and Infrastructure Technical Committee. "XACML helps ensure that patients, physicians, hospitals, public health agencies and other authorized users share critical information appropriately and securely."

Download ppt "Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice."

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Business Plan and Outstanding Issues for Illinois Justice Network Portal IIJIS Technical Committee Meeting January 16, 2004.

Business Plan and Outstanding Issues for Illinois Justice Network Portal IIJIS Technical Committee Meeting January 16, 2004.
Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.
1 1 GFIPM Enabling Federated Identity and Single Sign-on John Ruegg LA County Information Systems Advisory Body June 11, 2014.

1 1 GFIPM Enabling Federated Identity and Single Sign-on John Ruegg LA County Information Systems Advisory Body June 11, 2014.
Tom Clarke, NCSC IAB Teleconference/Webinar August 14, 2008.

Tom Clarke, NCSC IAB Teleconference/Webinar August 14, 2008.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
© Copyright 2011, Alembic Foundation. All Rights Reserved. Open Architectures for Health Open Source Conference February 11, 2011

© Copyright 2011, Alembic Foundation. All Rights Reserved. Open Architectures for Health Open Source Conference February 11, 2011
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.

1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
United States Department of Justice www.it.ojp.gov/global U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.

United States Department of Justice U.S. DOJ’s Global Justice Information Sharing Initiative Robert Boehmer Chairman, Global Advisory.
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Requirements for Epidemic Information Management Farrukh Najmi XML Standards Architect Sun Microsystems

Requirements for Epidemic Information Management Farrukh Najmi XML Standards Architect Sun Microsystems
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Similar presentations

Ads by Google