Download presentation
Presentation is loading. Please wait.
Published byKatherine McDaniel Modified over 9 years ago
1
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006
2
2 The Goal of E-Government Empower and enable citizens and businesses to manage their relationships with government on their terms in a secure online environment The Role of the E-Authentication Program Provide standards, framework and services necessary for the Federal Government to accept all levels of secure identity verification, simplifying business, public & government access to online services in a cost-effective manner The Context for E-Authentication
3
3 E-Authentication Mission Enable millions of safe, secure, trusted online transactions between Government and the citizens and businesses that it serves Reduce online identity management / credentialing burden for government agency application owners and system administrators Provide citizens and businesses with a choice of credentials – such as PINs/User IDs/passwords/digital certificates – when accessing public- facing online government services
4
4 Key Policy Considerations For Government-wide deployment: No National ID No National unique identifier No central registry of personal information, attributes, or authorization privileges Different authentication assurance levels are needed for different types of transactions Authentication – not authorization For E-Authentication technical approach: No single proprietary solution Deploy multiple COTS products – user’s choice Products must interoperate Controls must protect privacy of personal information
5
5 E-Authentication Strategy The best way to accomplish E- Authentication’s mission while satisfying the requisite policy considerations: Build the E-Authentication Federation, wherein government agencies can rely on electronic identity credentials issued and managed by other organizations within and outside the federal government
6
6 The Decision to Adopt a Federated Approach Identity management is one of the major enterprise IT challenges Government’s move to the Web raised the need to ID- proof millions of customers Industry best practices moving toward enterprise identity management solution (portal) and federated identity Use of federated identity is growing According to Burton Group, more than 300 businesses deploying SAML-based federations
7
7 The Concept of E-Authentication Step 3Step 2 Step 1 Step 1: At access point (agency Web site or credential service provider) user selects agency application and credential provider Step 2: User is redirected to selected credential service provider If user already possesses credential, user authenticates If not, user acquires credential and then authenticates Step 3: Credential service hands off authenticated user to the agency application selected User performs transaction
8
8 The Value of the E-Authentication Federation Citizens and businesses Convenience and ease of use in accessing government services Secure access with privacy protection Safeguarding the public trust Government Saving agencies time and money in developing, implementing and administering identity management Leveraging an existing authentication infrastructure (the Federation) Fewer credentials to manage Reducing the risk of implementing and maintaining an identity validation capability Accelerating the time to market for e- government services
9
9 The Building Blocks of the E-Authentication Federation Business & Operating Rules Operational Infrastructure Agency Applications/ Credential Service Providers PolicyTechnology/Architecture Completed FY 2004 Completed FY ‘05 Growing in FY06 and beyond
10
10 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub 800-63 Authentication Technical Guidance) 1. Establish E-Authentication risk and assurance levels for Governmentwide use (OMB M-04-04 Federal Policy Notice 12/16/03) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 2. Establish standard methodology for E-Authentication risk assessment (ERA) 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use (Federation Member CSPs) 6. Establish common business rules for use of trusted 3rd-party credentials (Legal Document Suite) Policy Infrastructure:
11
11 Federation Policy: Identity Assurance Levels NIST SP800-63 Electronic Authentication technical guidance matches technology to each assurance level OMB E-Authentication Guidance establishes four assurance levels Level 4Level 3Level 2Level 1 Little or no confidence in asserted identity (e.g. self identified user/password) Some confidence in asserted identity (e.g. PIN/Password) High confidence in asserted identity (e.g. digital cert) Very high confidence in the asserted identity (e.g. Smart Card) E-RA tool assists agencies in defining authentication requirements & mapping them to the appropriate assurance level Providing consistent application of E-Authentication across gov’t
12
12 Federation Membership Business & Operating Rules Technology standards integrated with common business rules Developing business agreements that govern membership in the E-Authentication Federation Binding the trust that drives interoperability
13
13 Status of Federation Membership (5/1/06) Relying Parties SSA (Direct Deposit) GSA (eOffer) Dept. of Labor (MSHA) OPM (USA Learning) OPM (USA Jobs) NASA (MyNASA) Dept. of Transportation (SAFER) Dept. of Commerce (Export.gov) NSF (Fastlane) Dept. of Energy (VIPERS) Dept. of Interior/Nat’l Park Service (Research Permit & Reporting System) HUD (FHA Connection)
14
14 Status of Federation Membership (5/1/06) Credential Service Providers Fidelity Investments* WellsSecure* (Wells Fargo PKI) ORC USDA eAuthentication OPM Employee Express * Denotes designated financial agent (DFA) of the US Department of Treasury/Financial Management Service Add’l Targeted Verticals Financial Institutions State/local governments Higher Education
15
15 For More Information… Georgia K. Marsh Deputy Program Executive 703-872-8614 Georgiak.marsh@gsa.gov Websites http://cio.gov/eauthentication http://cio.gov/fpkipa
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.