Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Published byRudy Wight Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH."— Presentation transcript:

1 Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH

2 2 Federal Initiatives eAuthentication –Focus on eCommerce, services, etc. HSPD-12 –Focus on security

3 3 Federal View of Electronic ID A validated, proofed identity using breeder documents and databases (FIPS 201) A scheme for adding a name, biometrics (photo, fingerprints), numeric codes (CHUID, etc.) and substantial assurance digital certificates to a next- generation SmartCard Attributes are extensions not required by HSPD-12, but optionally consumed by Applications –SAML assertions and/or database entries for attribute storage –USPerson profile being developed to standardize attribute representation

4 4 eAuthentication Initiative Provide electronic identity authentication services for online government applications Manage the Federal Federation – extends services to private sector credential providers and online services Set standards for assertion-based authentication tools Offers standard risk assessment tool Standard Architecture and Policy foundations

5 5 Summary of Architecture and Policy/Procedures Based on NIST SP800-63 Architecture –SAML assertions for LOA 1, 2 (encapsulate userid/passwords) Vendor interoperability required for addition to approved vendor list SAML 1.0 currently supported; SAML 2.0 specs being developed –PKI or OTP for LOA 3 –PKI for LOA 4 –Scheme translator available Policy/Procedures –Credential assessments for all CSPs, CAF for assertion-based credentials; cross certification with Federal PKI for crypto-based credentials –Federal PKI Policies define requirements for digital certificate trustworthiness –EAF defines service requirements for all LOA Now included in Federal PKI policy requirements

6 6 The Federal Federation Credential Service Providers Covers 4 LOA –Assertion-based identity credentials for L 1, 2 –Crypto-based identity credentials for L 3, 4 Service Requirements –Related to uptime, user support, etc. Interfederation Arrangements Encouraged Agency Applications Federal Agency Applications and Services Mandated by Administration Service Requirements –Related to uptime, user support, etc.

7 7 Homeland Security Presidential Directive 12 A Presidential Mandate for Federal Agencies to issue medium hardware assurance (or better) identity credentials for access to physical and logical government resources - inside-the- firewall contractors, too –Medium Hardware or High Assurance digital certificates on PIV-2 cards (nextgen SmartCards) Fast-tracked for implementation starting 10/2006 Led to new government standards for identity proofing and vetting (FIPS 201) and for PKI hardware tokens (NIST SP 800- 7x series)

8 8 Interoperability Initiatives CertiPathCertiPath – Federal Bridge cross-certification complete SAFESAFE PKI Bridge and services – supporting digitally-signed electronic forms and document management – cross-certification under way inCommon/Federal Federation – interfederation efforts currently (9/06) on hold

9 9 Technology Implications US Government LOA, standardized risk analysis, standards for PIV cards and identity proofing and vetting are here and INEVITABLY will migrate everywhere –Pickup already noted in aerospace contractor space, homeland security Feds will have to deal with attributes eventually!

10 10 Security and Online Services Implications for Higher Ed DHS first responders, DEA PKIs and CMS initiatives to enable online services and payments management will drive medical schools, hospitals and insurance chains to adopt Federal models for electronic identity authentication –Financial services firms under SEC regulation are already falling in line, both within and outside the eAuthentication federation participation –DEA issuing digital certs to pharmaceutical supply chain entities and plans to do so to service providers (MDs, PAs, NPs, etc.) Availability of online government apps drive schools to federate to take advantage of services/apps

11 11 What About Privacy? No single database of identity credentials No requirement for only one identity credential The old tradeoff still exists: convenience vs. security Are there forces out there that want to know who you are at all times? –Of course; worry about RFID first.

12 12 Resources www.cio.gov/eauthentication http://csrc.nist.gov/pki www.cio.gov/ficc www.smartcardalliance.org

13 13

Download ppt "Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH."

Similar presentations

Cerner Presentation to S&I esMD Workgroup – Industry Scan

Cerner Presentation to S&I esMD Workgroup – Industry Scan
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Single Sign-On and Federated Authentication at NIH and Beyond

Single Sign-On and Federated Authentication at NIH and Beyond
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.

1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

Similar presentations

Ads by Google