Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "EDUCAUSE Fed/Higher ED PKI Coordination Meeting"— Presentation transcript:

1 EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Understanding the Federal PKI and Federal Identity & Access Management David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy EDUCAUSE Fed/Higher ED PKI Coordination Meeting June 12, 2008

2 Federal Identity & Access Management Key Policy Considerations
For FIAM Government-wide deployment: No National ID No National unique identifier No central registry of personal information, attributes, or authorization privileges Different authentication assurance levels are needed for different types of transactions IDM is based on Identity Federation Authentication – not authorization For FIAM technical approach: No single proprietary solution Deploy multiple COTS products – Products must interoperate Controls must protect privacy of personal information

3 FIAM Consists of Three Inter-Connected Initiatives
HSPD-12 Multi- Factor Token Federal PKI PKI/ Digital Signature E-Authentication --SAML Very High Strong Password High PIN/User ID Medium Low Access to Applying Obtaining Employee for a Loan Govt. Screening Protected for a High Website Online Benefits Risk Job

4 Federal PKI Certificate Policies
Federal Bridge (Model) Policy Facilitates trust among Enterprise PKI implementations Five levels of assurance (rudimentary, basic, medium, medium hardware, high) Common Policy Framework (Root) Federal PKI “Root” Policy Six policies (common, common high, common devices, common authentication, common hardware, card authentication) Citizen and Commerce Class (C4) Designed specifically to meet a need in E-Authentication Provides a mechanism for commercial-grade PKI assessment and approval as credential service providers E-Authentication Governance Directly supports the E-authentication Architecture Three policies (Level 1 CSP, Level 2 CSP, Agency Application)

5 Federal PKI Architecture
Approved PKIs ACES E-Authentication Governance CAs Approved Apps/CSPs Federal Bridge CA Other Bridges Level 1 & 2 Applications Fed Agencies Private Sector Level 1 & 2 Credential Service Providers Foreign Gov’ts States Approved SSPs C4CA Common Policy Root CA Certified Commercial SSPs Federal Agency Federal Agency Treasury Federal Agency Federal Agency GPO Commercial PKI Solutions

6 FIAM Federated Trust Model
1. Establish & define authentication risk and assurance levels 2. Establish FIAM process and technical standards & requirements for Issuers at each assurance level 3. Establish methodology for evaluating Issuers at each assurance level 4. Perform standard assessments and maintain trust list of trusted Issuers 5. Establish common business and compliance rules for approved Issuers

7 The Starting Gate for Government-wide FIAM Interoperability
Standard data model Interoperability and security standards Standard data interface specifications Standard Testing Programs - Products Reference Implementations - data interface specifications Standard Testing Program - data interface specifications FIPS 201 and associated NIST Special Publications PIV Interface Specifications Federal Bridge Certificate Policy FPKI Audit requirements E-Authentication Architecture suite Standard Testing Programs - Products GSA FIPS 201 Evaluation Program NIST FBI NVLAP FPKI E-Authentication

8 Federal Interoperability Labs
Test interoperability of products/Issuers for participation in FIAM architectures. GSA FIPS 201 Evaluation Program NIST PIV and FP MINEX testing NVLAP FBI GSA FPKI Interoperability Testing GSA E-Authentication SAML Interoperability Testing Liberty Alliance SAML Interoperability Testing Federal Approved Product Lists GSA FIPS 201 APL NIST Approved Products NVLAP/NIST Certified products FBI Approved Products GSA FPKI Cross-certification GSA FPKI Shared Service Provider GSA E-Authentication SAML Approved Products Liberty Certification PIV Card Cryptographic Module Electronic Personalization OCSP Responder PIV Card Reader - Authentication Key PIV Card Reader - Biometric PIV Card Reader - CHUID Authentication (Contact) PIV Card Reader - CHUID Authentication (Contactless) VeriSign Registry Overview com/net/org (Regulated) .tv and .cc (Non-Regulated) Challenges/Business Risks ATLAS—Raising the Bar in Registry Services Securing and enhancing the com/net/org franchise Efficient platform that reduces capital and operating expenses Platform for growth across VeriSign divisions Other Business Opportunities Enhanced Naming Services that stimulate demand for domain names Registry Outsourcing Managed DNS Directory Services Summary

9 FPKI Collaborative Environment
Other CAs (e.g., ECA, ACES, Illinois) Commercial CAs (e.g. Wells Fargo) Other Federal Root CAs Other Bridge CAs – Certipath, SAFE DoD Interoperability Root CA Federal Bridge CA Common Policy Root CA DoD Operational Root CA DoS Root CA DHS Root CA Shared Service Provider CAs DoD Subordinate CAs DoS Subordinate CAs DHS Subordinate CAs

10 FIAM Trust Enrollment & Issuance Identity & Suitability Physical
Fed Agencies OPM/FBI Enrollment & Issuance Identity & Suitability Approved Issuers Attribute Exchange Physical inspection Electronic S/N Verification Biometric Verification Digital Credential verification United States Government Employee Affiliation Agency/Department Department of Homeland Security 2010FEB24 Expires FEB2010 Doe John, H. Emergency Response Official Physical Access Federal PKI Architecture PIV Authentication Digital Certificate Authorized Signature Logical Access Digital Credential verification

11 For More Information Visit our Websites: Or contact:
Or contact: David Temoshok Director, Identity Policy and Management

Download ppt "EDUCAUSE Fed/Higher ED PKI Coordination Meeting"

Similar presentations

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.

Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management

Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Similar presentations

Ads by Google