Download presentation
Presentation is loading. Please wait.
1
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program
2
U.S. Department of Agriculture eGovernment Program 2 Agenda Components of the USDA eAuthentication Service Technology Processes & Procedures People FY 04 eAuthentication Cost Breakdown Agency Variable Cost
3
U.S. Department of Agriculture eGovernment Program 3 Three Components of the USDA eAuthentication Service Technology People Processes & Procedures The USDA eAuthentication service consists of three main components to support authentication services across USDA and ultimately, for other Federal, State, and local government entities.
4
U.S. Department of Agriculture eGovernment Program 4 Technology The USDA eAuthentication service is built upon the Web-Based Centralized Authentication and Authorization Facility (WebCAAF), technology infrastructure. Netegrity SiteMinder 5.5 Netegrity IdentityMinder Microsoft ActiveDirectory 7 WebLogic application servers 53 total servers Hosted in the Ft. Collins Webfarm Data Center Failover hosted in the St. Louis Webfarm Data Center
5
U.S. Department of Agriculture eGovernment Program 5 Technology The History of the USDA eAuthentication Service… Freedom to e-File Act created the need for Single Sign On For USDA-SCA’s Blackbird & Unisys Perform Market Analysis Top 3 Products Are LTDed Accenture & TWM Facilitate the eA Business case nLink Validated Netegrity & the architecture Agency Team Members Select WebCAAF For USDA GSA Selected USDA to Support the pilot Grants.gov
6
U.S. Department of Agriculture eGovernment Program 6 Technology The Service Center Agencies (FSA, RD, NRCS) go through rigorous selection process before establishing WebCAAF to meet the Freedom to e-File Act in 2002. January, 2001 Requirements Market Survey of approx. 18 products Evaluation of products vs. requirements Top 3 products Live Test Demo’ed Netegrity is ONLY product meeting all requirements May, 2001 Contracting Officers agree on procurement strategy nLink/Price Waterhouse hired to build out architecture WebCAAF goes live March, 2002
7
U.S. Department of Agriculture eGovernment Program 7 Technology USDA-wide eAuthentication Team decides “next steps.” September, 2002 eAuthentication team – 30 USDA members, Accenture & TWM Agency eAuthentication requirements eAuthentication business case December, 2002 Team concludes - WebCAAF was the most cost effective solution Some expansions needed to provide services across USDA February, 2003 Expanded design and architecture was approved June, 2003 System expanded October, 2003 – Expanded WebCAAF goes live
8
U.S. Department of Agriculture eGovernment Program 8 Technology GSA selected USDA’s eAuthentication service to be a part of the Federal Government’s eAuthentication Service. GSA chooses USDA as key player For GSA Gateway Includes WebCAAF and NFC PKI solutions GSA’s Technical Architecture is revised – Project continues USDA is asked to be on new Architecture Working Group GSA due to complete accreditation on WebCAAF Credential Authorization Framework (CAF) by January 2004 USDA is asked to be a credential service provider (CSP) for the Grants.gov pilot of the new SAML-based architecture
9
U.S. Department of Agriculture eGovernment Program 9 Technology The USDA eAuthentication Service performs all of the tasks needed to connect to the new SAML-based architecture. GSA Portal Credential Service Provider Agency Application 1.User starts at portal and selects credentials and service they want to access. 2.User is directed to selected CSP to present credentials. 3.User authenticates. 4.User is directed to agency application with SAML artifact. 5.Agency application decodes the SAML artifact and determines authorization. 12 3 4 5 The USDA eAuthentication Service Provides support for all of these functions Application Without the USDA eAuthentication Service, each agency application would have to perform the following: Create applications using SAML compliant tools; Create interfaces that read SAML from the CSPs; Modify interfaces when GSA changes the SAML interface; Perform all authentication & high level authorization.
10
U.S. Department of Agriculture eGovernment Program 10 Processes and Procedures The USDA eAuthentication service is supported by documented processes and procedures that were evaluated before it was given the Authority to Operate (ATO) by USDA CyberSecurity after an audit completed by Backbone… Management Controls Operational Controls Technical Controls C&A Complete w/ Authority to Operate (October) Process follows NIST- STD Operations Security Roles System Procedures
11
U.S. Department of Agriculture eGovernment Program 11 Processes & Procedures The Security Plan outlines three types of controls; Management, Operational, Technical, to protect the USDA eAuthentication Service and the agency applications. Management Controls Risk Assessment Rules of Behavior Change Management Operational Controls Personnel Security Physical Environment Protection Security Awareness Training Technical Controls Identification/Authentication Authorization/Access Controls Audit Trails
12
U.S. Department of Agriculture eGovernment Program 12 People 24 team members are dedicated to supporting the USDA eAuthentication Service across the following teams… Infrastructure Production Development Pre-Production DevelopmentHelp Desk Integrated Application Support Project Planning & Strategy User Groups LRA’s Apps Customers Web Farm Hosting Change Mgmt Planning Architectures Budget Communications Design Integration App Integration Production Migration Cost Management Passwords Trends Problem Reports Design Development Test Requirements Policies H/W, SM, IM, AD, Web Logic Outage Management Agencies
13
U.S. Department of Agriculture eGovernment Program 13 FY 04 eAuthentication Cost Breakdown The FY 04 overall fixed costs of $5,031,345 is broken across the teams in the following manner: Infrastructure Production Development Pre-Production DevelopmentHelp Desk Project Planning & Strategy User Groups LRA’s Apps Customers Web Farm Hosting $334,980 $1,700,274 Infrastructure $690,000 Software $40,000 Hardware $1,319,578 Operations Agencies $946,513 Integrated Application Support
14
U.S. Department of Agriculture eGovernment Program 14 FY 04 eAuthentication Cost Breakdown Integrated Application Support
15
U.S. Department of Agriculture eGovernment Program 15 FY 04 eAuthentication Cost Breakdown Infrastructure
16
U.S. Department of Agriculture eGovernment Program 16 FY 04 eAuthentication Cost Breakdown Hardware & Software
17
U.S. Department of Agriculture eGovernment Program 17 FY 04 eAuthentication Cost Breakdown Operations
18
U.S. Department of Agriculture eGovernment Program 18 FY 04 eAuthentication Cost Breakdown Security
19
U.S. Department of Agriculture eGovernment Program 19 FY 04 eAuthentication Cost Breakdown Project Management
20
U.S. Department of Agriculture eGovernment Program 20 FY 04 eAuthentication Cost Breakdown Overall Costs
21
U.S. Department of Agriculture eGovernment Program 21 Agency Variable Costs will range from $10,000 - $65,000. The following areas will drive the integration costs between eAuthentication and an Agency Application: Hosting Site – influences network/firewall/IDS/ACL complexity Enforcer Agent – IIS and Apache are simple; others are not # of Policy/URL’s – influences complexity of building/testing/implementing Access Control & Admin. – influences the complexity of building/maintaining Access Control Redirect Response – customized for users, but takes more time LRAs – Existing “trained” LRA’s or New “yet to be trained” LRA’s? Process: 1.eAuthentication Technical Services team determines Costs in “Design” Phase of eAuthentication Integration Lifecycle 2.OCIO presents Integration Costs to Agency Decision Maker 3.Agency transfers funds to OCIO Agency Variable Cost
22
U.S. Department of Agriculture eGovernment Program 22 Agency Variable Cost
23
U.S. Department of Agriculture eGovernment Program 23 Questions and Answers
Similar presentations
