Presentation is loading. Please wait.

Presentation is loading. Please wait.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Published byAbner Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program."— Presentation transcript:

1 U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program

2 U.S. Department of Agriculture eGovernment Program 2 Agenda  eAuthentication Overview  USDA eAuthentication Solution Components  Agency Integration Responsibilities  eAuthentication Costs and Resources  Questions and Answers

3 U.S. Department of Agriculture eGovernment Program 3  Customer interactions with USDA, also called transactions, will be transformed to allow customer submission through electronic means  For many interactions, the identity of the person submitting the data needs to be known, either to enable an electronic signature of the form or data, or for informational purposes  eAuthentication encompasses the processes and technology that identify a person electronically and present that information to the application that is accepting the user’s data submission  eAuthentication in the current phase will only support interactions that are presented in a web format over the Internet What is eAuthentication?

4 U.S. Department of Agriculture eGovernment Program 4 35 (61%) out of the 57 in-scope interactions require Level 2 Authentication. Currently, USDA eAuthentication supports Level 1 and Level 2 authentication. Of the 736 interactions scheduled for GPEA compliance for October 2003, 639 require eAuthentication. 57 of these have been completed in the Online Impact Assessment Tool. eAuthentication Needs Authentication Levels define the credibility necessary to support a person’s identification. The higher authentication level, the more information is needed to validate a person is who they say they are…

5 U.S. Department of Agriculture eGovernment Program 5 eAuthentication Schedule  Continue eAuthentication communications in the form of postcards, presentations and integration documentation  Present the Costing Model to Agencies for eAuthentication by July 25, 2003  Distribute the Agency Guidebook by July 25, 2003 Road map and details for integrating Agency Applications  Begin Implementation on July 28, 2003 WebCAAF Expansion, Directory Services, Identity Management, User Registration  Initiate GSA Gateway Integration Proof-of-Concept in August 2003  Provide Integration Planning assistance beginning August 2003  Begin integration of applications in September 2003  GPEA Deadline is October 21, 2003

6 U.S. Department of Agriculture eGovernment Program 6 Agenda  eAuthentication Overview  USDA eAuthentication Solution Components  Agency Integration Responsibilities  eAuthentication Costs and Resources  Questions and Answers

7 U.S. Department of Agriculture eGovernment Program 7 USDA eAuthentication Solution Components The USDA eAuthentication solution encompasses four main components… USDA eAuthentication Solution Technical Solution Identity and Access Management Identity and Access Management Registration Process Presidential Initiative (GSA Gateway) Presidential Initiative (GSA Gateway)

8 U.S. Department of Agriculture eGovernment Program 8 USDA eAuthentication Solution Components Technical Solution Internet RouterSwitch RouterSwitch INTERNET INTRANET FIREWALLIDSACLNAT Enforcer WEB FARMS www.xyz.usda.gov Enforcer USDA Network FIREWALL ALTERNATIVE HOSTING FACILITY Policy Server Policy Stores User Stores “Enforcer” – web agent installed on the agency’s web server to perform authentication. Communicates with central authentication system in Web Farm “Web Farm” – secure, redundant hosting facility that hosts the USDA eAuthentication solution “Firewall Stack” – set of network and security devices that protects the USDA network from the Internet. The Web Farm Firewall Stack is part of the USDA eAuthentication C&A “User Stores” – central USDA user store. Maintains information about the user that is common across agencies. Agency-specific user stores maintain more detailed information if needed “Policy Server” and “Policy Store” – core components of the USDA authentication solution. Ties together enforcers and user stores through “policies” www.abc.gov/form1

9 U.S. Department of Agriculture eGovernment Program 9  Password Services – Enforcement of strong password standards and allow password maintenance such as password changes, password expiration, etc  Self Services – Administration of user information without calling the USDA help desk. This is non- authentication information such as the user’s phone number and username, not information about the user’s relationship with the agency or his permission to access certain web applications  Delegated Administration – Administration access to the central user store to establish users access to agency’s applications  Help Desk – Assistance with authentication related issues such as password resets, directions to a registration center etc. The USDA Help Desk is not able to help with application- specific questions. Agencies must provide contact information for application-specific problems USDA eAuthentication Solution Components Identity and Access Management Identity and Access Management

10 U.S. Department of Agriculture eGovernment Program 10  Self Service Registration for Level 1 Assurance Registration for the most basic form of authentication, not a strong indicator of the user’s actual identity since it relies on information from the user, but is useful in some settings such as web site personalization  Identification Proofing for Higher Levels Validation of identity by a Local Registration Authority. Currently this identity-proofing must be done in-person Service Center or other Local Registration Authorities  Agency-specific Authorization Profile Creation Authorization of a which users may access their applications. Each agency may create a set of conditions based on the common user information that is collected or may create web pages to collect additional information. USDA eAuthentication Solution Components Registration Process

11 U.S. Department of Agriculture eGovernment Program 11 Agency Web Servers USDA Logon Servers Internet GSA Gateway ECP The GSA Gateway is the Presidential Initiative solution for eAuthentication. USDA’s integration approach is to create a single point of integration with the GSA Gateway, through the USDA eAuthentication solution.  The USDA eAuthentication solution and GSA Gateway integration will occur once the Gateway is complete  An integration proof-of-concept is planned for August, 2003  Applications will integrate with the USDA eAuthentication solution, which will connect to the GSA Gateway, so each agency application will not have to be integrated separately with the GSA Gateway  Upon completion, Agency applications will receive the benefits of the GSA Gateway USDA eAuthentication Solution Components Presidential Initiative (GSA Gateway) Presidential Initiative (GSA Gateway) USDA eAuthentication

12 U.S. Department of Agriculture eGovernment Program 12  eAuthentication Overview  USDA eAuthentication Solution Components  Agency Integration Responsibilities  eAuthentication Costs and Resources  Questions and Answers Agenda

13 U.S. Department of Agriculture eGovernment Program 13 Oct 21 GPEA Deadline Agency Integration Responsibilities August October September July eForms/eAuth Design Meetings Build Coordination Meetings Test/Certification Meetings Production Readiness ID ’03 Funding ID ’04 Funding ID GPEA- Compliant Interactions Select Forms tool(s) Complete Authentication Impact Profile Assessment Confirm GPEA Functional Team Confirm GPEA Technical Team Design eAuth Registration Components Design eAuth Identity & Access Management Components Design eForms System Process OMB Approvals Create Technical Design for eAuth components Build Technical eAuth components Build eForms System Develop On-Line Alternatives Communications plan Implement eAuth Registration Components Implement eAuth Identity & Access Management Components Publish Communications eForms System Test Train LRAs Train Agency Admins Request eRecords Disposition Authority Certify LRA process eForms System Go-Live

14 U.S. Department of Agriculture eGovernment Program 14 Logon Server Technical Solution Agency Integration Responsibilities FIREWALLIDSACLNAT Web Farm Hosting Environment Policy Server User Stores Policy Server Policy Stores User Stores Logon Server Login Pages Authentication Registration Pages Production Environment Identity Management Services Pages Enforcer Web Server www.xyz.com Authorization Pages Logon Server Login Pages Authentication Registration Pages Identity Management Services Pages Policy Server Policy Stores User Stores Test Environments  Create web application on supported web server  Assist in installation of web “enforcer”  Decide what user information your agency applications need to receive from the central user store in the form of header variables  Give eAuthentication team information to integrate new “enforcer” into eAuthentication system  Build web pages to collect any additional user information for authorization

15 U.S. Department of Agriculture eGovernment Program 15 Authorization Pages User Stores Identity Management Services Pages Help Desk User Stores Users Password Services User Self- Administration Delegated Administration Agency Integration Responsibilities Identity and Access Management Identity and Access Management Authorization Processes and Role Definition  Build a process to decide whether a user should be allowed to access your agency’s applications  If that process requires any user information that is not collected by the central registration procedure, build “authorization registration” web pages to collect this information (including company representation)  Designate and train agency administrators to “authorize” users in the eAuthentication system for agency applications  Maintain a list of customer/company representative relationships  Map USDA Customer IDs to Agency Customer IDs

16 U.S. Department of Agriculture eGovernment Program 16 User Stores Authentication Registration Pages Users Agency- Specific LRAs Level 1 Self- Registration Email Verification Level 2 LRA Registration Level 1 Self Registration Level 2 In-Person Registration Identity Proofing Procedure Agency- Specific LRAs Identity Proofing Procedure Agency Integration Responsibilities Registration Process  Determine if Service Centers will provide “Local Registration Authority” (LRA) services for your user population  If not, create identity proofing processes and training for your LRAs following USDA standards  Communicate registration processes and requirements to your users

17 U.S. Department of Agriculture eGovernment Program 17 Presidential Initiative (GSA Gateway) Presidential Initiative (GSA Gateway)  Integrate with USDA eAuthentication solution  Alert USDA eAuthentication team of any applications/interactions that require higher levels of credentials than the eAuthentication passwords (through the online tool)  Work with eAuthentication team to identify sources of credentials from GSA Gateway providers Agency Integration Responsibilities Agency Web Servers USDA Logon Servers Internet GSA Gateway ECP USDA eAuthentication

18 U.S. Department of Agriculture eGovernment Program 18  eAuthentication Overview  USDA eAuthentication Solution Components  Agency Integration Responsibilities  eAuthentication Costs and Resources  Questions and Answers Agenda

19 U.S. Department of Agriculture eGovernment Program 19 The fixed and variable costs for the eAuthentication initiative are broken out as follows… Cost distribution calculations/algorithms need to be created quickly, any suggestions on how the cost should be allocated? eAuthentication Costs FY 2003 Total Costs$1,550,000 FY 2004 Total Costs$5,700,000 FY 2004 Variable Costs$1,525,000 FY 2004 Fixed Costs$4,175,000

20 U.S. Department of Agriculture eGovernment Program 20 eAuthentication Resource Needs USDA eAuthentication Solution Team  Technical Services Team  Integration Team Agency Solution Team  Integration Team Business process and user communities expertise  Technical Team Developers representing the Agency application

21 U.S. Department of Agriculture eGovernment Program 21  eAuthentication Overview  USDA eAuthentication Solution Components  Agency Integration Responsibilities  eAuthentication Costs and Resources  Questions and Answers Agenda

22 U.S. Department of Agriculture eGovernment Program 22 Questions and Answers

23 U.S. Department of Agriculture eGovernment Program 23 For More Information For more information on the eAuthentication Initiative, please review the eAuthentication Frequently Asked Questions on the eGovernment site: http://www.egov.usda.gov/resources/teamspace/team_resources.html Please contact the eGovernment team for username and password.

Download ppt "U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program."

Similar presentations

June 27, 2005 Preparing your Implementation Plan.

June 27, 2005 Preparing your Implementation Plan.
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.

EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.

Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.
July 11 - September 2 2005 FFIEC Central Data Repository Bank Enrollment.

July 11 - September FFIEC Central Data Repository Bank Enrollment.
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.

U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Electronic Status Reporting for Lenders FSA Guaranteed Loan System.

Electronic Status Reporting for Lenders FSA Guaranteed Loan System.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Enterprise Physical Access Control System (ePACS) Overview Briefing

Enterprise Physical Access Control System (ePACS) Overview Briefing
Page 1 CITS Active Directory Implementation UMass Dartmouth.

Page 1 CITS Active Directory Implementation UMass Dartmouth.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Similar presentations

Ads by Google