The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Slides:



Advertisements
Similar presentations
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Advertisements

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
Privacy and Security Tiger Team Meeting Discussion Materials Today’s Topic Recommendations on Trusted Identities for Providers in Cyberspace August 20,
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
Levels of Assurance in Authentication Tim Polk April 24, 2007.
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
NIST E-Authentication Technical Guidance Bill Burr Manager, Security Technology Group National Institute of Standards and Technology
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Identity and Access Management
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
Federal Requirements for Credential Assessments
HIMSS National Conference New Orleans Convention Center
Global Authentication: Liberty Alliance Identity Assurance Framework
Appropriate Access InCommon Identity Assurance Profiles
The E-Authentication Initiative
Presentation transcript:

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication Initiative

2 The Starting Place : Key Policy Points  No National ID.  No National unique identifier.  No central registry of personal information, attributes, or authorization privileges.  Different authentication assurance levels are needed for different types of transactions.

3 The E-Authentication Initiative E-Authentication Goals  Build and enable mutual trust needed to support wide spread use of electronic interactions between the public and Government, and across Governments  Minimize the burden on public when obtaining trusted electronic services from the Government, and across the governments  Deliver common interoperable authentication solutions, appropriately matching the levels of risk and business needs

4 The E-Authentication Initiative eAuthentication Technical Approach E-Authentication Mission OMB e-Authentication Guidance for Federal Agencies NIST Spec Pub Recommendation for Electronic Authentication Strategic Business & Finance Plans E-RA, PIA, and C &A reviews Accredited CSP Trust List CAF SAMLPKI Other Tech Specs E-Authentication Key Building Blocks Adopted Federated Identity Schemes

5 The E-Authentication Initiative Governments Federal States/Local International Higher Education Universities Higher Education PKI Bridge Healthcare American Medical Association Patient Safetty Institute Travel Industry Airlines Hotels Car Rental Trusted Traveler Programs Central Issue with Federated Identity – Who do you Trust? E-Commerce Industry ISPs Internet Accounts Credit Bureaus eBay Trust Network Financial Services Industry Home Banking Credit/Debit Cards Absent a National ID and unique National Identifier, the e-Authentication initiative will establish trusted credentials/providers at determined assurance levels.

6 The E-Authentication Initiative The Need for Federated Identity Trust and Business Models  Technical issues for sharing identities are being solved  Trust is critical issue for deployment of federated identity Federated ID networks have strong need for trust assurance standards How robust are the identity verification procedures? How strong is this shared identity? How secure is the infrastructure?  Common business rules are needed for federated identity to scale N 2 bi-lateral trust relationships is not a scalable business process Common business rules are needed to define: Trust assurance and credential strength Roles, responsibilities, of CSPs and relying parties Liabilities Business relationship costs  Federal e-Authentication Initiative will provide trust framework to integrate (policy, technology, business relationships) across disparate and independent identity systems

7 The E-Authentication Initiative Authentication Assurance Levels M-04-04:E-Authentication Guidance for Federal Agencies establishes 4 authentication assurance levels NIST SP Electronic Authentication NIST technical guidance to match technology implementation to a level Level 4Level 3Level 2Level 1 Little or no confidence in asserted identity (e.g. self identified user/password) Some confidence in asserted identity (e.g. PIN/Password) High confidence in asserted identity (e.g. digital cert) Very high confidence in the asserted identity (e.g. Smart Card)

8 The E-Authentication Initiative OMB Authentication Guidance  M Signed by OMB Director on 12/16/2003  Supplements OMB Guidance on implementation of GPEA  Establishes 4 identity authentication assurance levels  Requires agencies to conduct “e-authentication risk assessments” Result: A more consistent application of electronic authentication across the Federal Government

9 The E-Authentication Initiative NIST SP : Recommendation for Electronic Authentication  Maps to OMB E-Authentication guidance  Covers conventional token based remote authentication May be additional guidance on “knowledge based authentication”  Draft for comment at:  Comment period ends: March 15

10 The E-Authentication Initiative Part of a Larger Policy Framework Federal Identity Credentialing Component Credential Assessment Framework Federal PKI Bridge Certificate Policy NIST Authentication Technical Guidance E-Authentication Guidance for Federal Agencies FINAL: OMB M-04-04, December 16, 2003 SP800-63, Out for Comment Jan 29, 2004, Expected Final April 2004 Expected final March 04 Interim version now final and Posted on Web Policies Ongoing

11 The E-Authentication Initiative e-Authentication Trust Model for Federated Identity 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub Authentication Technical Guidance) 1. Establish e-Authentication risk and assurance levels for Governmentwide use (OMB M Federal Policy Notice 12/16/03) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 2. Establish standard methodology for e-Authentication risk assessment (ERA) 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use 6. Establish common business rules for use of trusted 3rd-party credentials

12 The E-Authentication Initiative Credential Assessment Profiles (CAPS Credential Assessment Profiles (CAPS The CAF Suite for Assessing Credentials Credential Assessment Profiles (CAPS Credential Assessment Profiles (CAPS Credential Assessment Guide (CAG) Credential Assessment Framework (CAF) PINs PASSWORDS PKI Based on OMB policy and NIST Technical guidance, the CAF establishes the structured means for providing assurances to Federal agencies regarding the veracity and dependability of identity credentials and tokens. The CAF provides structured procedures for conducting the assessment of CSPs and credentials. The CAPs establish the assessment criteria for each type of credential technology (e.g., PIN, password, PKI).

13 The E-Authentication Initiative e-Authentication Trust and Interoperability The e-Authentication Initiative acts as Trust Broker to provide Trust Assurance services for Fed Agencies Manages relations among Agency Applications (relying parties) and Credential Service Providers (issuers) Administers Authentication policy Framework Establishes and administers common business rules for the relationships among the parties Administers common interface specs Performs credential assessments Authorizes CSPs on trust list according to standardized assurance levels Provides C & A and regular audit & ensures compliance Trust Broker CSP AA CSP AA Common Policies & Business Rules Common Interface Specs Policy, Technical, & Business Interoperability

14 The E-Authentication Initiative The Need for the Electronic Authentication Partnership State/Local Governments Industry Policy Authentication Assurance levels Credential Profiles Accreditation Business Rules Privacy Principles Technology Adopted schemes Common specs User Interfaces APIs Interoperable COTS products Authz support Federal Government Commercial Trust Assurance Services Policy, Technical, & Business Interoperability Common Business and Operating Rules CSP RP

15 The E-Authentication Initiative For More Information Phone David Temoshok Websites

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.