Technical Approach Chris Louden Enspier

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Web services security I
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
EGovernment Commonalities within Europe and beyond Colin Wallis & Fulup Ar Foll European Identity Conference 2011.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
TAG Presentation 18th May 2004 Paul Butler
Access Policy - Federation March 23, 2016
Levels of Assurance OGF Activity
Grid Security.
TAG Presentation 18th May 2004 Paul Butler
U.S. Federal e-Authentication Initiative
Public Key Infrastructure
Security through Encryption
The E-Authentication Initiative
Lecture 4 - Cryptography
HIMSS National Conference New Orleans Convention Center
Certificate Enrollment Process
Install AD Certificate Services
Microsoft Virtual Academy
Appropriate Access InCommon Identity Assurance Profiles
PKI (Public Key Infrastructure)
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

Technical Approach Chris Louden Enspier The E-Authentication Initiative Technical Approach Chris Louden Enspier “Getting to Green with E-Authentication” February 3, 2004 Technical Session

Technical Approach Lower Assurance Approach Higher Assurance Approach E-Authentication Technical Approach Lower Assurance Approach Overview Management SAML as an adopted Scheme Higher Assurance Approach Certificate Validation Relationship to Bridge Architecture Where we are today Today Near Term 2

SAML as an Adopted Scheme E-Authentication SAML as an Adopted Scheme SAML 1.0 Artifact Profile Proven interoperability 9

Lower Assurance Approach E-Authentication Lower Assurance Approach SAML Assertion Contents Name User ID CS ID AA Responsabilities Authorization / Entitlements Mapping asserted identity to known identity May map multiple credentials to a known identity CS Responsabilities Identity Management Credential Assessment Framework (CAF) requirements 13

Higher Assurance Levels E-Authentication Higher Assurance Levels Certificate Based Authentication “All sensitive data transfers shall be cryptographically authenticated using keys bound to the authentication process” NIST SP800-63 Does not require shared secrets Certificate Path Discovery and Validation Certificates at lower assurance AAs 14

Higher Assurance Approach E-Authentication Higher Assurance Approach Certificate Validation is not enough Certificate Path Discovery and Validation 17

One Minute PKI Public & Private Key Pair Digital Signatures E-Authentication One Minute PKI Public & Private Key Pair Mathematically bound numbers Encrypt with one, Decrypt with the other Digital Signatures Hashes encrypted with a private key Validate source and integrity Certificate Authorities (CAs) and Certificates Certificates bind a public key to an identity CAs issue certificates based on their policies Certificates are digitally signed by CAs Trust Anchors A CAs self-signed certificate 18

E-Authentication Typical PKI 19

E-Authentication Hierarchical PKI 20

E-Authentication Mesh PKI 21

E-Authentication Mesh PKI 22

E-Authentication Authentication or Message 23

E-Authentication Certificate Path Discovery and Validation 24

Higher Assurance Approach E-Authentication Higher Assurance Approach Certificate Usability at lower assurance AAs Avoid multiple interfaces at AAs Avoid PKI complexities at lower assurance AAs 25

High Assurance Approach E-Authentication High Assurance Approach Relation to Federal PKI Architecture 27

Where we are today Proof of Concept Interoperability Lab E-Authentication Where we are today Proof of Concept SAML 1.0 Artifact Profile Interoperability Lab Architecture Working Group Pilots 33

References eAuthentication Documents NIST Documents http://www.cio.gov/eauthentication NIST Documents http://csrc.nist.gov/pki/testing/x509paths.html http://csrc.nist.gov/publications/drafts.html 34

Coming Soon FOC Forms Web Services Composite Apps New Schemes E-Authentication Coming Soon FOC Forms Web Services Composite Apps New Schemes 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.