Single Sign-On and Federated Authentication at NIH and Beyond

Slides:

Advertisements

Similar presentations

Module 7 National Incident Management System:

Advertisements

National Prevention Strategy

ARIZONA DEPARTMENT OF ADMINISTRATION INFORMATION SERVICES DIVISION - DATA CENTER.

September, 2005What IHE Delivers 1 Joe Auriemma Siemens Medical Solutions, Health Services Senior Director, Integration Engineering Siemens Medical Solutions.

New America Forum April 12, 2010 New America Forum: A First Look at Implementing Health Reform The Delivery System Challenge State Implementation Issues.

Lousy Introduction into SWITCHaai

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

THE COMMONWEALTH FUND 1 Innovations in Primary Care: Whats In the Affordable Care Act? Melinda Abrams, MS The Commonwealth Fund

1 1 Medicare Marketing Danielle R. Moon, J.D., M.P.A. Director, Medicare Drug & Health Plan Contract Administration Group National Association of Health.

Affordable Care Act Health Center Planning Grants FY 2011 HRSA Xanthia James, OPPD Health Resources and Services Administration Department of Health.

Life After HPRP Barbara Poppe, Executive Director, USICH March 26, 2012.

Govern the Flow of Data: Moving from Chaos to Control

Yammer Technical Solutions Overview

Mobile Devices in the DoD

1 From the File Room to Facebook: Best Practices and Standards for Managing Social Media Records Chad Doran, CRM Chief Records Management Officer Arlington.

CIT Seminar Series ISC Forum 1. SOA 101 Ian Sebright SOA Technical Lead 2.

Externalizing Authentication

National Quality Strategy Overview August National Quality Strategy Introduction The Affordable Care Act (ACA) requires the Secretary of the Department.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

THE COMMONWEALTH FUND 1 Benefit Design for Public Health Insurance Plan Offered in Insurance Exchange Current Medicare benefits* New Public Health Insurance.

TOPICS CONTACTING THE DEPARTMENT OF HEALTH FEDERAL GRANT FUNDING PERIODS CONTRACT TERMS AND CONDITIONS STATEMENT OF WORK MONITORING.

Brian Epley, VA PIV Program Manager

National Quality Strategy Overview January 2014 Each slide includes notes that you can access by selecting “View” and then “Notes Page” in PowerPoint.

1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.

NIH is a Valuable Place with Valuable People: We Need to Protect it! Cyber threat is one of the most serious economic and national security challenges.

The future of access management today Hilton London Paddington hotel 27 October 2010.

Christopher Carr Director of Informatics, RSNA

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Public Key Infrastructure (PKI) Hosting Services.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

1 Overview of Other Global Networks Exchange Network User Group Meeting April 2006.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.

Helen Schmitz Update on EA July 13, 2011 NIH Enterprise Information Technology Architecture Contact:

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

The InCommon Federation The U.S. Access and Identity Management Federation

NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman December 10, 2009

1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.

Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act) Regina.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.

Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci September 2009.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Federal Preparedness Credentialing & Typing. H.R. 1 - Requirement Title IV of the “Implementing Recommendations of the 9/11 Commission Act of 2007” directs.

An Unprecedented Opportunity: Using Federal Stimulus Funds to Advance Health IT in California Testimony of Sam Karp, Vice President of Programs California.

Environmental Public Health Tracking Network (EPHTN): Enterprise Architecture (EA) Ray Buckner Environmental Health Tracking Branch Division of Environmental.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Data and Applications Security Developments and Directions

John O’Keefe Director of Academic Technology & Network Services

Privacy, Security, and Identity Management Update

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Context, Gaps and Challenges

A Quick Tour of the FIPS 201 Revision

Presentation transcript:

Single Sign-On and Federated Authentication at NIH and Beyond Debbie Bucci National Institutes of Health

About NIH National Institutes of Health (NIH) Operating division of the U.S. Department of Health & Human Services (HHS) Primary Federal agency for conducting and supporting biomedical research

External Users NIH provides financial support to researchers around the world. NIH invests over $28 billion in medical research each year. $5 Billion for Researchers Inside NIH 83% goes to almost 50,000 competitive grants that support over 325,000 researchers outside NIH. $23 Billion for Researchers Outside NIH

Authentication Services at NIH NIH iTrust Multifunction single sign-on (SSO) and federated authentication service consisting of: NIH Login – links internal users at NIH to internal and departmental (HHS) applications and electronic resources NIH Federated Login – links external users to NIH and departmental (HHS) applications and resources

Federated Authentication Partners Government Departments and Agencies InCommon Federation – identity and access management federation for the higher education and research communities; nearly 50 major universities access NIH resources through InCommon. Open Identity Exchange (OIX), OpenID, and Information Card Foundations are working with industry leaders such as AOL, Equifax, Google, PayPal, VeriSign, and Yahoo to provide access at Levels of Assurance (LOA) 1-4.

NIH Login In production since 2003 Over 55,000 NIH users, 275 applications, 700 URLs 1.7 -2.4 million transactions per day Single Sign-On (SSO), including use of Personal Identity Verification (PIV) Cards Authenticated web services June 2008 mandated for all new web applications May 2010 all Login apps must support PIV Dec 2010 all sensitive applications must use two factor Delayed to June 2011- issues with Citrix, VPN and legacy applications, desktops and laptops and Non PIV Holders

NIH Federated Login In production since 2008 60 Federated applications University participation up 240% Over 72,000 external credentials averaging 2-3000 users a week Scaled to support 1 Million users on track to support over 500,000 external users by end FY11: wikis, SharePoint, Grids, Library services Acquisition services Cross-agency, governmentwide collaborations Enterprise/departmental applications

Federated View

Federated Authentication at NIH General Services Administration Trust framework provider Private-sector identity providers Assessors & auditors Dispute resolvers U.S. Government websites User

Federated Authentication at NIH General Services Administration Trust framework provider Universities Assessors & auditors Dispute resolvers U.S. Government websites User

Federal Mandates Mandates for Federated Authentication and Personal Identity Verification (PIV) Card and Common Access Card (CAC) across the Federal Government: HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” FIPS 201-1 “Personal Identity Verification of Federal Employees and Contractors” NIST SP-800-63 “Electronic Authentication Guideline” OMB M-04-04 “E-Authentication Guidance for Federal Agencies” OMB M-06-16 “Protection of Sensitive Agency Information” OMB M-11-11 “ Continued Implementation of Homeland Security Presidential Directive (HSPD) 12– Policy for a Common Identification Standard for Federal Employees and Contractors “

NIH iTrust Key Points Aligns with FICAM’s IdM reference segment architecture Integrates with HHS Operating Divisions and other departments and agencies Promotes both interoperability and standards Meets the needs of researchers and clinicians Offers quick implementation

Current Integration Projects NIH eVIP (electronic Vendor Invoicing Program) Over 30,000 users and 7,000 vendors across the country will submit invoices, receive payment, and complete other transactions using their own identity credentials NIH eRA (electronic Research Administration) Over 250,000 researchers and 9,500 institutions worldwide will apply for grants and access funding, while helping eRA monitor grant disbursement National Library of Medicine PubMed Database Secure access for users with OpenID credentials such as Google and Yahoo 12,000 OpenID users registered in the first six weeks

Current Integration Projects Healthcare Reform Implementation Tracking Tool (HRITT) HHS, CMS, White House, and other agencies will use MS Project Server to track implementation of the 400+ provisions of the 2010 Patient Protection and Affordable Care Act National Interagency Confederation for Biological Research (NICBR) Federated access to a group of applications used by researchers from the National Cancer Institute, National Institute of Allergy and Infectious Diseases, Army, Navy, Department of Homeland Security, CDC, and USDA at Ft. Detrick, MD

For Further Information Debbie Bucci Manager, Integration Services Center Division of Enterprise and Custom Applications Center for Information Technology National Institutes of Health Debbie.Bucci@nih.gov NIH Integration Services Center NIHISCSupport@mail.nih.gov NIH Center for Information Technology www.cit.nih.gov