Mary Montoya, CIO Bogi Malecki, Project Manager

Slides:



Advertisements
Similar presentations
Suchin Rengan Principal Technical Architect Salesforce.com
Advertisements

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
1 Change Management FOR University Medical Group Saint Louis University Click this icon for Audio.
Troubleshooting Federation, AD FS 2.0, and More…
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Session 11: Security with ASP.NET
Troubleshooting Federation, AD FS 2.0, and More…
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
1 EIR Accessibility Web Scanning Program Jeff Kline, Statewide Accessibility Coordinator Texas Department of Information Resources October, 2012.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Module 11: Securing a Microsoft ASP.NET Web Application.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
IEEE MEDIA INDEPENDENT HANDOVER DCN: mugm Title: Group Management TG Opening Note Date Submitted: September 18, 2012 Presented at.
Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
Secure Mobile Development with NetIQ Access Manager
Project Life Presented by Chuck Ray, PMP ITS Project Manager.
CAS Proxying and Web Services The somewhat “easy way” Presented By: Joseph Mitola Programmer/Analyst Office Of The Registrar.
Microsoft Ignite /20/2017 9:04 PM
11 | Managing User Info Jeremy Foster Michael Palermo
Hazardous Waste Import-Export Final Rule Requirements and Implementation December 12, 2016.
Access Policy - Federation March 23, 2016
Microsoft FastTrack & FY16 Cloud PBX Adoption Offer
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Introduction to Windows Azure AppFabric
Analyn Policarpio Andrew Jazon Gupaal
Federation made simple
HMA Identity Management Status
Identity Federations - Overview
Data and Applications Security Developments and Directions
SaaS Application Deep Dive
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Implementation Strategy July 2002
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>
Description of Revision
Using SSL – Secure Socket Layer
SQL Server BI on Windows Azure Virtual Machines
Rapid Connect® Getting Started
OpenID Connect Working Group
General Services Department (GSD) August 22, 2018
Medical Cannabis Project
New Mexico Environment Department The E-Enterprise Integrated Identity Solution Project– Closeout Presented to the NM DoIT Project Certification Committee.
Special Education Maintenance of Effort
1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.
Office 365 Development.
Baseline Expectations for Trust in Federation
Project Certification Planning Phase August 27, 2014
July 22, 2015 Sally Trigg, DoIT, Project Manager
New Mexico Environment Department ICIS-Air Dataflow Project
Presentation transcript:

New Mexico Environment Department The E-Enterprise Integrated Identity Solution Project (ISOL) Mary Montoya, CIO Bogi Malecki, Project Manager Tom McMichael, Systems Analyst Mark Morell, Systems Integrator & Technical Writer Sam Jenkins, Solutions Architect 12/14/2015 Project Certification Committee Presentation

Environment Department Mission The mission of the New Mexico Environment Department is to protect and restore the environment, and to foster a healthy and prosperous New Mexico for present and future generations. 12/14/2015 Project Certification Committee Presentation

Project Purpose Discover & Analyze. Evaluate identity and access management of NM, TN and WY Single Sign-On systems and EPA’s Identity Bridge system and determine the impact of implementing a proposed federated identity solution. 12/14/2015 Project Certification Committee Presentation

Main Goal Identify how best to authenticate users with one site and allow secure access to all other sites without re-authenticating: 12/14/2015 Project Certification Committee Presentation

Ultimate Aim Reduce burden and cost of maintaining multiple identities and systems for transacting business and sharing environmental data across entities. 12/14/2015 Project Certification Committee Presentation

Planned Approaches Use Third Party Identities Enable Single Sign-On using Secure Token Services Integrate OpenID / OpenID Connect Identity Provider Interface 12/14/2015 Project Certification Committee Presentation

1. Use 3rd Party Identities 1. A user tries to access a protected resource at the web site (relying party). 2. The user is offered a choice of identity providers and redirected to the selected identity provider. 3. The user authenticates by providing login information at the identity provider’s login page. 4. After successful authentication, the user is redirected to the relying party web site along with a signed security token and other information (claims). 5. The relying party validates the security token and allows access if the token is valid (it was signed by the trusted issuer). 12/14/2015 Project Certification Committee Presentation

3rd Party Log-in Example Redirect to the Enterprise Security Bridge with Facebook IdP specified User authenticates at Facebook Enterprise Security Bridge redirects to the E-Enterprise Portal E-Enterprise Portal uses Web Services Federation to validate 12/14/2015 Project Certification Committee Presentation

2. Enable Single-Sign On A user attempts to login at an identity provider by presenting user ID and credential. The identity provider validates the user’s claim. It requests the STS to issue a security token if the identity is valid. The STS verifies the identity provider’s credential and signs the security token if the identity provider is trusted. The user ID and other identity information will be encrypted into the token. The identity provider returns the security token to signal a successful login. The user then asks for services at another application (the Relying Party) with the security token as the evidence of an authenticated user (I have logged in already, here is my ticket). The suspicious relying party verifies the claim by validating the security token at the STS. The STS checks the token and returns the user’s ID, along with other attributes, if successful. The relying party performs requested operation and returns results to the user. 12/14/2015 Project Certification Committee Presentation

3. Integrate OpenID 1. User accesses the OpenID Connect application (relying party) 2. The user is redirected to the "authorization endpoint" of CFS (Cloud Federation Service) to authenticate 3. If the user authenticates, she is prompted to authorize the application to access certain profile information 4. The user browser is sent back to the client application (indicated by the Callback URL in the configuration) with the authentication/authorization result. 5. The application can contact CFS at the UserInfo endpoint. The application has a maximum of 2 minutes to contact CFS for the user's information. After 2 minutes, the access token is no longer valid and steps 2-4 shown in the diagram must be done again. Note here that even if steps 2-4 will be executed again, the user will not see any of this because they will already have been authenticated by CFS (and not prompted again) and already authorized the application to access their information (so they won't have to consent again - as long as they have not manually revoked access to this application in the meantime). 6. The UserInfo endpoint (CFS) returns consented profile information to the client application. 12/14/2015 Project Certification Committee Presentation

OpenID Log-in Page Example 12/14/2015 Project Certification Committee Presentation

General Information The project was conceived and initiated by NMED Office of Information Technology The proposal was sent to EPA November, 2014 NMED was awarded funding September, 2015 The funding period is 10/1/2015 – 9/30/2017 The funding budget is $472,737 12/14/2015 Project Certification Committee Presentation

High Level Project Overview Objective Budget Due Date Finalize Scope; Execute Contracts & MOAs; Purchase licenses; Assign team tasks & deadlines $36,856 12/11/2015 Perform Federated Identity Management discovery and a solutions assessment with EPA $25,617 8/26/2016 discovery and a solutions assessment of NM $85,248 10/28/2016 discovery and a solutions assessment of TN $118,182 11/25/2016 discovery and a solutions assessment of WY $117,364 12/23/2016 Analyze results, compile and submit findings & recommendations $63,720 4/1/2017 Closeout $25,750 5/31/2017 Total $472,737   The different cell colors indicate different project phases. 12/14/2015 Project Certification Committee Presentation

Stakeholders and Governance EPA - Office of Environmental Information (OEI) Exchange Network Leadership Council (ENLC) Exchange Network Technology Board (NTB) NMED Office of Information Technology - Office of the CIO Tennessee Department of Environment and Conservation Wyoming Department of Environmental Quality NM Department of Information Technology – Project Certification Committee 12/14/2015 Project Certification Committee Presentation

Project Management Plan Present to PCC at Initiation & Planning phase Submit Quality Assurance Plan to EPA Submit semi-annual progress reports to EPA Present bi-monthly status reports to ENLC Present monthly reports to PCC Hold monthly meetings with partner states to track progress and findings Weekly project team meetings to check task status, identify roadblocks & assess schedule impact Present to PCC at Implementation phase Present to PCC at Closeout project phase Submit final report to EPA 12/14/2015 Project Certification Committee Presentation

Risks & Issues Possible risks include: Insufficient participation from partner states/EPA Inconsistent statutory requirements across jurisdictions EPA imposed technologies and/or requirements that are inconsistent with the project goals 12/14/2015 Project Certification Committee Presentation

Questions 12/14/2015 Project Certification Committee Presentation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.