EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Slides:



Advertisements
Similar presentations
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Advertisements

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Ongoing Efforts to Build The US Federal PKI Bridge
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
Public Key Infrastructure (PKI) Hosting Services.
1 Federal Identity Management and Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
The U.S. Federal PKI and the Federal Bridge Certification Authority
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.
Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.
1 The Government-wide Implementation of Homeland Security Presidential Directive 12 (HSPD-12) David Temoshok Director, Identity Policy and Management GSA.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,
NIST E-Authentication Technical Guidance Bill Burr Manager, Security Technology Group National Institute of Standards and Technology
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
The E-Authentication Initiative
E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management GSA Office of Governmentwide.
A Quick Tour of the FIPS 201 Revision
Presentation transcript:

EDUCAUSE Fed/Higher ED PKI Coordination Meeting Understanding the Federal PKI and Federal Identity & Access Management David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy EDUCAUSE Fed/Higher ED PKI Coordination Meeting June 12, 2008

Federal Identity & Access Management Key Policy Considerations For FIAM Government-wide deployment: No National ID No National unique identifier No central registry of personal information, attributes, or authorization privileges Different authentication assurance levels are needed for different types of transactions IDM is based on Identity Federation Authentication – not authorization For FIAM technical approach: No single proprietary solution Deploy multiple COTS products – Products must interoperate Controls must protect privacy of personal information

FIAM Consists of Three Inter-Connected Initiatives HSPD-12 Multi- Factor Token Federal PKI PKI/ Digital Signature E-Authentication --SAML Very High Strong Password High PIN/User ID Medium Low Access to Applying Obtaining Employee for a Loan Govt. Screening Protected for a High Website Online Benefits Risk Job

Federal PKI Certificate Policies Federal Bridge (Model) Policy Facilitates trust among Enterprise PKI implementations Five levels of assurance (rudimentary, basic, medium, medium hardware, high) Common Policy Framework (Root) Federal PKI “Root” Policy Six policies (common, common high, common devices, common authentication, common hardware, card authentication) Citizen and Commerce Class (C4) Designed specifically to meet a need in E-Authentication Provides a mechanism for commercial-grade PKI assessment and approval as credential service providers E-Authentication Governance Directly supports the E-authentication Architecture Three policies (Level 1 CSP, Level 2 CSP, Agency Application)

Federal PKI Architecture Approved PKIs ACES E-Authentication Governance CAs Approved Apps/CSPs Federal Bridge CA Other Bridges Level 1 & 2 Applications Fed Agencies Private Sector Level 1 & 2 Credential Service Providers Foreign Gov’ts States Approved SSPs C4CA Common Policy Root CA Certified Commercial SSPs Federal Agency Federal Agency Treasury Federal Agency Federal Agency GPO Commercial PKI Solutions

FIAM Federated Trust Model 1. Establish & define authentication risk and assurance levels 2. Establish FIAM process and technical standards & requirements for Issuers at each assurance level 3. Establish methodology for evaluating Issuers at each assurance level 4. Perform standard assessments and maintain trust list of trusted Issuers 5. Establish common business and compliance rules for approved Issuers

The Starting Gate for Government-wide FIAM Interoperability Standard data model Interoperability and security standards Standard data interface specifications Standard Testing Programs - Products Reference Implementations - data interface specifications Standard Testing Program - data interface specifications FIPS 201 and associated NIST Special Publications PIV Interface Specifications Federal Bridge Certificate Policy FPKI Audit requirements E-Authentication Architecture suite Standard Testing Programs - Products GSA FIPS 201 Evaluation Program NIST FBI NVLAP FPKI E-Authentication

Federal Interoperability Labs Test interoperability of products/Issuers for participation in FIAM architectures. GSA FIPS 201 Evaluation Program NIST PIV and FP MINEX testing NVLAP FBI GSA FPKI Interoperability Testing GSA E-Authentication SAML Interoperability Testing Liberty Alliance SAML Interoperability Testing Federal Approved Product Lists GSA FIPS 201 APL NIST Approved Products NVLAP/NIST Certified products FBI Approved Products GSA FPKI Cross-certification GSA FPKI Shared Service Provider GSA E-Authentication SAML Approved Products Liberty Certification PIV Card Cryptographic Module Electronic Personalization OCSP Responder PIV Card Reader - Authentication Key PIV Card Reader - Biometric PIV Card Reader - CHUID Authentication (Contact) PIV Card Reader - CHUID Authentication (Contactless) VeriSign Registry Overview com/net/org (Regulated) .tv and .cc (Non-Regulated) Challenges/Business Risks ATLAS—Raising the Bar in Registry Services Securing and enhancing the com/net/org franchise Efficient platform that reduces capital and operating expenses Platform for growth across VeriSign divisions Other Business Opportunities Enhanced Naming Services that stimulate demand for domain names Registry Outsourcing Managed DNS Directory Services Summary

FPKI Collaborative Environment Other CAs (e.g., ECA, ACES, Illinois) Commercial CAs (e.g. Wells Fargo) Other Federal Root CAs Other Bridge CAs – Certipath, SAFE DoD Interoperability Root CA Federal Bridge CA Common Policy Root CA DoD Operational Root CA DoS Root CA DHS Root CA Shared Service Provider CAs DoD Subordinate CAs DoS Subordinate CAs DHS Subordinate CAs

FIAM Trust Enrollment & Issuance Identity & Suitability Physical Fed Agencies OPM/FBI Enrollment & Issuance Identity & Suitability Approved Issuers Attribute Exchange Physical inspection Electronic S/N Verification Biometric Verification Digital Credential verification United States Government Employee Affiliation Agency/Department Department of Homeland Security 2010FEB24 Expires FEB2010 Doe John, H. Emergency Response Official Physical Access Federal PKI Architecture PIV Authentication Digital Certificate Authorized Signature Logical Access Digital Credential verification

For More Information Visit our Websites: Or contact: http://www.idmanagement.gov http://www.cio.gov/ficc http://www.cio.gov/fpkipa http://www.csrc.nist.gov/piv-project Or contact: David Temoshok Director, Identity Policy and Management 202-208-7655 david.temoshok@gsa.gov

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.