NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) January 09, 2007.
Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Single Sign-On and Federated Authentication at NIH and Beyond
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Eric Raff. Usergroup up
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.
The InCommon Federation The U.S. Access and Identity Management Federation
ADFS in the U.T. System U.S. Federations Call - May 18, 2011 Paul Caskey System-wide Information Services.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.
Single Sign-On for Professionals & Patients Phil Stradling.
Shibboleth: An Introduction
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci September 2009.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
E-Authentication briefing for 11th Fed/Ed PKI Meeting Thursday June 16th, 2005.
Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Prabath Siriwardena, Director of Security, WSO2 Twitter
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Web SSO with Cloud Resources using AD Federation Services
Secure Single Sign-On Across Security Domains
Data and Applications Security Developments and Directions
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Privacy, Security, and Identity Management Update
Azure AD Application Proxy
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Public Key Infrastructure from the Most Trusted Name in e-Security
HIMSS National Conference New Orleans Convention Center
A Quick Tour of the FIPS 201 Revision
Presentation transcript:

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010

Federal Agency Business Needs Implement SSO across an entire agency or department Implement federated SSO across multiple organizations Reduce IT expenses associated with custom solutions Meet federal mandates regarding PIV/CAC Promote both interoperability and standards Align with FICAM’s IdM reference segment architecture Implement a turnkey solution in a timely manner 2

Federal Mandates Mandates for Federated Authentication and Personal Identity Verification (PIV) Card and Common Access Card (CAC) across the Federal Government: HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” FIPS “Personal Identity Verification of Federal Employees and Contractors” NIST SP “Electronic Authentication Guideline” OMB M “E-Authentication Guidance for Federal Agencies” OMB M “Protection of Sensitive Agency Information” 3

NIH iTrust 4 Enterprise web single sign- on (SSO) and federation services In production since 2003 (as NIH Login) Over 35,000 NIH users, 238 applications, 588 URLs Over 2.4 million transactions per day Supports Personal Identity Verification (PIV) Cards

Federated View 5

6 Federated Authentication at NIH Trust framework provider General Services Administration Private-sector identity providers U.S. Government websites Assessors & auditors Dispute resolvers User

7 Federated Authentication at NIH Trust framework provider General Services Administration Universities U.S. Government websites Assessors & auditors Dispute resolvers User

8 Federated Authentication at NIH Trust Framework Provider: Federal PKI Architecture Trust Framework Provider: Federal PKI Architecture Federal Agencies InCommon Federation Provider websites Assessors & auditors Dispute resolvers User U.S. Government websites

Current Integration Projects NIH eVIP (electronic Vendor Invoicing Program) NIH eRA (electronic Research Administration) National Library of Medicine PubMed Database HHS Healthcare Reform Implementation Tracking Tool (HRITT) National Interagency Confederation for Biological Research (NICBR) 9

NIH iTrust Technology CA SiteMinder web access management system –User authentication and secure Internet SSO –Policy-driven authorization and federation of identities –Complete auditing of all access to the application Configuration to support SAML 1.1 and 2.0, OpenID 2.0, and X.509 (PIV and PKI) credentials –Cross-certified with the Federal PKI architecture NIH iTrust has 99.95% availability 24 x 7 x 365 –Windows and Unix servers in the highly secure NIH Data Center in Bethesda, MD –Dedicated production servers and off-site failover capabilities 10

Internet NIH iTrust Agency Application (without 3 rd party agent) NIH Reverse Proxy Identity Provider NIH Assertion/Token Consumer User Credential User Credential SAML OpenID SAML OpenID Identity Provider Listing Service SOAP Federation Links Link Cache AuthZ HTTP Headers HTTP Headers Select IDP Link Select IDP Link 11

rp2.consortium.gov/site2 (SharePoint 2010) WS-Trust Internet Identity Provider (IdP) NIH Relying Party (RP) rp1.consortium.gov/site1 (IIS) rp-sts.consortium.gov (ADFS 2.0) Idp1.nih.gov Other IdP idp2.theirdomain.com SAML WS-Trust User/Browser SAML PIV Cert PIV Cert PIV Cert PIV Cert NTLM A/D WS-Trust Collaborative SharePoint 12

WS –Trust RST Internet Identity Provider (IdP) (OIX Certified) Relying Party (RP) Invoice1 Equifax User/Browser/Card Selector Information Card CCR SOA SVC WS-Trust SAML PayPal RSTR SAML HTML Object Tag WS-Security Policy 1.User attempts to access LOA 3 Invoice1 resource The user authenticates to Invoice1 using their PayPal information card 5.Invoice1 verifies the user is a trusted role using the CCR SOA service Vendor Invoicing 13

NIH iTrust Demo Clinical and Translational Science Awards (CTSA) Wiki – My NCBI (PubMed/Medline access) – 14

For Further Information Debbie Bucci Manager, Integration Services Center Division of Enterprise and Custom Applications Center for Information Technology National Institutes of Health NIH Integration Services Center 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.