1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Slides:



Advertisements
Similar presentations
Mobile Devices in the DoD
Advertisements

NRL Security Architecture: A Web Services-Based Solution
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
Helena Sims NACHA – The Electronic Payments Association Overview of The Electronic Authentication Partnership Tenth Federal & Higher Education PKI Coordination.
August 2004 Providing Industry-wide Security and Identity Management Solutions.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
The ICAR Federated Identity Model Massimiliano Pianciamore, CEFRIEL Francesco Meschia, CSI-Piemonte
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.
The InCommon Federation The U.S. Access and Identity Management Federation
DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.
Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.
Legislation and Market Forces: PKI Drivers for the U. S. Mortgage Industry November 27, 2006 R. J. Schlecht Director, Industry Technology – Security &
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Presented by Michael W. Sydow, PE Chief, Environmental and IIS Management Branch USAED Savannah Performance Based Contracting A USACE Perspective.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Federated Identity Management
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
A Common Assessment Framework for Adults – Development 12 February 2008 Carl Evans Social Care, Local Government and Care Services Directorate Department.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
SWIM Common PKI and policies & procedures for establishing a Trust Framework                           Kick-off meeting Patrick MANA Project lead 29 November.
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
HIMSS National Conference New Orleans Convention Center
The E-Authentication Initiative
Presentation transcript:

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy

2 EAI/EAP Common Trust Framework 1. Establish & define authentication risk and assurance levels EAI: OMB M Established and defined 4 authentication assurance levels as Governmentwide policy EAP: Adopted OMB M authenticatcion assurance levels 2. Establish technical standards & requirements for e-Authentication systems at each assurance level EAI: NIST Special Pub Authentication Technical Guidance – Established authentication technical standards at 4 established assurance levels EAP: Adopted NIST SP standards 3. Establish methodology for evaluating authentication systems at each assurance level EAI: Credential Assessment Framework – Standard methodology for assessing authentication systems of credential service providers EAP: Service Assessment Criteria – Standard methodology for assessing authentication systems of credential service providers 5. Perform assessments and maintain trust list of trusted CSPs EAP: Trusted CSP List EAI: Trusted CSP List 6. Establish common business rules for approved CSPs EAI: EAI Federation Business Rules and Service Agreements EAP: EAP Business Rules and Agreements

3 Identity Federation Models  Bi-lateral (peer-to- peer)  Hub & Spoke (unilateral)  Circle of Trust (many-to-many) ID The models for identity federation strongly impact decisions on technical architecture and governance.

4 IDP SP/RP EAP Vision: Multiple, Interoperable Federations Federation 1 Federation 2 EAP Common Governance Common Trust Framework & Rules Common Architecture & Interoperable Products

5 EAI/EAP Alignment EAI EAP Common Assurance Levels Common Authentication Standards Reciprocal CSP Trust Certifications Common Designated Assessors Common Business Rules Common Architecture Common Protocols Common Data Models Joint Pilots And Projects

6 EAP. Established to create a structure to use government-approved credentials for logical access for government and business applications. Has business process and trust framework for logical access but needs to add transaction processing for e-authentication and an accreditation process for federations that adopt EAP rules. U.S. General Services Administration. Needs to facilitate e-authentication for commercial sector partners and a commercial process for certifying logical and physical authentication service providers and federations. FiXs. Established to provide federated authentication of credentials for the purpose of physical access to DoD facilities and contractor sites. Wants to provide logical access functionality and PIV/HSPD-12 functionality in a federated environment for its membership. U.S. Department of Defense. Seeks high security and identity assurance for external access to DoD systems and to leverage its investment in physical access authentication. FiXs & EAP Pilot Sponsors Objective Demonstrate interoperability by enabling federated single card authentication for logical and physical authentication for token based access to commercial and government facilities and systems.

7 DCCIS Background Challenge for DoD and its Contractors: Need for authentication system for DoD employees and its contractors for physical access at their respective facilities without issuing an additional set of credentials. Solution: DCCIS Pilot & Prototype. DCCIS pilot/prototype system for DMDC employees to use CAC cards and several contractors to use their corporate badges to authenticate at participating facilities using a Trust Gateway Broker to retrieve identification data and validate credentials. (2003) DCCIS TGB Contractor 1 Contractor 2 Contractor n DoD Facility 1 DoD Facility 2 DoD Facility n AUTHENTICATION PHYSICALACCESS

8 FiXs: An Extension to DCCIS Challenge for DoD and its Contractors: Need to deploy DCCIS system to 224 DoD bases and their contractors 110,000) in a timely and cost-effective manner. Solution: FiXs. Commercial system that mimics and links to DCCIS to extend the authentication system out to encompass all eligible participants. FiXs TGB DCCIS TGB Contractor 1 Contractor 2 AUTHENTICATION FOR PHYSICAL ACCESS Contractor 4 Contractor 5 Contractor 6 Contractor 3 Contractor n DoD Facility 4 DoD Facility 5 DoD Facility 6 DoD Facility n DoD Facility 1 DoD Facility 2 DoD Facility 3

9 EAP: Trust Framework for E-Authentication Challenge for Federal Agencies and the Commercial Sector: Need to deploy a cross-domain electronic authentication system that enables secure logical access between the Federal government and commercial contractors and companies. Solution: EAP. Create a structure to use government-approved credentials used under E- Authentication Initiative, ECA, the Federal Bridge, etc. for other business applications. EAP Framework EAI Company 1 Network AUTHENTICATION FOR LOGICAL ACCESS Fed Gov Network 1 ECA, Etc. Fed Bridge Company 2 Network Company 3 Network Company n Network Fed Gov Network 2 Fed Gov Network 3 Fed Gov Network n

10 EAP Framework FiXs Expansion: EAP + PIV/HSPD-12 System Usage Expansion. New member recruitment, deployment to DoD sites worldwide, potential expansion and compliance with PIV/HSPD-12. Expansion to Logical Access. Logical access functionality will be piloted by aligning with EAP and other federations in the future, e.g., TSCP. Company 1 Facility/Network Company 2 Facility/Network Company 3 Facility/Network Company n Facility/Network Fed Gov Facility/Network 1 Fed Gov Facility/Network 2 Fed Gov Facility/Network 3 Fed Gov Facility/Network n EAI AUTHENTICATION FOR LOGICAL ACCESS ECA, Etc. Fed Bridge FiXs TGB DCCIS TGB PHYSICAL ACCESS

11 Attributes of the Business Model Association Model. Control processes across entities that are not directly affiliated. Funding based on membership and dues. Intermediary Multi-Party Contracts. Members sign contract to single intermediary rather than multi-lateral contracts across Members. Operating Rules. Provides uniformity and process control and incorporates policies and technical specifications by reference. Distribution of Investment, Risks & Liabilities. Reduces risks to individual Members through risk and liability allocation and spreading investment across Members. Community of Interest of Users. Provides forum for policy alignment and resolution of issues that are obstacles to market development using a trust model. Recognized by Government. Government requirements incorporated into system and program – government acknowledges and regulates by reference.

12 FiXs & EAP Pilot Outcome Align Rules & Policies. Align FiXs Operating Rules and policies with EAP Business Rules and trust framework. Harmonize Certification Process. Establish requirements and a process for certifying FiXs and EAP Issuers and Relying Parties as well as infrastructure components. Build Out Technical Architecture. Build out FiXs technical architecture to accommodate EAP e-authentication transactions and establish a combined transaction environment. Adapt Technical Specifications. Adapt FiXs interface design, system software design and hardware/software functional requirements that enable a FiXs and EAP operational environment. Accommodate Multiple Tokens. Accommodate existing FiXs and EAP Member tokens/cards/credentials and migrate to PIV/HSPD-12 compliant card. To enable interoperability between FiXs and EAP for combined physical and logical access in a federated environment, fill in the gaps and harmonize existing policies and infrastructure.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.