The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council

Slides:

Advertisements

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

Advertisements

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Federal PKI Architecture Update

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council

Ongoing Efforts to Build The US Federal PKI Bridge

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Public Key Infrastructure (PKI) Hosting Services.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

The U.S. Federal PKI and the Federal Bridge Certification Authority

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.

Federal Bridge Certification Authority n Background n Overview n EMA Challenge Test structure n Participants n Results n Conclusions and lessons learned.

Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

1 JFMIP Property Management System Requirements Briefing Interagency Committee on Property Management February 4, 2004.

The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.

The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.

NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Transforming Education Through Information Technologies Common Solutions Group, January, 2002 (Sanibel Island) HEBCA: Higher Education.

Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation

Intragovernmental Business Rules June 1, Office of Management and Budget (OMB) Bulletin regarding intragovernmental business rules became.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.

Bridge Certification Architecture A Brief Demo by Tim Sigmon and Yuji Shinozaki June, 2000.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

The NIH PKI Pilots Peter Alterman, Ph.D. … again.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Legislation and Market Forces: PKI Drivers for the U. S. Mortgage Industry November 27, 2006 R. J. Schlecht Director, Industry Technology – Security &

Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University

The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

The Evolving Federal PKI Gary Moore Entrust Technologies Richard Guida Chair, Federal PKI Steering Committee.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

The FBCA Architecture: Lessons Learned Tim Polk, NIST March 9, 2001.

Federal Agencies and PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

PKI in Virginia September Commonwealth Bridge Project Time Line of Activity l COVITS Meeting - September 1999 »Commonwealth of Virginia Information.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Interoperability and the Evolving Federal PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering.

Federal Identity Management Overview and Current Status Dr. Peter Alterman, Chair Federal PKI Policy Authority.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

U.S. Federal e-Authentication Initiative

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop December 14, 2006.

Presentation transcript:

The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council (Steering Committee web page:

E-Transaction Landscape Intra-agency –personnel matters, agency management Interagency –payments, account reconciliation, litigation Agency to trading partner –procurement, regulation Agency to the public

Federal PKI Approach Establish Federal PKI Policy Authority (for policy interoperability) Implement Federal Bridge CA using COTS (for technical interoperability) Deal with directory issues in parallel –Border directory concept –Use ACES for public transactions

Federal PKI Policy Authority Voluntary interagency group - NOT an “agency” Governing body for interoperability through FBCA – Agency/FBCA certificate policy mappings Oversees operation of FBCA, authorizes issuance of FBCA certificates

Federal Bridge CA Non-hierarchical hub (“peer to peer”) Maps levels of assurance in disparate certificate policies (“policyMapping”) Ultimate bridge to CAs external to Federal government Directory initially contains only FBCA- issued certificates and ARLs

Boundary Conditions Use COTS with “inclusive” architecture Use X509v3 Support four levels of assurance –Rudimentary, Basic, Medium, High –Modeled after Canadian PKI FBCA use cannot be mandatory Focus requirements on agencies as certificate issuers, not relying parties

FBCA Architecture Multiple CAs inside membrane, cross certified –Adding CAs straightforward albeit not necessarily easy Solves inter-product interoperability issues within membrane - which is good Single consolidated X.500 directory (but also support LDAP access)

Current Status Prototype FBCA: Entrust, Cybertrust –Initial operation 2/8/00 Production FBCA: add other CAs –Operation by late 00 FBCA Operational Authority is the General Services Administration FBCA Cert Policy by mid-00 FPKIPA Charter by mid-00

Intra-Agency PKI Examples DOD (>250K certs => >>4M by 2002; high assurance with smartcards) FAA (~1K certs => 20K+ in 2000; software now, migrating to smartcards) FDIC (~4K certs => 7K+ in 2000) NASA (~1K certs => 25K+ in 2000) USPTO (~1K certs => 15K+ in 2000)

Planned Interagency Uses Department of Veterans Affairs and Social Security Administration on medical evidence Department of Education, SSA, VA on student loan applications, disbursements National Finance Center for on-line payroll matters Federal Deposit Insurance Corporation and other financial regulators re: sharing information

11 Border Directory Concept Each agency would have Border Directory for certificates and CRLs –May shadow all or part of local directory system (allows for agency discretion) –CAs may publish directly in border directory –Unrestricted read access Directory resides outside agency firewall –chain (X.500 DSP) or LDAP referral to FBCA DSA

Border Directory Concept Internal Directory Infrastructure PCA 2 FBCA DSA Internal Directory Infrastructure Border DSA 2 X.500 DSA Border DSA 1 LDAP Server Internal Directory Infrastructure PCA 1 PCA 3 Agency 1 Agency 2 Agency 3 FBCA LDAP Query-Response X DSP chaining

Access Certs for Electronic Services “No-cost” certificates for the public For business with Federal agencies only (but agencies may allow other uses on case basis) On-line registration, vetting with legacy data; information protected under Privacy Act Regular mail one-time PIN to get certificate Agencies billed per-use and/or per-certificate

Access Certs for Electronic Services RFP 1/99; bids received 4/99; first award 9/99 (DST), second award 10/99 (ORC), third award 10/99 (AT&T) Provisions for ACES-enabling applications, and developing customized PKIs Agencies do interagency agreement with GSA Certificates available now

Electronic Signatures under GPEA Government Paperwork Elimination Act (October 1998) Technology neutral - agencies select based on specifics of applications (e.g., risk) –But full recognition of dig sig strengths Gives electronic signature full legal effect Focus: transactions with Federal agencies Draft OMB Guidance 3/99; final 5/00

Organization