PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Slides:



Advertisements
Similar presentations
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Advertisements

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum
Federal PKI Architecture Update
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
HIT Policy Committee Privacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Certificate Authority- Provider Authentication Recommendations.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.
Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.
The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.
Public Key Infrastructure Ammar Hasayen ….
Bridge-to-Bridge Working Group (BBWG) Debb Blanchard, Cybertrust EDUCAUSE Federal and Higher Education PKI Coordination Meeting June 16, 2005 The Fairmont.
European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Transforming Education Through Information Technologies Common Solutions Group, January, 2002 (Sanibel Island) HEBCA: Higher Education.
E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
The NIH PKI Pilots Peter Alterman, Ph.D. … again.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Update on PKI Activities in the Spanish Academic Network PKI-COORD November 26, Amsterdam.
Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier.
U.S. Department of Agriculture eGovernment Program eAuthentication Draft Business Case Executive Summary January 2003.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
State of e-Authentication in Higher Education August 20, 2004.
The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.
PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
The Evolving Federal PKI Gary Moore Entrust Technologies Richard Guida Chair, Federal PKI Steering Committee.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
National Institutes of Health Interfederation Initiatives Peter Alterman, Ph.D. Assistant CIO for e-Authentication.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Interoperability and the Evolving Federal PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering.
Federal Identity Management Overview and Current Status Dr. Peter Alterman, Chair Federal PKI Policy Authority.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
Presentation transcript:

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2 Spring Meeting 2004 The E-Authentication Initiative March 2, 2004

2 The E-Authentication Initiative E-Gov Program Management Office Why Does PKI Fit into the e-Authentication Architecture?  While the bulk of the early phase rollouts of e-Gov applications are web-enabled applications..  2003 OASIS survey identified signed electronic forms as the highest priority use for PKI (1)  Does anybody want to estimate how many Government forms are in use?  (1) OASIS Public Key Infrastructure Technical Committee, “Analysis of June 2003 Survey on Obstacles to PKI Deployment and Usage”, August 8, open.org/committees/pki/pkiobstaclesjune2003surveyreport.pdf

3 The E-Authentication Initiative E-Gov Program Management Office OASIS Survey of PKI Issues: Uses  ApplicationsMost ImportantImportantNot ImportantNo Answer WeightWeight Rank  Document Signing43%47%6%3%1.381  Web Server Security42%48%6%4%1.372  Secure 40%46%8%6%1.333  Web Services Security34%53%9%4%1.264  Virtual Private Network33%50%11%6%1.245  Electronic Commerce34%48%13%5%1.226  Single Sign On28%56%12%4%1.177  Secure Wireless LAN25%48%19%8%1.068  Code Signing20%50%22%8%0.989  Secure RPC6%40%40%13%  Other Application9%3%7%81%  (1) OASIS Public Key Infrastructure Technical Committee, “Analysis of June 2003 Survey on Obstacles to PKI Deployment and Usage”, August 8, open.org/committees/pki/pkiobstaclesjune2003surveyreport.pdf

4 The E-Authentication Initiative E-Gov Program Management Office What Role Does PKI Play in the e- Authentication Architecture?  Reliably satisfies identity assurance levels 3 & 4 (OMB M-04-04)  Reliably satisfies risk levels 3 & 4 (FIPS 199, SP )  In Hoc Signo Vinces – PKI with Bridge interoperability is a great example of federated identity management  PKI integrates well with emerging technologies that link authentication and authorization, e.g., SAML

5 The E-Authentication Initiative E-Gov Program Management Office Therefore..  PKI is the prime candidate technology for satisfying electronic forms signing business processes;  PKI is the prime candidate for satisfying the authentication needs of business transactions that require levels 3 and 4 identity assurance  PKI is an excellent technology match for e- Authentication authentication and authorization implementations

6 The E-Authentication Initiative E-Gov Program Management Office Status of PKI in the Federal e-Authentication Framework  Federal Identity Management Framework acknowledges hardware-based PKI as best candidate for consolidated logical and physical access mechanism for Feds and contractors;  Operational PKIs in defense and civilian agencies now; DOD and State Department PKIs are hardware-based  Federal Bridge is operational and linked to all currently operational Federal PKIs, State of Illinois PKI and prototype Higher Ed Bridge; links to Canada, Australia, UK and EU under way  Other Federal Agencies rolling out PKIs in near future, either self-managed or acquired from approved service providers

7 The E-Authentication Initiative E-Gov Program Management Office FBCA Certification Authority Two way Cross-certified (FBCA High & FBCA Medium) Agencies (Legacy Agency CA policy) States Foreign Entities Citizen & Commerce Class Common (C4) Certificate Policy -certified Wells FargoAOLPEPCO Private Sector FPKI Common Policy Framework (FCPF) Certificate Policy C4 Policy Certification Authority (Included in browser list ofCAs) FCPF Policy Certification Authority (Trust anchor for Common FPKI Policy hierarchical PKI subscribers) E-Governance Certification Authority (Mutual authentication of SAML/SSL Certificates only) Qualified Shared Service Provider USDA/NCF Verisign DST Two way Cross-certified One way Cross - certified Federal PKI Assurance Level 1 Assurance Level 2 E-Governance Certificate Policy Other BridgeCAs ACES New Agency Optionally Two Way Cross - certified Two Way Cross Federal PKI The Federal PKI FBCA & The E-Authentication Federated Approach T w o w a y C r o s s - c e r t i f i e d XKMS OCSP CAM SOAP Others ©p©p Step #1: User goes to Portal to select the AA and ECP Portal Step #3: The user authenticates to the AA directly using SSL or TLS. Figure : FPKI Validation Service AA CA 1 Community 1 CA 4 CA 4bCA 4a CA 2 Community 2 Bridge CA 3 Community 3 FPKI Step #4: The AA uses the validation service to validate the certificate Step #2: The user is passed directly to the AA eAuth Trust List FBCA Certificate Policy

8 The E-Authentication Initiative E-Gov Program Management Office How PKIs Link to the e-Authentication Architecture  Existing Federal Agencies cross-certify and interoperate through the Federal Bridge  New Federal Agencies use the Common Policy Framework and shared service providers (SSPs)  External PKIs (governments, corporations, colleges and universities, etc.) cross-certify and interoperate with the Federal Bridge  Other bridges cross-certify and interoperate with the Federal Bridge

9 The E-Authentication Initiative E-Gov Program Management Office More Information    

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.