E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.

Slides:

Advertisements

Similar presentations

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Advertisements

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Federal Identity Management

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

E-Authentication: Creating an Environment of Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy The E-Authentication.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

Intra-ASEAN Secure Transactions Framework Project Progress Report

NIST E-Authentication Guidance SP Fed-Ed Meeting June 16, 2004 Bill Burr

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Federated Identity and Interoperability: Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

1 E-Authentication The E-Authentication/Grants Demonstration.

Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.

E-Authentication: The Need for Open-Standards in Implementing E-Government October 6, 2004 The E-Authentication Initiative.

U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.

The InCommon Federation The U.S. Access and Identity Management Federation

Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.

5 th Annual Conference on Technology & Standards April 28 – 30, 2008 Hyatt Regency Washington on Capitol Hill

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:

E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

Levels of Assurance in Authentication Tim Polk April 24, 2007.

E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.

Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University

NIST E-Authentication Technical Guidance Bill Burr Manager, Security Technology Group National Institute of Standards and Technology

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

EGovernment Commonalities within Europe and beyond Colin Wallis & Fulup Ar Foll European Identity Conference 2011.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

Access Policy - Federation March 23, 2016

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

Federal Requirements for Credential Assessments

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

The E-Authentication Initiative

HIMSS National Conference New Orleans Convention Center

Global Authentication: Liberty Alliance Identity Assurance Framework

The E-Authentication Initiative

The E-Authentication Initiative

Presentation transcript:

E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session

2 E-Authentication – Technical Approach Agenda –E-Authentication Overview Policy Framework –Technical Approach –Interoperability Lab

3 3. Establish technical assurance standards for e-credentials and credential providers (NIST Special Pub Authentication Technical Guidance) 1. Establish e-Authentication risk and assurance levels for Governmentwide use (OMB M Federal Policy Notice 12/16/03) 4. Establish methodology for evaluating credentials/providers on assurance criteria (Credential Assessment Framework) 2. Establish standard methodology for e-Authentication risk assessment (ERA) 5. Establish trust list of trusted credential providers for govt-wide (and private sector) use 6. Establish common business rules for use of trusted 3rd-party credentials Policy Infrastructure:

4 OMB Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1234 Inconvenience, distress or damage to standing or reputation LowMod High Financial loss or agency liabilityLowMod High Harm to agency programs or public interestsN/ALowModHigh Unauthorized release of sensitive informationN/ALowModHigh Personal SafetyN/A LowMod High Civil or criminal violationsN/ALowModHigh

5 Assurance Level Allowed Token Types1234 Hard crypto token  Soft crypto token  Zero knowledge password  One-time Password Device  Strong password  PIN  NIST SP

6 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication Certificate Based Authentication –Interoperability Lab

7 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication –Overview –Management –SAML (Security Assertion Markup Language)as an Adopted Scheme Certificate Based Authentication –Interoperability Lab

8 AAs CSs Base Case

9 Starting at the AA

10 CSP ID Step #3: After Selecting their AA the user is redirected back to the CS as usual Starting at the CS

11 Step #2: The user is Redirected to the portal With the CS and AA IDs Step #3: The user is cookied and redirected to the CS Specialized Portals

12 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication –Overview –Management –SAML as an Adopted Scheme Certificate Based Authentication –Interoperability Lab

13 Assess COTS Interoperability Evaluate new Scheme against requirements Pilot Migrate, Translate, or Both. Adopt Scheme Adoption Lifecycle Start Emerging Technology

14 Scheme Translator Scheme Translator

15 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication –Overview –Management –SAML as an Adopted Scheme Certificate Based Authentication –Interoperability Lab

16 SAML 1.0 Artifact Profile Base Case

17 SAML 1.0 Artifact Profile Single Sign-On

18 SAML 1.0 Artifact Profile Governance

19 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach Assertion Based Authentication Certificate Based Authentication –Interoperability Lab

20 Step #1: User goes to Portal to select the AA and the CS Validation Service

21 Step #1: User goes to Portal to select the AA and the CS Local Validation

22 Step #4: The ST uses the validation service to validate the certificate Scheme Translator Certificates At Lower Assurance Applications

23 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach –Interoperability Lab Product Testing Technical Support CS / AA Testing

24 AAs CSs COTS (Commercial Off The Shelf) Product Testing –Scheme compliance –Interoperability

25 Assess COTS Interoperability Evaluate new Scheme against requirements Pilot Migrate, Translate, or Both. Adopt Scheme Adoption Lifecycle Start Product Testing –See List of Approved Vendors

26 COTS Product Testing –Certificate Validation

27 E-Authentication Architecture Evolution Architecture Working Group Evaluating Evolving Standards Scheme Translators

28 E-Authentication Interoperability Lab Technical Support –Interoperability Testing –SAML Conformance Testing –Acceptance Testing –Approved Product List –Cookbook / Recipes Extensive Experience in All These Areas

29 E-Authentication – Technical Approach Agenda –E-Authentication Overview –Technical Approach –Interoperability Lab

30 Resources Additional Contacts Chris Louden Andrew Chiu Steve Lazerowich David Simonetti

31 Contact Information I appreciate your feedback and comments. I can be reached at: Scott Lowry