The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health
Purpose of Contracts Develop technical and policy interoperability to enable university end users access to online Federal Agency applications using their inCommon Shib identity credentials, and Allow government end users access to inCommon applications using Agency- issued identity credentials Peter Alterman will
Relationship to FedFed Opening to Shib extends the Federal architecture while maintaining compliance with open standards Creates a model for other industry segment engagements A trustworthy Federation to Federation strategy enables both parties to expand their user base with little or no added overhead
Federal Shibboleth Interoperability Project Overview Phases 1 & 2: Demonstrated technical interoperability between E-Auth SAML 1.0 architecture and Shibboleth 1.2 – led to Shibboleth 1.3 becoming government-approved SAML product Initiated bilateral policy and procedures review – led to credential assessment of 3 schools Ongoing Interfederation Interoperability Work Group for policy issues Bridge-to-bridge engagement through International Collaborative IDentity Management Forum
Phases 3 & 4 In Process Develop SAML 2.0 profile and scripts for Federal use Develop USPerson profile model for enabling SAML- based identity authentication and authorization to Agency online applications Build Step Down Translator to convert digital certs to SAML assertions Continue Policy and Procedure engagement leading to true interfederation interoperability – goal is a viable MOA and interoperability Provide on-call SAML 2.0 implementation expertise Continue Bridge-to-Bridge engagement
A Possible Future Digitally-signed SAML 2.0 assertions extends architecture to bridge the gap between Levels 2 and 3. Implement a Federation-to-Federation Interoperability and Trust Agreement and go live by 2006
Discussion