Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

Published byPeter Paul Modified over 7 years ago

Similar presentations

Presentation on theme: "Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority."— Presentation transcript:

1 Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority

2 Wilmington, NC November 20052 HSPD-12 Mandates all Federal Agencies issue ID credentials using FIPS-201 identity proofing procedures beginning 10/05 Mandates all Federal Agencies begin issuing SmartCards with medium assurance digital certs by 10/06 Authorization remains a local prerogative

3 Wilmington, NC November 20053 E-Authentication Initiatives –Assessment Framework for Credentials: evaluating the level of assurance (LOA) of identity of credential service providers –Membership in Liberty Alliance –Frequent meetings with Microsoft –Interfederation Interoperability Project with Cybertrust and Internet2/Shibboleth team

4 Wilmington, NC November 20054 E-Authentication: CAF Credential Assessment Framework consists of the following: –A structured methodology and procedures for evaluating the LOA of a CSP’s credentials –An assessment team that goes out and evaluates CSPs –A process for conflict resolution –Posting CSPs and their credential LOAs to a trust list (unfortunate term) on the website

5 Wilmington, NC November 20055 E-Authentication: Interfed Interop inCommon Higher Education Identity Federation –Using Shibboleth middleware technical protocols –Policy-light E-Authentication US Identity Federation –Using a variety of technical protocols –Policy intensive

6 Wilmington, NC November 20056 What Are Electronic Identity Federations? Associations of electronic identity credential providers and credential consumers (electronic service providers) who: –Agree to trust each others’ credentials; –Agree to hold credential providers authoritative for the validity of their credentials; –Agree to use common communications protocols and procedures to enable interoperability –Agree to common business rules

7 Wilmington, NC November 20057 Purpose of Electronic Identity Federations To enable trusted electronic business transactions between end users and service providers where the service provider does not have to issue and manage identity credentials, including attributes. It’s all a matter of scaling.. No, it’s also a matter of control

8 Wilmington, NC November 20058 Characteristics of Identity Federations Credential providers Service providers Standards and protocols for technical interoperability among credential providers, services providers, end users and infrastructure utilities A governance mechanism to assert common business rules, ensure credentials can be used and trusted by all members of the federation and a central control point for entry and exit of members

9 Wilmington, NC November 20059 Accomplishments to Date Demonstration of proof of concept for technical interoperability of identity credentials and utilities: E-Authentication SAML 1.0 and Shibboleth 1.2 Production-level interoperability built into Shibboleth 1.3 (in beta) Extensive groundwork done on identifying policy and procedure mapping/treaty requirements Credential Assessment of 3 Universities, fourth scheduled

10 Wilmington, NC November 200510 Work in Progress Development of common SAML 2.0 schemes Development of common USPerson profile and profile management infrastructure Development of production-quality scheme translator Ongoing work to enable cross-federation trust and interoperability NSF FastLane to accept 3 universities’ Shibboleth-based identity and attribute credentials on or before December, 2005 (slippage)

11 Wilmington, NC November 200511 Unresolved Issues Mapping null attributes Ensuring privacy of attribute information in a variety of instances Portal integration Scaling issues for listing credential providers Issues of transitivity across federations Multiple authoritative sources/conflicting authoritative sources Vocabulary and “data dictionary” issues Liability and indemnification issues

12 Wilmington, NC November 200512 Federal PKI Architecture Agency and other government PKIs required to cross-certify with the Federal Bridge CA As of 12/05 no new agency PKIs; agencies procure PKI services from vendors participating in the Shared Service Provider (SSP) program Architecture issues TLS/SSL certs to credential service providers who CAF, to provide mutual authentication Federal Bridge CA serves as “point of insertion” for external PKIs and other bridges.

13 Wilmington, NC November 200513 Simplified Diagram of Federal PKI Federal Bridge CA C4 CA E-Gov CAs (3) Common Policy CA Cross- Certified gov PKIs Cross- Certified External PKIs eAuth CSPs Shared Service Provider PKIs (Common Policy OID And root Cert)

14 Wilmington, NC November 200514 LOA Mapping: E-Auth to Fed PKI E-Auth Level 1 E-Auth Level 2 E-Auth Level 3 E-Auth Level 4 FPKI Rudimentary, C4 FPKI Medium/HW & Medium/HW-cbp FPKI Basic FPKI Medium & Medium-cbp FPKI High (government only)

15 Wilmington, NC November 200515 Discussion altermap@mail.nih.gov

Download ppt "Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority."

Similar presentations

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.

US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Similar presentations

Ads by Google