Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Approach Chris Louden Enspier

Published byLee Townsend Modified over 5 years ago

Similar presentations

Presentation on theme: "Technical Approach Chris Louden Enspier"— Presentation transcript:

1 Technical Approach Chris Louden Enspier
The E-Authentication Initiative Technical Approach Chris Louden Enspier “Getting to Green with E-Authentication” February 3, 2004 Technical Session

2 Technical Approach Lower Assurance Approach Higher Assurance Approach
E-Authentication Technical Approach Lower Assurance Approach Overview Management SAML as an adopted Scheme Higher Assurance Approach Certificate Validation Relationship to Bridge Architecture Where we are today Today Near Term 2

3

4

5

6

7

8

9 SAML as an Adopted Scheme
E-Authentication SAML as an Adopted Scheme SAML 1.0 Artifact Profile Proven interoperability 9

10

11

12

13 Lower Assurance Approach
E-Authentication Lower Assurance Approach SAML Assertion Contents Name User ID CS ID AA Responsabilities Authorization / Entitlements Mapping asserted identity to known identity May map multiple credentials to a known identity CS Responsabilities Identity Management Credential Assessment Framework (CAF) requirements 13

14 Higher Assurance Levels
E-Authentication Higher Assurance Levels Certificate Based Authentication “All sensitive data transfers shall be cryptographically authenticated using keys bound to the authentication process” NIST SP800-63 Does not require shared secrets Certificate Path Discovery and Validation Certificates at lower assurance AAs 14

15

16

17 Higher Assurance Approach
E-Authentication Higher Assurance Approach Certificate Validation is not enough Certificate Path Discovery and Validation 17

18 One Minute PKI Public & Private Key Pair Digital Signatures
E-Authentication One Minute PKI Public & Private Key Pair Mathematically bound numbers Encrypt with one, Decrypt with the other Digital Signatures Hashes encrypted with a private key Validate source and integrity Certificate Authorities (CAs) and Certificates Certificates bind a public key to an identity CAs issue certificates based on their policies Certificates are digitally signed by CAs Trust Anchors A CAs self-signed certificate 18

19 E-Authentication Typical PKI 19

20 E-Authentication Hierarchical PKI 20

21 E-Authentication Mesh PKI 21

22 E-Authentication Mesh PKI 22

23 E-Authentication Authentication or Message 23

24 E-Authentication Certificate Path Discovery and Validation 24

25 Higher Assurance Approach
E-Authentication Higher Assurance Approach Certificate Usability at lower assurance AAs Avoid multiple interfaces at AAs Avoid PKI complexities at lower assurance AAs 25

26

27 High Assurance Approach
E-Authentication High Assurance Approach Relation to Federal PKI Architecture 27

28

29

30

31

32

33 Where we are today Proof of Concept Interoperability Lab
E-Authentication Where we are today Proof of Concept SAML 1.0 Artifact Profile Interoperability Lab Architecture Working Group Pilots 33

34 References eAuthentication Documents NIST Documents
NIST Documents 34

35 Coming Soon FOC Forms Web Services Composite Apps New Schemes
E-Authentication Coming Soon FOC Forms Web Services Composite Apps New Schemes 35

Download ppt "Technical Approach Chris Louden Enspier"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Similar presentations

Ads by Google