Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mary Montoya, CIO Bogi Malecki, Project Manager

Published byАленка Димитријевић Modified over 5 years ago

Similar presentations

Presentation on theme: "Mary Montoya, CIO Bogi Malecki, Project Manager"— Presentation transcript:

1 New Mexico Environment Department The E-Enterprise Integrated Identity Solution Project (ISOL)
Mary Montoya, CIO Bogi Malecki, Project Manager Tom McMichael, Systems Analyst Mark Morell, Systems Integrator & Technical Writer Sam Jenkins, Solutions Architect 12/14/2015 Project Certification Committee Presentation

2 Environment Department Mission
The mission of the New Mexico Environment Department is to protect and restore the environment, and to foster a healthy and prosperous New Mexico for present and future generations. 12/14/2015 Project Certification Committee Presentation

3 Project Purpose Discover & Analyze. Evaluate identity and access management of NM, TN and WY Single Sign-On systems and EPA’s Identity Bridge system and determine the impact of implementing a proposed federated identity solution. 12/14/2015 Project Certification Committee Presentation

4 Main Goal Identify how best to authenticate users with one site and allow secure access to all other sites without re-authenticating: 12/14/2015 Project Certification Committee Presentation

5 Ultimate Aim Reduce burden and cost of maintaining multiple identities and systems for transacting business and sharing environmental data across entities. 12/14/2015 Project Certification Committee Presentation

6 Planned Approaches Use Third Party Identities
Enable Single Sign-On using Secure Token Services Integrate OpenID / OpenID Connect Identity Provider Interface 12/14/2015 Project Certification Committee Presentation

7 1. Use 3rd Party Identities
1. A user tries to access a protected resource at the web site (relying party). 2. The user is offered a choice of identity providers and redirected to the selected identity provider. 3. The user authenticates by providing login information at the identity provider’s login page. 4. After successful authentication, the user is redirected to the relying party web site along with a signed security token and other information (claims). 5. The relying party validates the security token and allows access if the token is valid (it was signed by the trusted issuer). 12/14/2015 Project Certification Committee Presentation

8 3rd Party Log-in Example
Redirect to the Enterprise Security Bridge with Facebook IdP specified User authenticates at Facebook Enterprise Security Bridge redirects to the E-Enterprise Portal E-Enterprise Portal uses Web Services Federation to validate 12/14/2015 Project Certification Committee Presentation

9 2. Enable Single-Sign On A user attempts to login at an identity provider by presenting user ID and credential. The identity provider validates the user’s claim. It requests the STS to issue a security token if the identity is valid. The STS verifies the identity provider’s credential and signs the security token if the identity provider is trusted. The user ID and other identity information will be encrypted into the token. The identity provider returns the security token to signal a successful login. The user then asks for services at another application (the Relying Party) with the security token as the evidence of an authenticated user (I have logged in already, here is my ticket). The suspicious relying party verifies the claim by validating the security token at the STS. The STS checks the token and returns the user’s ID, along with other attributes, if successful. The relying party performs requested operation and returns results to the user. 12/14/2015 Project Certification Committee Presentation

10 3. Integrate OpenID 1. User accesses the OpenID Connect application (relying party) 2. The user is redirected to the "authorization endpoint" of CFS (Cloud Federation Service) to authenticate 3. If the user authenticates, she is prompted to authorize the application to access certain profile information 4. The user browser is sent back to the client application (indicated by the Callback URL in the configuration) with the authentication/authorization result. 5. The application can contact CFS at the UserInfo endpoint. The application has a maximum of 2 minutes to contact CFS for the user's information. After 2 minutes, the access token is no longer valid and steps 2-4 shown in the diagram must be done again. Note here that even if steps 2-4 will be executed again, the user will not see any of this because they will already have been authenticated by CFS (and not prompted again) and already authorized the application to access their information (so they won't have to consent again - as long as they have not manually revoked access to this application in the meantime). 6. The UserInfo endpoint (CFS) returns consented profile information to the client application. 12/14/2015 Project Certification Committee Presentation

11 OpenID Log-in Page Example
12/14/2015 Project Certification Committee Presentation

12 General Information The project was conceived and initiated by NMED Office of Information Technology The proposal was sent to EPA November, 2014 NMED was awarded funding September, 2015 The funding period is 10/1/2015 – 9/30/2017 The funding budget is $472,737 12/14/2015 Project Certification Committee Presentation

13 High Level Project Overview
Objective Budget Due Date Finalize Scope; Execute Contracts & MOAs; Purchase licenses; Assign team tasks & deadlines $36,856 12/11/2015 Perform Federated Identity Management discovery and a solutions assessment with EPA $25,617 8/26/2016 discovery and a solutions assessment of NM $85,248 10/28/2016 discovery and a solutions assessment of TN $118,182 11/25/2016 discovery and a solutions assessment of WY $117,364 12/23/2016 Analyze results, compile and submit findings & recommendations $63,720 4/1/2017 Closeout $25,750 5/31/2017 Total $472,737 The different cell colors indicate different project phases. 12/14/2015 Project Certification Committee Presentation

14 Stakeholders and Governance
EPA - Office of Environmental Information (OEI) Exchange Network Leadership Council (ENLC) Exchange Network Technology Board (NTB) NMED Office of Information Technology - Office of the CIO Tennessee Department of Environment and Conservation Wyoming Department of Environmental Quality NM Department of Information Technology – Project Certification Committee 12/14/2015 Project Certification Committee Presentation

15 Project Management Plan
Present to PCC at Initiation & Planning phase Submit Quality Assurance Plan to EPA Submit semi-annual progress reports to EPA Present bi-monthly status reports to ENLC Present monthly reports to PCC Hold monthly meetings with partner states to track progress and findings Weekly project team meetings to check task status, identify roadblocks & assess schedule impact Present to PCC at Implementation phase Present to PCC at Closeout project phase Submit final report to EPA 12/14/2015 Project Certification Committee Presentation

16 Risks & Issues Possible risks include:
Insufficient participation from partner states/EPA Inconsistent statutory requirements across jurisdictions EPA imposed technologies and/or requirements that are inconsistent with the project goals 12/14/2015 Project Certification Committee Presentation

17 Questions 12/14/2015 Project Certification Committee Presentation

Download ppt "Mary Montoya, CIO Bogi Malecki, Project Manager"

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
1 Change Management FOR University Medical Group Saint Louis University Click this icon for Audio.

1 Change Management FOR University Medical Group Saint Louis University Click this icon for Audio.
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Troubleshooting Federation, AD FS 2.0, and More…

Troubleshooting Federation, AD FS 2.0, and More…
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
1 EIR Accessibility Web Scanning Program Jeff Kline, Statewide Accessibility Coordinator Texas Department of Information Resources October, 2012.

1 EIR Accessibility Web Scanning Program Jeff Kline, Statewide Accessibility Coordinator Texas Department of Information Resources October, 2012.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Similar presentations

Ads by Google