1. Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health

2. 2 About NIH National Institutes of Health (NIH) Operating division of the U.S. Department of Health & Human Services (HHS) Primary Federal agency for conducting and supporting biomedical research

3. External Users 3 NIH provides financial support to researchers around the world. NIH invests over $28 billion in medical research each year. $23 Billion for Researchers Outside NIH 83% goes to almost 50,000 competitive grants that support over 325,000 researchers outside NIH. $5 Billion for Researchers Inside NIH

4. Authentication Services at NIH 4 NIH iTrust Multifunction single sign-on (SSO) and federated authentication service consisting of: NIH Login – links internal users at NIH to internal and departmental (HHS) applications and electronic resources NIH Federated Login – links external users to NIH and departmental (HHS) applications and resources

5. NIH Login 5 In production since 2003 Over 35,000 NIH users, 238 applications, 450 URLs Over 2.5 million transactions per day Single Sign-On (SSO), including use of Personal Identity Verification (PIV) Cards Authenticated web services

6. NIH Federated Login – In Production Since 2007 6 Leverages existing credentials Expands support for up to 55,000 internal and 10 million external users: −Grants and research activities (wikis, SharePoint, Grids) −Library services −Acquisition services −Enterprise/departmental applications −Cross-agency, government- wide collaborations

7. Federated Partners: Authentication at All Four Levels of Assurance Government Departments and Agencies Any PKI cross-certified with the Federal PKI Architecture, directly or indirectly (via Bridge CAs). InCommon Federation – identity and access management federation for the higher education and research communities; 25 major universities access NIH resources through InCommon. Open Identity Exchange (OpenID and Information Card Foundations) are working with industry leaders such as AOL, Equifax, Google, PayPal, VeriSign, and Yahoo 7

8. Federated View 8

9. 9 Trust framework provider General Services Administration Private-sector identity providers U.S. Government websites Assessors & auditors Dispute resolvers User Federated Authentication at NIH: OIX

10. 10 Trust framework provider General Services Administration Universities U.S. government websites Assessors & auditors Dispute resolvers User Federated Authentication at NIH: InCommon InCommon Federation Provider websites

11. 11 Trust Framework Provider: Federal PKI Architecture Trust Framework Provider: Federal PKI Architecture Federal Agencies Assessors & auditors Dispute resolvers User Federated Authentication at NIH: PKI US Government websites CertiPath SAFE-BioPharma HEBCA Cross-certified CAs And PKI Bridges

12. Key Points AlignsAligns with FICAM’s IdM reference segment architecture IntegratesIntegrates with HHS Operating Divisions and other departments and agencies PromotesPromotes both interoperability and standards MeetsMeets the needs of researchers and clinicians SavesSaves time and money OffersOffers quick implementation 12

13. For Further Information Dr. Peter Alterman Peter.alterman@nih.gov Debbie Bucci Debbie.Bucci@nih.gov NIH Integration Services Center NIHISCSupport@mail.nih.gov NIH Center for Information Technology www.cit.nih.gov 13